Re: End Of Life Tag in spdx #spdx

Dick Brooks

Kate and Sandeep,


Our customers are also interested in this information. There are two concepts to consider:

Commercial Status:

        <enumeration value="Available"></enumeration>

        <enumeration value="Retired"></enumeration>

        <enumeration value="EOL"></enumeration>

        <enumeration value="BetaTest"></enumeration>

        <enumeration value="Pilot"></enumeration>

        <enumeration value="Abandoned"></enumeration>


Support Status:

        <enumeration value="Supported"></enumeration>
        <enumeration value="Unsupported"></enumeration>
        <enumeration value="Community"></enumeration>


Both are described in the open-source Vendor Response File (VRF) XML schema available here:





Dick Brooks


Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership


Never trust software, always verify and report!

Email: dick@...

Tel: +1 978-696-1788


From: spdx@... <spdx@...> On Behalf Of Kate Stewart
Sent: Friday, May 6, 2022 3:34 PM
To: SPDX-general <spdx@...>
Subject: Re: [spdx] End Of Life Tag in spdx #spdx


Hi Sandeep,


     There is a pull request expected shortly from the Usage profile team, to add this specific field to 2.3.

When it comes in,  please feel free to review and make sure it's going to suffice for your needs.


For now, with 2.2 documents,  suggest you use the Package Comment field ( and standardize on a tag (like EndOfSupport: ) and the date. 


Will that work for now?




On Fri, May 6, 2022 at 2:27 PM Patil, Sandeep via <> wrote:

Hi All, 
We have requirement to specify End Of Life as part of package information in SBoM ,
Is there way current SPDX format support this ? 


Join to automatically receive all group messages.