Any plans to support SBOM's

[Richard Brooks]

I use PyInstaller to distribute my SAG-PM software package. I'm wondering if ther eare any plans to provide SBOM support, i.e. SPDX and/or CycloneDX?

This would be incredibly beneficial to parties distributing Python packages to critical infrastructure entities that are now asking for SBOM information.

Thanks, in advance.

Dick Brooks

https://reliableenergyanalytics.com/

di...@reliableenergyanalytics.com

[Richard Brooks]

Hartmut you make an excellent point. This would be money well spent if I could be assured that a SBOM solution would be available sooner rather than later: The Bad News CozyBears arrive with a message on a Solarwind

On Sun, Jan 3, 2021 at 4:03 AM Hartmut Goebel <h.go...@crazy-compilers.com> wrote:

Am 11.12.20 um 22:12 schrieb Richard Brooks:

> I use PyInstaller to distribute my SAG-PM software package. I'm
> wondering if ther eare any plans to provide SBOM support, i.e. SPDX
> and/or CycloneDX?
>
> This would be incredibly beneficial to parties distributing Python
> packages to critical infrastructure entities that are now asking for
> SBOM information.

Whatever this SBOM, SPDX and CycloneDX stuff is: If you need extension
for PyInstaller, feel free to fund them. Looks like you have a
comemrcial need for :-)

http://www.pyinstaller.org/funding.html

--
Regards
Hartmut Goebel

| Hartmut Goebel          | h.go...@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |

[bwoodsend]

You can raise this as a feature request issue on Github (preferably with a bit more context than what you’ve given so far 🤨 ) then place a bounty on it. That way you only pay anything if it actually gets solved and there’s a incentive for the developers to prioritise it above the 1,001 other random requests we get.

​