THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "General Meeting/Minutes/2018-08-02"

From SPDX Wiki
Jump to: navigation, search
Line 19: Line 19:
 
== Tech Team Report - Kate/Gary ==
 
== Tech Team Report - Kate/Gary ==
  
* Tooling
+
* Tools:  GSoC is wrapping up in the next couple of weeks.  Thank you to the students for their hard work and improvements to the project tools!
** Mostly GSoC work
+
 
** License XML Editor
+
* Specification:  
*** Gary posting new version today  http://spdxtools.sourceauditor.com
+
** Working through resolution of the external identifiers of the PURL specfication and our External Identifiers.  We’re trying to get key discussion participants (Yev, Philippe, Treveor, Gary, Kate) all on the same call.
**** If you want to test, make it clear that these are tests, to make clear in the pull requests
+
** on that note,  we’re seeing a lot of interest in Security and ties into External Identifiers
* Spec work
+
 
** Working for consistency in external identifiers
+
* Security:
** Interest coming up from security community
+
** NTIA held a software transparency workshop 2 weeks ago, and are moving forward with a workgroup to reconcile the formats that are out there.  When there are more details on the workgroup,  Kate will send out the invitation to participate to the SPDX general and technical lists.
*** SWID
+
** SPDX team will also be spinning up a security working group to focus on improving SPDX to support the SBOM for security issues, so watch out for more information,  and if you have security contacts who are interested in participating,  please subscribe to https://lists.spdx.org/g/spdx-security  We'll be starting discussions there in the next month.
*** NTIA conference that featured SPDX
+
*** Working in interop and SPDX standardization
+
*** Looking at spinning up a security subgroup
+
*** Interest from US House and Senate in a SW BoM and SPDX is on the docket
+
**** NIST and other organizations are involved in the background
+
  
  

Revision as of 17:17, 2 August 2018

  • Attendance: 13
  • Lead by Phil Odence
  • Minutes of July meeting approved

Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi

  • Idea- Automatically generating SPDX docs as part of CI process
  • Scope
    • Focused on Travis CI, NPM and Python
  • Demo
    • Add an install and SPDX build script to build script
    • And some statements to push the SPDX docs to the repo
  • Future extensions
    • Pushing to GItHub as a commit
    • Other CI systems
  • Has been designed generically enough to be extensible to other languages and environments


Tech Team Report - Kate/Gary

  • Tools: GSoC is wrapping up in the next couple of weeks. Thank you to the students for their hard work and improvements to the project tools!
  • Specification:
    • Working through resolution of the external identifiers of the PURL specfication and our External Identifiers. We’re trying to get key discussion participants (Yev, Philippe, Treveor, Gary, Kate) all on the same call.
    • on that note, we’re seeing a lot of interest in Security and ties into External Identifiers
  • Security:
    • NTIA held a software transparency workshop 2 weeks ago, and are moving forward with a workgroup to reconcile the formats that are out there. When there are more details on the workgroup, Kate will send out the invitation to participate to the SPDX general and technical lists.
    • SPDX team will also be spinning up a security working group to focus on improving SPDX to support the SBOM for security issues, so watch out for more information, and if you have security contacts who are interested in participating, please subscribe to https://lists.spdx.org/g/spdx-security We'll be starting discussions there in the next month.


Legal Team Report - Jilayne/Paul

  • 3.2 is out
  • Some clean up of old issues in process
  • Request to that legal folks try out Tushar’s tool
  • Exceptions
    • The term is imperfect as it handles some items that are not “exceptions” per se
      • Patent grants, for example
      • Considering changing the term to be more neutral and inclusive
        • “Modifiers” maybe?
        • Will send an email to a wide audience get people thinking about it and set up a special meeting


Outreach Team Report - Jack

  • Website
    • Making more sense of the License List and Documents section
  • Shane Coughlin, from Open Chain, is getting involved
    • Outreach to companies
    • New time for Outreach calls is 7pm EDT
      • (Shane is in Japan)
  • OSS Summit
    • Backoff on the Tuesday
    • And a session on Consuming SPDX


Attendees

  • Phil Odence, Black Duck/Synopsys
  • Kate Stewart, Linux Foundation
  • Ndip Tanyi, Alberta University
  • Tushar Mittal, GSoC Student
  • Gary O’Neall, SourceAuditor
  • Yash Nisar, GSoC Student
  • Jack Manbeck, TI
  • Steve Winslow, LF
  • Jilayne Lovejoy, ARM
  • Paul Madick, Dimension Data
  • Mike Dolan, Linux Foundation
  • Matije Suklje, Liferay
  • Mark Atwood, Amazon