THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2019-10-08

From SPDX Wiki
Jump to: navigation, search

October 8, 2019

Attendees

  • Gary O’Neall
  • Alexios Zavras
  • Philippe Ombredanne
  • Kate Stewart
  • William Bartholomew
  • Jeff McAffer
  • Nisha Kumar
  • Steve Winslow
  • Jim Hutchinson

Recording

Recording for this call can be found at https://zoom.us/recording/share/YXxkHjw6MWhafhBxxyyABE14Yh3Ihoewjqv4nxiUzEGwIumekTziMw

SPDX for sBOM

  • Google doc available at https://docs.google.com/document/d/1XfNrDmlVdnUzvtrPsylJZFfz1LLDoqnm_vi_PguSzy8/edit
  • Short time to market for SPDX 3.0 would be key
  • Large spec – formidable to the uninitiated
  • Very focused on licensing
  • Introduce profiles – base profile is minimal
  • Licensing specifics are moved to a licensing profile
  • Modify documentation to allow staged adoption
  • Steve suggested joint call with legal and tech teams
    • Would include a discussion on the requirement of the NOASSERTION fields
    • Schedule joint call for next Tuesday
  • Any entity that represents a person or organization should have more structure
    • Concern about privacy – esp. European regulations
  • Agreement on unifying the terminology for the license information in file and declared license for package
    • Discussion Declared, Discovered and Concluded
  • Everyone on the call agreed to this approach

License Mapping

Upcoming SPDX tech call

  • 15 Oct: Joint SPDX tech/legal call