https://wiki.spdx.org/index.php?action=history&feed=atom&title=General_Meeting%2FMinutes%2F2021-07-01 2026-05-07T12:33:20Z Revision history for this page on the wiki MediaWiki 1.23.13 https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-07-01&diff=4922&oldid=prev 2021-07-06T13:02:25Z

<p>Created page with &quot;* Attendance: 22 * Lead by Phil Odence * Minutes of June meeting Approved == SPDX Governance - Phil == Status of governance changes * Still working through a using the prep...&quot;</p> <p><b>New page</b></p><div>* Attendance: 22<br /> * Lead by Phil Odence<br /> * Minutes of June meeting Approved<br /> <br /> <br /> == SPDX Governance - Phil ==<br /> <br /> Status of governance changes<br /> * Still working through a using the prepackaged JDF docs with LF lawyers<br /> ** Lots there due to general nature<br /> ** It will have to go through the specified process for discussion and voting<br /> * Why?<br /> ** More scrutiny<br /> ** Standards requirement- Companies supporting, logos<br /> *** OMG CISQ 3T joining SPDX <br /> *** ISO direction – Need more <br /> *** Executive Order<br /> *** Working with other standards, i.e. SWID and CycloneDX<br />  * Specific concerns that came up<br /> ** Community Spec License vs. CCBY<br /> *** Patent license to address concerns that have arisen from companies we want to support<br /> ** Also, tangentially related SBOM gen tool showed up in repo<br /> *** Need criteria for including<br /> * A question came up about discussion of governance on the Gen Mailing list<br /> ** We try to limit traffic on the list so one can use to monitor activity without being overwhelmed<br /> ** There will be a chance for discussion of a governance proposal once process goes in motion<br /> ** Contact Phil with inputs<br /> ** We’ll look into a separate list<br /> <br /> == Outreach Team Report - Sebastian/Jack ==<br />  <br /> * Rebooted<br /> * SPDX website rework - license for content CC-BY-4.0<br /> ** Looking to rebuild website as static site.<br /> ** Code and license - more flex over precise styling and functionality.<br /> ** Prototype of site in next few weeks.<br /> * Technical slides - present about SPDX in own organizations.<br /> ** Reviewed collateral,  audience focus for collateral that will meet audience needs.<br /> ** More explanation of “why”.   Point to specification when get to details. <br /> * IRC channel <br /> ** Sebastian set up #spdx on libera.chat<br /> ** previous channels on OFTC, Freenode; hadn’t taken off<br /> ** libera.chat has 11 people in it currently<br /> ** “cloaking” - hides IP address in some cases, replaces with badge for organization you’re associated with; Sebastian can provide “SPDX cloak”<br /> * Matrix bridge - feature of libera.chat, enables joining via Matrix<br /> * Meeting date and time: 1500 UTC on Wednesdays will be new meeting time, on 14th of July<br /> <br /> <br /> == Legal Team Report - Jilayne/Paul/Steve ==<br />  <br /> * Several new folks participating<br /> * Ariel and Candice from ClearlyDefined have been digging into the Python stack of licenses<br /> * License List 3.14 release - targeting end of July<br />  <br /> <br /> == Tech Team Report - Kate/Gary/Others ==<br />  <br /> * Tools <br /> ** GSoC - JSON support in Golang; will seek to get GSoC student to present at a future General Meeting<br /> ** New participants interacting with tools, and seeing pull requests.<br /> ** NTIA Plugfest <br /> *** new tools emerging from communities <br /> *** SPDX was most common format in use<br /> *** Can’t get down to SPDX field to field <br /> ** SPDX Plugfest?<br /> *** Desire to have Japan SPDX Plugfest<br /> *** One for north america   <br /> ** Anchore has a tool supporting SPDX output if you need more 3.0 examples we can on it. (github.com/anchore/syft). We have 2.2 now but can fairly quickly iterate for some 3.0 support.<br /> * Specification<br /> ** ISO/IEC PRF 5962 - Information Technology — SPDX® Specification V2.2.1- moved to PRF status Publication date : 2021-08<br /> ** OCI registry overview and how SPDX could interact with containers. <br /> ** Specification 3.0 Work <br /> *** Looking for more 3.0 examples in serialization<br /> *** Lacking critical mass for some decisions - vacations<br /> **** Moving through punch list on core model.<br /> *** Vulnerability - waiting for core.   Snyk put up a nice post.   <br /> **** Feedback in progress.   <br /> **** Serialization needs to become clearer.<br /> **** More examples are needed. <br /> **** Follow up VEX and CSAF<br /> *** Licensing profile - pretty similar to 2.2 already.<br /> **** Once formatting for how template can be expressed.<br /> <br /> <br /> == Other Topics ==<br /> <br /> * Open Question - why spdx.dev vs. spdx.org;   license list dynamically generated spdx.org - Drupal → Wordpress.   How to keep License list still populate to website.<br /> * Keep license list URL stable. <br /> * Wikipedia page on SPDX is pretty stale.    <br /> ** Needs to be updated.    Outreach will take it. <br /> <br /> == Attendees ==<br /> <br /> * Phil Odence, Black Duck/Synopsys<br /> * Philippe Emmanuel Douziech, CAST<br /> * Bob Martin, Mitre<br /> * Joshua Marpet, RM-ISAO<br /> * David Edelsohn, IBM<br /> * Sebastian Crane<br /> * Marc Etienne Vargenau, Nokia<br /> * Zach Hill, Anchore<br /> * Steve Winslow, LF<br /> * Kate Stewart, Linux Foundation<br /> * William Cox, Synopsys<br /> * Jack Manbeck, TI<br /> * Alexios Zavras, Intel<br /> * Warner Losh, FreeBSD<br /> * Alfredo Espinosa<br /> * Jilayne Lovejoy, Red Hat<br /> * Chris Lusk<br /> * Andrew Jorganson, AWS<br /> * Thomas Steenbergen, HERE<br /> * Ronda, <br /> * Brian Fox, Sonotype<br /> * Michael Herzog- nexB<br /> <br /> <br /> <br /> [[Category:General|Minutes]]<br /> [[Category:Minutes]]</div>

Podence