RFC "2025 Minimum Elements for a Software Bill of Materials"
Holger Levsen
holger at layer-acht.org
Tue Sep 30 11:20:51 UTC 2025
Hi Arnout,
On Mon, Sep 29, 2025 at 03:28:52PM +0200, Arnout Engelen via rb-general wrote:
> America's cybersecurity agency, CISA, have been working on a document
> describing what they consider the 'minimal' requirements for SBOMs.
> They have a draft up at
> https://www.cisa.gov/sites/default/files/2025-08/2025_CISA_SBOM_Minimum_Elements.pdf
> which is now in 'Public Comment' phase.
many thanks for bringing this to our attention here!
[...]
> Do you agree with the comments above?
more or less... ;)
> Are there any changes you'd like to see, or additional comments you think
> would be valuable to relay in the context of reproducible builds?
probably, maybe, yes, but...
> The
> timeline is relatively strict: if we can get rough consensus before,
> say, Wednesday, I think we could respond "as the Reproducible Builds project".
... I do not think we can get a rough consensus on such a large topic
until tomorrow (after being informed about this yesterday), given that
we are a large diverse bunch of projects & people, loosely organized
over mailinglists, IRC and git repos, with a annual regular summit.
That said, I do think some individuals, be that projects or persons,
might be able to submit such a response in time. (And this thread can
very well be a starting point and become more.)
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
"We are running the most dangerous experiment in history right now, which is
to see how much carbon dioxide the atmosphere can handle before there is an
environmental catastrophe."
Source: Elon Musk speech at Paris-Sorbonne University, December 2, 2015.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20250930/29cbaeba/attachment.sig>
More information about the rb-general
mailing list