From SPDX Wiki
- Attendance: 4
- Lead by Gary O'Neall
- Minutes of Nov meeting approved
Legal Team Report - Paul
- Linux Kernel Enforcement statement was discussed (and continues to be discussed on the legal mailing list)
- Discussion on whether to add the statement as an SPDX license "exception"
- Discussion was well represented with members of the Software Freedom Conservancy and Red Hat present
- Discussing changing language or term for "exception"
- Considering "modifier"
- Language for the current exception is planned to be updated
Tech Team Report - Gary
- Currently focused on adding security vulnerability information
- Working with SEVA which has created an XML Schema to represent NIST National Vulnerability Database information
- Working with NIST and SWID organization to normalize the package information
- Request was made to make sure we also include remediation information
- Request was made to include weakness enumeration
Outreach Team Report - All
- No updates from the outreach team
- Gary O’Neall, SourceAuditor
- Mark Atwood, Amazon
- Paul Maddick, Dimension Data
- Mark Baushke, Juniper Networks