https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-03-04&feed=atom&action=historyGeneral Meeting/Minutes/2021-03-04 - Revision history2024-03-29T14:44:47ZRevision history for this page on the wikiMediaWiki 1.23.13https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-03-04&diff=4906&oldid=prevSwinslow: added links to presentation materials2021-04-01T12:57:04Z<p>added links to presentation materials</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 12:57, 1 April 2021</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 8:</td>
<td colspan="2" class="diff-lineno">Line 8:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== SPDX BOM for CMake Project ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== SPDX BOM for CMake Project ==</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* Materials:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">** Slides: https://github.com/swinslow/slides/blob/main/2021-02-fosdem/2021-02-07-FOSDEM-2021-SPDX-CMake.pdf</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">** POC repo: https://github.com/swinslow/cmake-spdx</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Background</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Background</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 49:</td>
<td colspan="2" class="diff-lineno">Line 53:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** Kate: agreed, let’s get a working group together on this</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** Kate: agreed, let’s get a working group together on this</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Legal Team Report - Jilayne/Paul/Steve ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Legal Team Report - Jilayne/Paul/Steve ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
</table>Swinslowhttps://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-03-04&diff=4905&oldid=prevPodence at 12:18, 1 April 20212021-04-01T12:18:55Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 12:18, 1 April 2021</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 114:</td>
<td colspan="2" class="diff-lineno">Line 114:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Paul Madick, Jenzabar</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Paul Madick, Jenzabar</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* William Cox, Synopsys</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* William Cox, Synopsys</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">David </del>Martin, Mitre</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">Bob </ins>Martin, Mitre</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Thomas Steenbergen, HERE</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Thomas Steenbergen, HERE</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>Podencehttps://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-03-04&diff=4904&oldid=prevPodence: Created page with "* Attendance: 18 * Lead by Phil Odence * Minutes of Feb meeting Approved *Housekeeping ** Zoom - Will be migrating to Zoom for these meetings; working with LF ** Phil will ne..."2021-04-01T11:20:26Z<p>Created page with "* Attendance: 18 * Lead by Phil Odence * Minutes of Feb meeting Approved *Housekeeping ** Zoom - Will be migrating to Zoom for these meetings; working with LF ** Phil will ne..."</p>
<p><b>New page</b></p><div>* Attendance: 18<br />
* Lead by Phil Odence<br />
* Minutes of Feb meeting Approved<br />
<br />
*Housekeeping<br />
** Zoom - Will be migrating to Zoom for these meetings; working with LF<br />
** Phil will need to cut out early; Steve will take over notes<br />
<br />
== SPDX BOM for CMake Project ==<br />
<br />
* Background<br />
** Presented previously at FOSDEM<br />
** Used Zephyr, lightweight RTOS<br />
** Goal in parallel with CMake build generate an SPDX file<br />
*** including relationships<br />
*** fully automated<br />
*** not pull from external sources (license data for example)<br />
*** make is Zephyr-agnostic, so could be reusable<br />
* POC<br />
** On GHub<br />
** Used File-based API on CMake<br />
*** to tell CMake to dump JSON meta-data files for each artifact<br />
*** and then build<br />
** Created SPDX<br />
*** Pull from <br />
**** Sources directory<br />
**** Artifacts directory<br />
**** Pull SPDX short form license names from files<br />
**** Create relationships <br />
*** Output is two files<br />
**** Sources<br />
**** Build artifacts<br />
**** w links between<br />
* Findings<br />
** Some limitations to the CMake API data, missing some info that CMake seems to “know”<br />
** Some invalid IDs<br />
** Graphiz was helpful in visualize the relationships represented in JSON files<br />
* Next Steps<br />
** Takeaways: the concept basically works; start small and can be improved<br />
** Working w Zephyr community<br />
*** may have made it overly agnostic<br />
*** could tailor to Z build system<br />
*** but generalized version is a great starting point<br />
** Michael Herzog: developed TraceCode as a tool to similarly look at details during the build process; more generalized, but extremely hard to use for anything sizeable b/c creates so much data<br />
** Also looked at Yocto as a way to gather this information<br />
** Kate: Richard Purdie interested in this also from the Yocto side – perhaps get together a working group focused on this. Yocto also doing work around reproducible builds, and has been adopting SPDX identifiers.<br />
<br />
** Kay: thoughts on a “Build” profile for SPDX 3.0 to incorporate build-time data about e.g. the call used to start the compilation, the environment / compilation settings, etc. We should get various compiler people talking about how to align practices for this<br />
** Kate: agreed, let’s get a working group together on this<br />
<br />
== Legal Team Report - Jilayne/Paul/Steve ==<br />
<br />
* Gary and William got the license list CI system moved from Travis to GitHub Actions – thank you!<br />
* 3.12 – aiming to release this weekend; will tie up remaining issues in call after this meeting<br />
* Jilayne and Steve looking at getting some bigger projects going<br />
* Invite to all to jump into the conversations in issue threads - https://github.com/spdx/license-list-XML/issues<br />
<br />
== Tech Team Report - Kate/Gary/Others ==<br />
<br />
* Model and Process update – Gary<br />
** William leading discussions on Base profile model – reconciling feedback<br />
** Template for how to draft and write the profile specifications<br />
* Google Summer of Code – Gary<br />
** Should be hearing back shortly whether SPDX was accepted for 2021<br />
<br />
* Spec – Kate<br />
** Defects / Security – Thomas<br />
*** currently revising what was discussed on prior meetings<br />
*** worked with William on expressing vulnerabilities<br />
*** also looking at: whether / how to express mitigation measures<br />
** Linking – Nisha<br />
*** Sounds like people do want a Linking / Linkage profile<br />
*** Currently described in the spec as an “External Map” from 3T discussions, but not sure what this means – looking for more details<br />
** Integrity – Kay<br />
*** Working on creating POC for taking an SBOM, serializing it to binary, signing it using the COSI (?) standard<br />
*** could be signed in other ways, but using this for POC b/c small format and usable for small devices<br />
*** expect to have this the week after next<br />
*** spec for document integrity – “here’s how you sign SBOMs” – after having that as an example, plan to start reviewing with broader group<br />
*** may be a month before ready to discuss on a tech team call<br />
** Usage – Yoshiyuki Ito<br />
*** discussing what info to include in usage profile<br />
*** looking at using external map to refer to external information sources<br />
** Pedigree / Build / Creation – Kate<br />
*** can start those meetings happening, flesh out ideas<br />
*** reach out to in-toto folks to align with them<br />
<br />
* SPDX 2.2.1 – Kate:<br />
** ISO balloting has finished on the specification, via JDF<br />
** Approved from balloting, so should be getting an ISO number in the next few months<br />
** May have some tweaks to the 2.2.1 repo coming in, based on comments from ISO reviewers<br />
<br />
<br />
== Outreach Team Report ==<br />
<br />
* No Report<br />
<br />
<br />
== Attendees ==<br />
<br />
* Phil Odence, Black Duck/Synopsys<br />
* Steve Winslow, LF<br />
* Michael Herzog- nexB<br />
* Gary O’Neall, SourceAuditor<br />
* David Edelsohn<br />
* Jeff Schutt<br />
* Rose Judge, VMware<br />
* Nisha Kumar, VMware<br />
* Jilayne Lovejoy, Red Hat<br />
* Kate Stewart, Linux Foundation<br />
* Emmanuel Tournier, Black Duck/Synopsys<br />
* Jorge Rodriguez-Moreno<br />
* Alfredo Espinosa<br />
* Kay Williams, Microsoft<br />
* Paul Madick, Jenzabar<br />
* William Cox, Synopsys<br />
* David Martin, Mitre<br />
* Thomas Steenbergen, HERE<br />
<br />
<br />
[[Category:General|Minutes]]<br />
[[Category:Minutes]]</div>Podence