Steward #855
Labels
Profile:AI
Artificial Intelligence Profile and related matters
Profile:Security
Security Profile and related matters
Milestone
This is a suggestion to add a field in the specification to indicate if there is a steward (see, EU-CRA - Article 24 and https://linuxfoundation.eu/cyber-resilience-act for context) for the project. Ultimately, collection of this field (especially for automted scanners) may depend on an ecosystem adoption of a steward.md file within a repo so this field can be easily identified. Further noting that this is different from the concept of a "license steward" used with the SPDX-IDs for licenses.
P.S. Since the concept of a package steward is tied to security concerns, it may fit best within the https://spdx.github.io/spdx-spec/v3.0/model/Security/Security/ section of the spec.
P.P.S. There is a parallel issue filed with CycloneDX at CycloneDX/specification#503.
Thank you!
The text was updated successfully, but these errors were encountered: