tonyo sbom? 04:16
lizmat software bill of materials 08:25
sjn tonyo: there are a couple of new laws coming in EU in 2024 that require lots of businesses to keep track of exactly what software they use, how it is put together (complete dependency tree) and use this information to regularly check for vulnerabilities 11:49
to make this work, there are a bunch of SBOM standards and tooling out there 11:50
but common for almost all of them is that they try to figure out what's installed by basically looking what's there and infer things by filenames, decompiling, looking at compilation artifacts and symbols and whatever they can 11:52
the result is that very few (if any) can get a real idea of what's actually in use on a system 11:53
so that's where it's interesting for upstream publishers and package distributers (like #raku-land and the toolchains using it) can help the situation by publishing SBOM files together with the software 11:54
s/can help/to help/ 11:59