PEP 770: Improving measurability of Python packages with Software Bill-of-Materials

Packaging
12

Some minor technicalities:

  1. If we are including an explicit list of SBOM paths, I think we should also include a Content-Type for every file (much like we have for Description) that would indicate the specific file format.
  2. If we are not forcing a specific SBOM standard, then I don’t think we should be enforcing JSON format.
1 Like