| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANiq72nBt-ndkbGk2YSsrkx4k9nn0cVi4jgjZZqOFbUXjOQkEw@mail.gmail.com> Date: Sun, 25 Jan 2026 16:30:16 +0100 From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com> To: Luis Augenstein <luis.augenstein@...tech.com> Cc: nathan@...nel.org, nsc@...nel.org, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, gregkh@...uxfoundation.org, maximilian.huber@...tech.com Subject: Re: [PATCH v2 00/14] Add SPDX SBOM generation tool On Thu, Jan 22, 2026 at 9:32 PM Luis Augenstein <luis.augenstein@...tech.com> wrote: > > The main reason to run the SBOM tool within the main make process is to > gain direct access to the make/environment variables used during the > build. The `KERNEL_BUILD_VARIABLES_ALLOWLIST` defines which environment > variables should be included in the SBOM if they are available. When the > tool is run outside of the main build, this information is no longer > accessible. I was not suggesting to take it out of `make` completely if the environment is needed, but rather have the user call the target (which could still depend on the kernel build like you have it now). For instance, for generating the rust-analyzer configuration, we want to have the environment too, so we have a Make target that users call when they need it, rather than making it a configuration of the kernel. Now, I can understand there may be other reasons (please see my reply to Greg). Thanks! Cheers, Miguel
Powered by blists - more mailing lists