[sr-dev] SPDX identifiers in source code

Hi! SBOM - Software Bill of Materials - often comes up in discussions in my projects. There’s a new working group in the IETF working on it and several other standardization bodies. A starting point is identification of the license in each source code file with a parseable SPDX identifier. - Is anyone against adding that to our source code? - Would it be beneficial for packaging in any way? I think at some point in the future, a SBOM list in <pick format> will be included in packages, in order to be able to produce a SBOM for the container or the machine. As we have multiple licenses in the source code it’s important to mark every file correctly. I can start experimenting with http_client, then work myself around, if the dev community doesn’t scream and argue that it’s a bad thing (TM). Read more here - SPDX - a linux foundation project ans ISO standard - https://spdx.dev - Tags in source code - https://spdx.dev/ids/ Cheers, /O