From nobody Thu Apr 16 16:33:12 2026
X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fxNqF37Bcz6ZCNN
	for <dev-commits-doc-all@mlmmj.nyi.freebsd.org>; Thu, 16 Apr 2026 16:33:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4fxNqD5frFz3TcG
	for <dev-commits-doc-all@FreeBSD.org>; Thu, 16 Apr 2026 16:33:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1776357192;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=FqCIvEOf9pWJ6pPNJOSrGIPzOonsJyh5prDbE1tOFW8=;
	b=WGL0r1EttwL26ECeylG/DiWzy9ll/EMM7lRO5tPEsa1aiMiET7yM8BqMl/EnQhJKr9fuJF
	EDJQxd3NIBYs4ht15e5Xf/ZtKnLJfdoUiqfbk9LsbR/YPK3uYOUdyP1Z07EytIb65Qp4br
	ozSYI/7QeNkbFjJETYMQi0Cabvtc2vqlCwA6mtFdmWtasltWVLKlSg2cWmRCH4F0vVcMwa
	p5q9AxzgsJBZ6g8riNZz8XUFxB77neVrLxUNUS++ERyVJqOrePjqivGtJDWkdzzwXPMqRh
	vv9JnfNqKZgek3awr4sa4xSx1xt1iWECdMnpqXwEp165wPkODKN4ejnbvbisYw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1776357192; a=rsa-sha256; cv=none;
	b=McG7ACeDprRisTaKiTNT476lDeCX8B2BUs8vXO1Hlg80lo+XPZxTegopul1Kl4KZSWlEHj
	z2630pWwnUwtWBXk/Ux33QrVAXwYh5gHu8oQEhFWUovasY8MK0ptSYTBeIx9sjt9mm3spx
	1WP6rQKfSZyIwsfe0wUgvMlhGhBCBbRA7pkjHVimA6+ZKSccLP1bq93NDi7Y9QEOaKbp3x
	N2usffYhRPJ5oxV9Wn4PepdE5+yaU0Yl3PCm8iHWW2plnN+Nrm+77PW/8/3XHGKiMgEpSK
	8TH92NoKqiWzxHFUB98aX1TZxfoVGFKJbJrpO9TKvsYRIQmAR5+v2mhkT3jbBw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1776357192;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=FqCIvEOf9pWJ6pPNJOSrGIPzOonsJyh5prDbE1tOFW8=;
	b=hEyybXq8QOx1cGcJUfBnyHo940PtPpncbHYfnSXAno8DQPeM6iMuk2YawH0svsQB7GQUWF
	8dVls0qQjVdWNPaVP6u5s4o74v8qpbfTG6uH7FsGeYDN5jFiGLRiGivbSKxT5eA57khC97
	VWft5sotVaM7G1V41Z1x0G3yTIz69PSYot/JNlStBNj7mp7hC3LNLYJbWAqHBWR+cv/X9t
	ptxQZOlOVxaM2U5KNfMfma5FeeVRjiO1BnBGZB29YvnjLsgBIRcUUiLS1xP1VS7MGdQrIe
	5wbZnTrrUdtrxvn9BraDX2qzttpH30EivjJJj4fmw3XDuzsa/s040360R+2KpQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fxNqD5Dbnz1LJ
	for <dev-commits-doc-all@FreeBSD.org>; Thu, 16 Apr 2026 16:33:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 278aa
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 16 Apr 2026 16:33:12 +0000
To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org
Cc: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
From: Lorenzo Salvadore <salvadore@FreeBSD.org>
Subject: git: 4f9d23a304 - main - Status/2026Q1/sbom.adoc: Add report
List-Id: Commit messages for all branches of the doc repository <dev-commits-doc-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all
List-Help: <mailto:dev-commits-doc-all+help@freebsd.org>
List-Post: <mailto:dev-commits-doc-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-doc-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-doc-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-doc-all@freebsd.org
Sender: owner-dev-commits-doc-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: salvadore
X-Git-Repository: doc
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 4f9d23a304ceb9e718a44d32e47688c9ccf2eaf2
Auto-Submitted: auto-generated
Date: Thu, 16 Apr 2026 16:33:12 +0000
Message-Id: <69e10f48.278aa.7ec0d476@gitrepo.freebsd.org>

The branch main has been updated by salvadore:

URL: https://cgit.FreeBSD.org/doc/commit/?id=4f9d23a304ceb9e718a44d32e47688c9ccf2eaf2

commit 4f9d23a304ceb9e718a44d32e47688c9ccf2eaf2
Author:     Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
AuthorDate: 2026-04-16 16:25:17 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2026-04-16 16:25:17 +0000

    Status/2026Q1/sbom.adoc: Add report
    
    Reviewed by:    status (Graham Percival <gperciva@tarsnap.com>)
    Differential Revision:  https://reviews.freebsd.org/D56299
---
 .../en/status/report-2026-01-2026-03/sbom.adoc     | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/website/content/en/status/report-2026-01-2026-03/sbom.adoc b/website/content/en/status/report-2026-01-2026-03/sbom.adoc
new file mode 100644
index 0000000000..5226014c67
--- /dev/null
+++ b/website/content/en/status/report-2026-01-2026-03/sbom.adoc
@@ -0,0 +1,37 @@
+=== FreeBSD Software Bill of Materials
+
+Links: +
+link:https://github.com/pkgconf/pkgconf/pull/484[spdxtool: Add parameter for using URI as SPDX id] URL: link:https://github.com/pkgconf/pkgconf/pull/484[] +
+link:https://github.com/pkgconf/pkgconf/pull/483[spdxtool: Add cli parameter for changing SPDX id] URL: link:https://github.com/pkgconf/pkgconf/pull/483[] +
+link:https://github.com/pkgconf/pkgconf/pull/475[spdxtool: spdxtool: Add homepage handling] URL: link:https://github.com/pkgconf/pkgconf/pull/475[] +
+link:https://github.com/pkgconf/pkgconf/pull/474[spdxtool: Add source handling to SBOM] URL: link:https://github.com/pkgconf/pkgconf/pull/474[] +
+link:https://github.com/pkgconf/pkgconf/pull/473[spdxtool: Add support for copyright text] URL: link:https://github.com/pkgconf/pkgconf/pull/473[] +
+link:https://github.com/pkgconf/pkgconf/pull/461[spdxtool: Rework of License-tag SDPX expression evaluation] URL: link:https://github.com/pkgconf/pkgconf/pull/461[] +
+link:https://github.com/pkgconf/pkgconf/pull/450[Add some stricter compiler warnings and overcome new warnings ] URL: link:https://github.com/pkgconf/pkgconf/pull/450[] +
+link:https://github.com/pkgconf/pkgconf/pull/447[libpkgconf/libpkgconf.h: Add printf-like attributes to functions] URL: link:https://github.com/pkgconf/pkgconf/pull/447[] +
+link:https://github.com/pkgconf/pkgconf/pull/446[spdxtool: Update variables that are const to const] URL: link:https://github.com/pkgconf/pkgconf/pull/446[] +
+link:https://github.com/pkgconf/pkgconf/pull/445[man/spdxtool.1: Add man page for spdxtool] URL: link:https://github.com/pkgconf/pkgconf/pull/445[] +
+link:https://cgit.freebsd.org/src/log/?qt=author&q=Tuukka+Pasanen[Added SPDX-License-Identifiers] URL: link:https://cgit.freebsd.org/src/log/?qt=author&q=Tuukka+Pasanen[] +
+link:https://github.com/freebsd/freebsd-src/compare/main...illuusio:freebsd-src:update-spdx-licenses[SPDX-License-Identifiers up-to review and waiting for upstreaming] URL: link:https://github.com/freebsd/freebsd-src/compare/main...illuusio:freebsd-src:update-spdx-licenses[] +
+link:https://reviews.freebsd.org/D55461[Issue open for commenting and review: caesar: Add SPDX-License-Identifier tags] URL: https://reviews.freebsd.org/D55461[] +
+link:https://github.com/illuusio/freebsd-src/tree/sbom-pkgconfig/release/sbom[.pc file for SBOM metadata (WIP)] URL: https://github.com/illuusio/freebsd-src/tree/sbom-pkgconfig/release/sbom
+
+Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
+
+The FreeBSD Software Bill of Materials (SBOM) project started in 2025 and continued in 2026.
+Work in 2026 has focused more on the EU Cyber Resilience Act (CRA), and the effort has shifted toward delivering a framework for FreeBSD source.
+
+In the first quarter of 2026, SBOM work was delivered in three categories:
+* Pkgconf upstream work, especially with spdxtool-tool, which is used for creating SPDX Lite 3.0.1 JSON-LD SBOMs from [.filename]#.pc#-files. +
+Several missing features have been added and are under active development by pkgconf contributors. +
+The tool is now nearly compatible with SPDX Lite 3.0.1 requirements and is ready for general use. +
+Additionally, there is an effort to import pkgconf as part of the FreeBSD source, led by Pierre Pronchery.
+* Adding missing SPDX-License-Identifier to files under the FreeBSD source in the [.filename]#bin#, [.filename]#sbin#, [.filename]#usr.bin#, and [.filename]#usr.sbin# directories.
+* Creating [.filename]#.pc#-files for SBOM. The first patch is expected to land in 2026Q2, starting with files from [.filename]#bin#.
+
+If you want to help with this effort:
+* Verify that SPDX-License-Identifier licenses are correct and assist with upstreaming files.
+* Verify that [.filename]#.pc# files contain accurate information and help upstreaming them to git.
+* Assist in reviewing the pkgconf import to the FreeBSD source.
+
+Sponsor: The FreeBSD Foundation