THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2020-11-05

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 16
  • Lead by Steve Winslow

Presentation: William Bartholomew

  • Discussed efforts working with 3T-SBOM group to align approaches and modeling
  • Walked through key points of changes to base profile
    • Relationships being promoted to “object” level
    • Artifact; external references
    • Extensibility, potential for other authenticity measures than just hashes (e.g. public keys)
  • Briefly discussed other profiles

Legal Team Report – Steve / Jilayne

  • 3.11 release update
    • originally scheduled for Oct. 31
    • most of 3.11 cycle was focused on SPDX 3.0 licensing profile discussions
    • shifted release to approx. Nov. 25
  • call for participants to review license submissions / provide comments on “yes/no, should this be added” out-of-band from biweekly calls

Tech Team Report – Kate

  • Work proceeding on SPDX 3.0
  • Linking profile: focus on aligning with container-based ecosystems, work by Nisha and Santiago
  • Other profiles proceeding as well
  • Tooling: Online Tools recently updated

Other matters

  • Comments from Aveek re: ways to provide better on-ramps into the SPDX community for newcomers
    • Availability of Gitter as a real-time chat option; possibly explore other options
    • May discuss on next month’s General meeting

Additional Notes from KATE

Here are the notes I took, since Steve was kind enough to host.

Attendees: Steve Winslow, Kate Stewart, Mark baushke, Rishabh Bhatnagar, Aveek, Jilayne Lovejoy, Emmanuel Tournier, William Bartholomew, Alexios Zavras, Mike Dolan, Paul Madick, Mark Atwood, Michael Herzog, David Wheeler

William went through and did a review of SPDX 3.0 Base Profile highlighting the differences.

Artifacts - are promoting a specific External Reference (likely PURL) to be used Document - Now has a set of profiles that

Complies with a profile - expect that mandatory are supported. If not have profile - can use the field, but not expected to meet the full requirements.

Next step is converting this into the written text. Move into the other areas as well.

Now’s the time to chime in in SPDX 3.0 specification if you have

Mark Baushke - problem on how to express the overall license. Userland and Kernel based licensing in one package. Use Case interested in - Fast packet forwarding - kernel module with GPL2, and userland. …. show how to represent.

Legal Team - 3.11 release - pushing it out until Nov 25th, today one more meeting. 11 new license requests have been submitted in September. Help requested.  : Commenting on licenses in github comments. XML files.

Web site

           Refresh is ongoing.   Feedback and suggestions are welcome.   
           Mission discussed last month has now been incorporated

Technical Team - SPDX 3.0 in progress Online tools - yaml conversions coming.

Aveek - Observing SPDX - Community building and bringing new people into group. Group chat/slack? — use gitter, start discussing there as well. Need to improve our launching platform. Slack group? - with mentoring and advocates how to start off.

Aveek has volunteered to provide his findings to help us grow the community next month as a guest speaker.

Possibly Steve, Jilayne & Paul can provide overview of SPDX 3.0 License Profile in January?