Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] CRA Standardisation request

On Tue, Feb 18, 2025 at 6:04 PM Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
Pythons approach to distributing SBOM's has worked well for our purposes at BCG.

Dick, I'm curious if you have any thoughts as to how the _javascript_ community should address the issues it raised in the document I linked earlier, in particular the problem that dependency resolution isn't idempotent.

I understand that distributing SBOMs works well in certain contexts, but we also have to understand and address the cases where it doesn't work or creates bad outcomes.

--tobie


Back to the top