[Git][reproducible-builds/reproducible-website][master] 202602 += two SBOM tools newly uploaded to Debian

Holger Levsen (@holger) gitlab at salsa.debian.org
Sat Feb 21 10:37:45 UTC 2026 


Holger Levsen pushed to branch master at Reproducible Builds / reproducible-website


Commits:
af96c18e by Holger Levsen at 2026-02-21T11:37:34+01:00
202602 += two SBOM tools newly uploaded to Debian

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- _reports/2026-02.md


Changes:

=====================================
_reports/2026-02.md
=====================================
@@ -11,3 +11,17 @@ draft: true
 * FIXME: https://gitlab.gnome.org/GNOME/gnome-clocks/-/issues/436 gnome-clocks 50.beta has regressed in reproducibility compared to 49.0 as detected by https://reproduce.debian.net/.
 
 * [FIXME](https://arxiv.org/pdf/2602.11887)
+
+* https://tracker.debian.org/pkg/debsbom-toolkit was uploaded to unstable, shipping two binary packages:
+	debsbom (0.6.2-1) -SBOM generator for Debian-based distributions (tool)
+		debsbom generates SBOMs (Software Bill of Materials) for distributions based on Debian in the two standard formats SPDX and CycloneDX.
+		The generated SBOM includes all installed binary packages and also contains Debian Source packages.
+		This package contains the debsbom CLI. 
+	python-debsbom-doc - This package contains the documentation for debsbom.  
+
+* https://tracker.debian.org/pkg/sbom-toolkit was uploaded to unstable, shipping two binary packages:
+	sbom-toolkit (0.0.20260112) - collection of scripts for generating SBOM
+		This package provides a collection of scripts for generating SBOM. This is the tooling used in Apertis to generate the Licenses SBOM and the Build Dependency SBOM.
+	dh-setup-copyright (0.0.20260112) - debhelper addon to generate SBOM from DWARF debug information
+		dh-setup-copyright is debhelper program that generates the list for source file names used to build every binary and pulls the licenses from any sources part of other packages. The source file list is extracted from DWARF debug information by running dwarf2sources on every ELF binaries in the package and saving the output to /usr/share/doc/<package>. 
+



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/af96c18e0cfc09de8eb21ce568d516453eccea58

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/af96c18e0cfc09de8eb21ce568d516453eccea58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20260221/176f453f/attachment.htm>

More information about the rb-commits mailing list