Re: [open-regulatory-compliance] CRA Standardisation request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] CRA Standardisation request

From: Tobie Langel <tobie@xxxxxxxxxxxxxx>
Date: Tue, 18 Feb 2025 18:37:00 +0100
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>

On Tue, Feb 18, 2025 at 6:04 PM Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Pythons approach to distributing SBOM's has worked well for our purposes at BCG.

Dick, I'm curious if you have any thoughts as to how the _javascript_ community should address the issues it raised in the document I linked earlier, in particular the problem that dependency resolution isn't idempotent.

I understand that distributing SBOMs works well in certain contexts, but we also have to understand and address the cases where it doesn't work or creates bad outcomes.

--tobie

Follow-Ups:
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Dick Brooks

References:
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Dick Brooks
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Lars Francke
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Dick Brooks
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Lars Francke
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Jeremy Stanley
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Lars Francke
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Jeremy Stanley
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Dick Brooks
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: 'Jeremy Stanley'
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Dick Brooks
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: 'Jeremy Stanley'
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Jimmy Ahlberg
- Re: [open-regulatory-compliance] CRA Standardisation request
  - From: Dick Brooks

Prev by Date: Re: [open-regulatory-compliance] Vulnerability reporting Re: CRA Standardisation request
Next by Date: Re: [open-regulatory-compliance] CRA Standardisation request
Previous by thread: Re: [open-regulatory-compliance] CRA Standardisation request
Next by thread: Re: [open-regulatory-compliance] CRA Standardisation request
Index(es):
- Date
- Thread

Breadcrumbs