On Apr 4, 2025, at 2:36 PM, Brian Inglis via tz <tz@iana.org> wrote: > On 2025-04-04 00:48, Sahil Sharma D via tz wrote: >> Could you please share the SBOM for tzdata2025b and tzcode2025b? > > If you download the public domain source, it is up to you to document the > tools you use to render the code and data into useful binary forms. > > If you install binary packages from an open source distribution, it is up to > you to document the tools they tell you they use to render the code and data > into useful binary forms. > > If you install binary packages from a commercial vendor, it is up to you to > ask them to document and share with you the tools they use to render the code > and data into useful binary forms.
I.e.: The software bills of materials for tzdata2025b and tzcode2025b would be the result of running "tar tf" on the corresponding tarballs (possibly after decompressing if the version of the tar command on your platform doesn't handle gzipped files). That's all there is. Those contain no binary files compiled by any tools; compiled versions of the code and binary TZif files are produced by other suppliers such as operating system suppliers. You'd have to ask them for *their* software bills of materials.
