A great meeting with great attendance. Please volunteer or suggest a guest speaker for next time. Anything SPDX related is fair game.
https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02 General Meeting/Minutes/2020-04-02 < General Meeting<https://wiki.spdx.org/view/General_Meeting> | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes> · Attendance: 19 · Lead by Phil Odence · Minutes of April meeting Contents [hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02>] · 1 Guest Speaker- Allan Friedman, NTIA<https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02#Guest_Speaker-_Allan_Friedman.2C_NTIA> · 2 Tech Team Report - Kate<https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02#Tech_Team_Report_-_Kate> · 3 Legal Team Report - Steve<https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02#Legal_Team_Report_-_Steve> · 4 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02#Outreach_Team_Report_-_Jack> · 5 Cross Functional -<https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02#Cross_Functional_-> · 6 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02#Attendees> Guest Speaker- Allan Friedman, NTIA[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2020-04-02&action=edit§ion=1>] · NTIA’s Multistakeholder SBOM Process · Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM. · Allan’s slides https://drive.google.com/open?id=1KOsm6grnSZ5FsSnzTI9ybYT9m84F8Zfe Tech Team Report - Kate[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2020-04-02&action=edit§ion=2>] · Spec · Wrapping up 2.2 spec · Known unknowns made it in · 3.0 Visions · William Bartholomew’s talk about profiles was great (and recorded) · Tools · Gary’s been working on 2.2 tooling · Requiring a complete rewrite to the java tools · Not API compatible · Google SoC · 15 different submissions · Google is looking for additional mentors on each project · So, we need more mentors; contact Gary Legal Team Report - Steve[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2020-04-02&action=edit§ion=3>] · Finalized updates to license inclusion principles · Mostly clarifications · But also to broaden a bit for non-OSS source available licenses · https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md · 3.9 list release has been pushed out a bit · Were waiting for above · https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.9+release%22 · In anticipation of 3.0 working on a licensing profile · With Tech Team, updating back end of SPDX website to manage move from Drupal to Wordpress · Maintaining license URLs · Static pages moving do a different domain. Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2020-04-02&action=edit§ion=4>] · Will be looking for help to update content for Website as per above · Documenting comprehensive list of SPDX-related tooling Cross Functional -[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2020-04-02&action=edit§ion=5>] · None Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2020-04-02&action=edit§ion=6>] · Phil Odence, Black Duck/Synopsys · Alan Friedman, NTIA · Rose Judge, VMware · Steve Winslow, LF · Kate Stewart, Linux Foundation · Alexios Zavras, Intel · Jack Manbeck, TI · Jim Hutchison, Qualcomm · William Bartholomew, GitHub · Dave McLoughlin, Flexera · Michael Herzog- nexB · Alex Rybak, Flexera · Gary O’Neall, SourceAuditor · Paul Madick · Brad Goldring, GTC Law · David Wheeler, Linux Foundation · Mike Dolan, Linux Foundation · Bob Campbell, DXC · Mark Atwood, Amazon -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1307): https://lists.spdx.org/g/spdx/message/1307 Mute This Topic: https://lists.spdx.org/mt/72746082/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
