At Wed, 11 Mar 2026 15:46:04 -0700, Alistair Crooks <alistaircrooks%gmail.com@localhost> wrote: Subject: Re: Regarding Software Bill of Materials (SBOM) plans for NetBSD > > On a completely different tangent, I've just added pkgsrc/pkgtools/depgraph > which produces dependency graphs for a package, or number of packages. This > gives dependency information in graphical form (i.e. prerequisite), license > information for each package, metadata for the machine the report is run > on, and can output in standard format or in JSON (this is meant for the > ingest engines and data analytics of larger places which just scoop that > kind of data up), and could easily be used with the package metadata to > produce SBOMs. Wow! I wish I had a tool like that way back in the early days of pkgsrc! I envisioned one, but never took/found the time to try to write one! -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpmLLup4Qyfh.pgp
Description: OpenPGP Digital Signature