Inkscape - Dev Questions.
Can someone in this group assist with these questions? My company requires these answered before allowing this install.
In order to assess any potential risk, provide a list of all required pre-requisite software (e.g., SQL Express, Visual Basic. In addition to providing a list of pre-requisite software, provide confirmation from the vendor via email that the product does not contain vulnerable third-party applications including but not limited to Log4J or MSXML for risk assessment purposes.
Please contact the vendor and request a Software Bill of Materials (SBOMs) in SPDX format.
The Software Bill of Materials is a list of all of the components in a piece of software. Nowadays, it is quite common for software vendors to create products by assembling open source and commercial software components.
For this reason, SBOMs are created to provide transparency and identify all of the risk-prone components. This information is needed in order to conduct the security review for all software.
Hi Eric,
it looks like you’re trying to get Inkscape through your company’s software approval process.
We’re an open source project, not a company/vendor. Nobody here will give you any assurances of any kind because we simply can’t. Let me refer you to the license, especially the „NO WARRANTY“ section at the end: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
Our source code and build process can be reviewed by anybody, but they will have to do it themselves.
I know that’s not the answer you’re looking for, but that’s just how it is.
René
Am 20.03.2024 um 17:04 schrieb Eric F eazyes@gmail.com:
Can someone in this group assist with these questions? My company requires these answered before allowing this install.
In order to assess any potential risk, provide a list of all required pre-requisite software (e.g., SQL Express, Visual Basic. In addition to providing a list of pre-requisite software, provide confirmation from the vendor via email that the product does not contain vulnerable third-party applications including but not limited to Log4J or MSXML for risk assessment purposes. 2. Please contact the vendor and request a Software Bill of Materials (SBOMs) in SPDX format. The Software Bill of Materials is a list of all of the components in a piece of software. Nowadays, it is quite common for software vendors to create products by assembling open source and commercial software components. For this reason, SBOMs are created to provide transparency and identify all of the risk-prone components. This information is needed in order to conduct the security review for all software. _______________________________________________ Inkscape Devel mailing list -- inkscape-devel@lists.inkscape.org To unsubscribe send an email to inkscape-devel-leave@lists.inkscape.org
Dear Eric,
To add to René's answer; your company must hire a third party open source company to assure conformity, quality and any other aspects meet your regulations. They will do all the required paperwork for you and be able to help you with your use of many open source programs, not just inkscape. But this will cost money, so you should prepare to budget for commercial services.
I personally recommend looking for local companies to your country with good review.
Good luck!
Often it is assumed open source is a free lunch, but it's actually just a public picnic spot. We're lunching together, but you have to bring your own food.
Best Regards, Martin Owens
On Wed, 2024-03-20 at 19:31 +0100, René de Hesselle wrote:
Our source code and build process can be reviewed by anybody, but they will have to do it themselves.
I know that’s not the answer you’re looking for, but that’s just how it is.
participants (3)
-
doctormo@gmail.com -
Eric F -
René de Hesselle