Difference between revisions of "General Meeting/Minutes/2020-04-02"

Latest revision as of 11:43, 3 April 2020

NTIA’s Multistakeholder SBOM Process
- Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM.
- Allan’s slides https://drive.google.com/open?id=1KOsm6grnSZ5FsSnzTI9ybYT9m84F8Zfe

Finalized updates to license inclusion principles
- Mostly clarifications
- But also to broaden a bit for non-OSS source available licenses
- https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md
3.9 list release has been pushed out a bit
- Were waiting for above
- https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.9+release%22
In anticipation of 3.0 working on a licensing profile
With Tech Team, updating back end of SPDX website to manage move from Drupal to Wordpress
- Maintaining license URLs
- Static pages moving do a different domain.

@@ Line 9: / Line 9: @@
 ** Allan’s slides  https://drive.google.com/open?id=1KOsm6grnSZ5FsSnzTI9ybYT9m84F8Zfe
-== Tech Team Report - Kate ==
+== Tech Team Report - Gary & Kate ==
 * Spec
 ** Wrapping up 2.2 spec
-*** Known unknowns made it in
+*** NTIA's request for mechanism to illustrate Known unknowns made it in
 ** 3.0 Visions
-*** William Bartholomew’s talk about profiles was great (and recorded)
+*** William Bartholomew’s talk about profiles was great (recorded)
+*** Santiago talk about linking artifacts and signing helped clarify a lot of misconceptions (recorded)
 * Tools
 ** Gary’s been working on 2.2 tooling
-*** Requiring a complete rewrite to the java tools
+*** Working on a complete rewrite to the java tools to support multiple formats
-*** Not API compatible
 ** Google SoC
 *** 15 different submissions