mirror of
https://git.yoctoproject.org/poky
synced 2026-03-17 04:39:40 +01:00
1f8137196d
Per NIST SBoM recommendations, include the Package Supplier field for all SPDX packages that are created. This field should generally be set to the person or organization that is performing the build, since they would be considered the "supplier" of the SPDX packages. (From OE-Core rev: ca48349501e0ec93dc2448d064e1567fca390bf5) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>