General Meeting/Minutes/2021-05-06

• Attendance: 18
• Lead by Phil Odence
• Minutes of Apri meeting Approved

• Plan was to switch to Zoom
• Considering using Jitsu

SPDX License Name Space at Amazon - Mark

• https://docs.google.com/presentation/d/1uCAJW79hzqLAPhXfAn4maCRk9TZUhLJDAPEOBlgUFTw/edit?usp=sharing

Tech Team Report - Kate/Gary/Others

• Spec – Kate
  • Specification conversations continuing to move forward
  • Rough template for categories of topics (what were previously being called “profiles”)
  • Core Model - Gary
    • No Update
  • Licensing
    • filed PR with initial draft for discussion of template format, etc.; will update to newer template; previously discussed much of its substance last year
  • Integrity – Kay
    • working with in-toto community, framework for end-to-end supply chain security; collaborating with them to see if the specs can be aligned
  • Defects / Security – Thomas not here today
    • pushed first draft of fields for (1) vulnerabilities, and (2) defects => impact on packages, false positives, etc.
      • https://github.com/spdx/spdx-spec/pull/510
    • Meetings next week to look at other security specs, their use cases, whether they can / how they should be incorporated
  • Linking – Nisha not here today
    • Kate discussing with Nisha / Rose
  • Usage – Yoshiyuki Ito
    • No update
  • Pedigree / Build / Creation – Kate
    • No Update
• GSoC- Alexios
  • Got 5 slots; can run up to 5 projects
  • Likely to accept 5 proposals:
    • 2 for improving Golang tooling libraries (one RDF writing, one JSON reading/writing)
    • 1 for transitioning / updating online SPDX tools
    • 1 for spec processing tools
    • 1 for improved license matcher, taking matching guidelines into account (unplanned submission)

Legal Team Report - Jilayne/Paul/Steve

• Working for 3.13, planning to push out over the weekend
• Have been trying to clean up old issues
• Some updates on documentation in the repo
• New participants recently – some discussions on recent calls have included reviewing past history; may want to put together more historical documentation of past context, etc.
• Some interest from Debian – interest in getting a Debian-free tickbox into the license list
• License submissions – starting to take a harder line on participation from people submitting license requests without sticking with them. For this release, started asking people to create the PR’s themselves – a few of the submitters at least responded and indicated they would do so
• Still relying on the calls too much; having people commenting in issues out-of-band would be very helpful

Outreach Team Report - Kate

• Continuing to see interest in SPDX across different communities
• Zephyr – auto-generation
• Possible interest in re-starting Outreach team meetings – Sebastian interest, Aveek also
• Kate will reach out to Jack and either ask him to restart or else Kate will restart

Other Topics

• Sebastian – interest in Arch Linux in using SPDX
  • Some work being done on the Arch packaging system, interest in using SPDX licenses
• Jitsi
  • Jilayne - Jitsi – this has gone well, plan to update to this for future General calls
  • Legal and Tech teams can update if/when they choose
  • Europe, UK, etc. seems to be working
  • Bob – recommend putting passwords on it
  • Steve – discuss whether to put one on. Possible but appears to prevent dial-ins afterwards.
    • Steve will look into options

Attendees

• Phil Odence, Black Duck/Synopsys
• Mark Atwood, Amazon
• Matthew Crawford, ARM
• Bob Martin, Mitre
• Philippe Emmanuel Douziech, CAST
• Jilayne Lovejoy, Red Hat
• Maximilian Huber, TNG
• Alexios Zavras, Intel
• Kay Williams, Microsoft
• David Edelsohn, IBM
• Thomas Steenbergen, HERE
• Jeff Schutt, Cisco
• Kate Stewart, Linux Foundation
• Michael Herzog- nexB
• Sebastian Crane
• Steve Winslow, LF
• Marc Etienne Vargenau, Nokia
• Jonas Smedegaard, self