This is, I think, correct: there's no such thing as a "software supply chain"; supply chains have contracts, deliverables, alternatives, recourse under the law.
Downloading a bunch of stuff that comes with no warranty doesn't mean you've got supply chain, it means you've downloaded a bunch of stuff.
@sullybiker But by making that effort to make the concept accessible - particularly to nontechnical policy-makers - we're obscuring a set of critical distinctions that make actual-supply-chain approaches unfeasible or irrelevant. The term has raised more barriers than it's removed, in my opinion.
@sullybiker I disagree - we have "dependencies" as a term already, "supply chain" is not a term of convenience, it's a tool for making the concept accessible to non-developers.