On Mon, Jul 11, 2022 at 6:02 AM Josh Boyer <jwbo...@fedoraproject.org> wrote:
> On Sun, Jul 10, 2022 at 12:34 PM Miroslav Suchý <msu...@redhat.com> wrote: > > > > Dne 08. 07. 22 v 4:59 Stewart Smith via devel napsal(a): > > > > Another - what do we do about, e.g., Fedora IoT and Fedora CoreOS, > > which have their own somewhat different release/life cycles? What about > > module lifecycles? What is it about *lifecycles* that's important, > > anyway? Don't we maybe want to just have a sort of generic system for > > "important events"? > > > > I view it as a mechanism to communicate well in advance of when someone > > is going to have to do work. > > > > Fedora is the simple case: every 6-12 months you're going to have to > > upgrade the version of the OS. > > > > And when implementing this for Fedora, can you bear RHEL in mind too? > Because it has several levels of EOL > > > > > https://endoflife.software/operating-systems/linux/red-hat-enterprise-linux-rhel > > RHEL is already implementing it's own scheme for lifecycle metadata. > A "ValidUntilDate" was added to SPDX 2.3 about a month ago, to enable capture of End of Support / End of Life information as metadata captured about a package or group of packages, so different policies can be articulated this way. (see: https://github.com/spdx/spdx-spec/pull/709). In 2.3, it's an optional field, so if the information is available, there's a place to put it. Similarly a ReleaseDate and BuiltDate were added, which are useful in some policy and automated checkers. So for all systems generating SBOMs, there will be a standard place in the SPDX metadata. We're in the release candidate review for the 2.3 specification, so if people see issues with the proposed syntax, comments welcome at https://github.com/spdx/spdx-spec/issues. Thanks, Kate
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
