THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2019-12-05

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 10
  • Lead by Phil Odence
  • Minutes of Nov meeting- Lightly attended, no minutes kept


Tech Team Report - Kate/Gary

  • SPDX 2.2
    • moving on pull requests being merged/included.
    • Tools for generating Multiple formats being tested (help welcome).
  • SPDX 3.0
    • Identifying a common base (based on some of NTIA framing work) with specific profiles (licensing, security, pedigree, provenance, export)
    • SPDX 2.2 would be a base+licensing profile.
  • Related Groups
  • OMG including part of the SPDX models, people regarding as a point to add security information.
  • NTIA phase 1 documents are published at https://www.ntia.gov/sbom (SPDX is a recognized format there).
  • NTIA phase 2 workgroups are forming, and there will be one on "formats & tooling” (which will feature SPDX tools ;-) ) those interested in participating in discussions on tooling and how to use tools are welcome to subscribe at: https://lists.linuxfoundation.org/mailman/listinfo/ntia-sbom-formats
  • Tools
    • nothing beyond above, mostly testing new formats

Legal Team Report - Paul/Steve

  • Fairly quiet this Q, lighter participation
    • 3.8 release will be light on new licenses
  • Reviewing and updating license inclusion guidelines
    • Should end up with broader inclusion at some level
      • particularly for non-OSS licenses that include making source available
    • Good legal/tech team collaboration on 3.0
      • One key topic is the license for the docs
        • Currently CC0
        • This has raised some concerns
        • Dredging up historic rationale


Outreach Team Report

  • Survey reminder went out.
    • End of year down line.
  • Pushing Jan meeting to 1/9.

Cross Functional -

  • None

Attendees

  • Phil Odence, Black Duck/Synopsys
  • Steve Winslow, LF
  • Gary O’Neall, SourceAuditor
  • Mark Atwood, Amazon
  • Paul Madick
  • Alexios Zavras, Intel
  • Dave McLoughlin, Flexera
  • Rose Judge, VMware
  • Michael Herzog- nexB
  • Philippe Ombrédanne- nexB