Hi John,
Thanks for reaching out! I think this discussion is best handled
with the tech team so switching mailing lists, and moving
general to bcc. :-)
Some of the information you're proposing in SEvA is already
handled in the SPDX specification. https://spdx.github.io/spdx-spec/
which has been in development by supply chain participants for
over 8 years now.
Its not clear from your proposal if you're planning on using
the SPDX license identifiers to capture the licensing information,
can you clarify this? Also, have you compared the information
you're looking to be captured in SEvA with the fields that are
already in place and standardized on in the specification?
The next rev of the specification will explicitly permit JSON and YAML,
document expression in addition to RDF, tag:value. Prototype translators
between formats are already in place if you want to experiment.
If there are fields you're looking to see captured, that aren't in place
already,
Feel free to open an issues on https://github.com/spdx/spdx-spec/issues
with background how it will be used, and where the information should be
derived from.
Also, if you'd like to have a more interactive discussion, the tech team
meets weekly[1], and we'd be happy to add you on to the agenda to
explore collaboration options, just let us know.
Looking forward to continuing the discussion.
Thanks,
Kate
SPDX tech team co-lead.
[1] https://wiki.spdx.org/view/Technical_Team
On Thu, May 3, 2018 at 11:01 AM, John Scott (Ion) <john.sc...@ionchannel.io>
wrote:
> Hi All,
> Sorry for getting on the call late.
>
> For comment: https://github.com/ion-channel/SEVA
> We recently released this Spec.
>
> SEvA is specification for encapsulating software supply chain metadata and
> delivering with a clear and concise schema for parsing using automation.
> The SEvA definition is divided into several sections. There is a brief
> description of each section listed below.
>
> Our clients would like all evidence to be portable so it can move with a
> piece of software thru an organization.
>
> We could talk about it next month
>
> -------------------------------------------
> John Scott, President, Ion Channel
> 240.401.6574 @johnmscott
> < john.sc...@ionchannel.io >
> www.ionchannel.io
>
> [image: Inline image 1]
> *Software Supply Chain Intelligence*
>
> On May 3, 2018 at 11:51:32 AM, spdx-requ...@lists.spdx.org (
> spdx-requ...@lists.spdx.org) wrote:
>
> Send Spdx mailing list submissions to
> s...@lists.spdx.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.spdx.org/mailman/listinfo/spdx
> or, via email, send a message with subject or body 'help' to
> spdx-requ...@lists.spdx.org
>
> You can reach the person managing the list at
> spdx-ow...@lists.spdx.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Spdx digest..."
>
>
> Today's Topics:
>
> 1. May SPDX General Meeting Minutes (Phil Odence)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 3 May 2018 15:51:26 +0000
> From: Phil Odence <phil.ode...@synopsys.com>
> To: "s...@lists.spdx.org" <s...@lists.spdx.org>
> Subject: May SPDX General Meeting Minutes
> Message-ID:
> <0f8bda21-a94d-4534-8db6-4ae7e2c5c...@internal.synopsys.com>
> Content-Type: text/plain; charset="utf-8"
>
> https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03
>
> General Meeting/Minutes/2018-05-03
> < General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<
> https://wiki.spdx.org/view/General_Meeting/Minutes>
> ? Attendance: 12
> ? Lead by Phil Odence
> ? Minutes of April meeting approved
> Contents
> [hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
> ? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<
> https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_
> Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
> ? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.
> org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
>
> ? 3 Outreach Team Report - Jack<https://wiki.spdx.org/
> view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
> ? 4 Legal Team Report - Paul<https://wiki.spdx.org/
> view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
> ? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/
> Minutes/2018-05-03#Attendees>
> Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<
> https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-
> 05-03&action=edit§ion=1>]
> ? Variant on Leadership Summit Presentation
> ? Don?t need to define SPDX
> ? Will show product for illustrative purposes
> ? Governance Today
> ? Different formats for BoMs
> ? Challenges
> ? Manually updating
> ? Compliance Management
> ? Requires consistent tooling
> ? Goals using SPDX
> ? Automate BoM
> ? Automate Reporting
> ? Single format
> ? Illustration
> ? Replace disparate BoMs with SPDX versions
> ? Load into a single data store (example Apache Jena Fuseki
> ? Query with Sparql
> ? Demo
> ? Aggregating multiple BoMs
> ? Committing change to GItLab
> ? CI/CD- Build and Scan
> ? Generate new SPDX doc for changed project
> ? Sparql queries
> ? Policy checks
> ? Voila
>
>
>
> Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=
> General_Meeting/Minutes/2018-05-03&action=edit§ion=2>]
> ? Working on outstanding requests for 2.2
> ? License expression features
> ? Handling cases of annotations and extensions to address
> ? 2.1.1 pdf
> ? Wrestling with tools a bit
> ? GoSoC
> ? Students and mentors in place
> ? Should be hearing from students during community bonding period
> ? Projects lined up
> ? Will present during General Meetings
>
>
>
> Outreach Team Report - Jack[edit<https://wiki.spdx.
> org/index.php?title=General_Meeting/Minutes/2018-05-03&
> action=edit§ion=3>]
> ? LinuxCon Vancouver
> ? Trying to organize ?back off? day before event starts
> ? Website:
> ? Still waiting on LF for moving Website to Wordpress
> ? Content
> ? Looking at a variety of ways
> ? Looking at audio/video recordings
> ? Could include monthly talks
> ? Yev volunteered to do his
> ? Looking for more people involvement in OTeam
> Legal Team Report - Paul[edit<https://wiki.spdx.
> org/index.php?title=General_Meeting/Minutes/2018-05-03&
> action=edit§ion=4>]
> ? Released latest rev of license list
> ? Kudos Jilayne and others
> ? Working out how to manage license submissions in new world
> ? GoSoC student working out automation
>
>
>
> Attendees[edit<https://wiki.spdx.org/index.php?title=
> General_Meeting/Minutes/2018-05-03&action=edit§ion=5>]
> ? Phil Odence, Black Duck/Synopsys
> ? Matthew Crawford, ARM
> ? Yev Bronshteyn, Black Duck/Synopsys
> ? Steve Billings, Black Duck/Synopsys
> ? Gary O?Neall, SourceAuditor
> ? Dave Marr, Qualcomm
> ? Jack Manbeck, TI
> ? Kate Stewart, Linux Foundation
> ? Steve Winslow, LF
> ? Paul Madick, Dimension Data
> ? Matije Suklje, LF
> ? John Scott, Ion Channel
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.spdx.org/pipermail/spdx/attachments/
> 20180503/d3816c4f/attachment.html>
>
> ------------------------------
>
> _______________________________________________
> Spdx mailing list
> s...@lists.spdx.org
> https://lists.spdx.org/mailman/listinfo/spdx
>
>
> End of Spdx Digest, Vol 93, Issue 2
> ***********************************
>
>
> _______________________________________________
> Spdx mailing list
> s...@lists.spdx.org
> https://lists.spdx.org/mailman/listinfo/spdx
>
>
ii_1596f0ff17bb68f7
Description: Binary data
_______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
