General Meeting/Minutes/2019-12-05

• Attendance: 10
• Lead by Phil Odence
• Minutes of Nov meeting- Lightly attended, no minutes kept

Tech Team Report - Kate/Gary

• SPDX 2.2
  • moving on pull requests being merged/included.
  • Tools for generating Multiple formats being tested (help welcome).
• SPDX 3.0
  • Identifying a common base (based on some of NTIA framing work) with specific profiles (licensing, security, pedigree, provenance, export)
  • SPDX 2.2 would be a base+licensing profile.
• Related Groups
• OMG including part of the SPDX models, people regarding as a point to add security information.
• NTIA phase 1 documents are published at https://www.ntia.gov/sbom (SPDX is a recognized format there).
• NTIA phase 2 workgroups are forming, and there will be one on "formats & tooling” (which will feature SPDX tools ;-) ) those interested in participating in discussions on tooling and how to use tools are welcome to subscribe at: https://lists.linuxfoundation.org/mailman/listinfo/ntia-sbom-formats

• Tools
  • nothing beyond above, mostly testing new formats

Legal Team Report - Paul/Steve

• Fairly quiet this Q, lighter participation
  • 3.8 release will be light on new licenses
• Reviewing and updating license inclusion guidelines
  • Should end up with broader inclusion at some level
    • particularly for non-OSS licenses that include making source available
  • Good legal/tech team collaboration on 3.0
    • One key topic is the license for the docs
      • Currently CC0
      • This has raised some concerns
      • Dredging up historic rationale

Outreach Team Report

• Survey reminder went out.
  • End of year down line.
• Pushing Jan meeting to 1/9.

Cross Functional -

• None

Attendees

• Phil Odence, Black Duck/Synopsys
• Steve Winslow, LF
• Gary O’Neall, SourceAuditor
• Mark Atwood, Amazon
• Paul Madick
• Alexios Zavras, Intel
• Dave McLoughlin, Flexera
• Rose Judge, VMware
• Michael Herzog- nexB
• Philippe Ombrédanne- nexB