Whoops! https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01
There were several attendees who’s organizations I don’t know. Please let me know and I will amend. Thanks. Phil General Meeting/Minutes/2021-07-01 < General Meeting<https://wiki.spdx.org/view/General_Meeting> | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes> · Attendance: 22 · Lead by Phil Odence · Minutes of June meeting Approved Contents [hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01>] * 1 SPDX Governance - Phil<https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01#SPDX_Governance_-_Phil> * 2 Outreach Team Report - Sebastian/Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01#Outreach_Team_Report_-_Sebastian.2FJack> * 3 Legal Team Report - Jilayne/Paul/Steve<https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01#Legal_Team_Report_-_Jilayne.2FPaul.2FSteve> * 4 Tech Team Report - Kate/Gary/Others<https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01#Tech_Team_Report_-_Kate.2FGary.2FOthers> * 5 Other Topics<https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01#Other_Topics> * 6 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01#Attendees> SPDX Governance - Phil[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-07-01&action=edit§ion=1>] Status of governance changes · Still working through a using the prepackaged JDF docs with LF lawyers · Lots there due to general nature · It will have to go through the specified process for discussion and voting · Why? · More scrutiny · Standards requirement- Companies supporting, logos · OMG CISQ 3T joining SPDX · ISO direction – Need more · Executive Order · Working with other standards, i.e. SWID and CycloneDX * Specific concerns that came up · · Community Spec License vs. CCBY · Patent license to address concerns that have arisen from companies we want to support · Also, tangentially related SBOM gen tool showed up in repo · Need criteria for including · A question came up about discussion of governance on the Gen Mailing list · We try to limit traffic on the list so one can use to monitor activity without being overwhelmed · There will be a chance for discussion of a governance proposal once process goes in motion · Contact Phil with inputs · We’ll look into a separate list Outreach Team Report - Sebastian/Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-07-01&action=edit§ion=2>] · Rebooted · SPDX website rework - license for content CC-BY-4.0 · Looking to rebuild website as static site. · Code and license - more flex over precise styling and functionality. · Prototype of site in next few weeks. · Technical slides - present about SPDX in own organizations. · Reviewed collateral, audience focus for collateral that will meet audience needs. · More explanation of “why”. Point to specification when get to details. · IRC channel · Sebastian set up #spdx on libera.chat · previous channels on OFTC, Freenode; hadn’t taken off · libera.chat has 11 people in it currently · “cloaking” - hides IP address in some cases, replaces with badge for organization you’re associated with; Sebastian can provide “SPDX cloak” · Matrix bridge - feature of libera.chat, enables joining via Matrix · Meeting date and time: 1500 UTC on Wednesdays will be new meeting time, on 14th of July Legal Team Report - Jilayne/Paul/Steve[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-07-01&action=edit§ion=3>] · Several new folks participating · Ariel and Candice from ClearlyDefined have been digging into the Python stack of licenses · License List 3.14 release - targeting end of July Tech Team Report - Kate/Gary/Others[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-07-01&action=edit§ion=4>] · Tools · GSoC - JSON support in Golang; will seek to get GSoC student to present at a future General Meeting · New participants interacting with tools, and seeing pull requests. · NTIA Plugfest · new tools emerging from communities · SPDX was most common format in use · Can’t get down to SPDX field to field · SPDX Plugfest? · Desire to have Japan SPDX Plugfest · One for north america · Anchore has a tool supporting SPDX output if you need more 3.0 examples we can on it. (github.com/anchore/syft). We have 2.2 now but can fairly quickly iterate for some 3.0 support. · Specification · ISO/IEC PRF 5962 - Information Technology — SPDX® Specification V2.2.1- moved to PRF status Publication date : 2021-08 · OCI registry overview and how SPDX could interact with containers. · Specification 3.0 Work · Looking for more 3.0 examples in serialization · Lacking critical mass for some decisions - vacations · Moving through punch list on core model. · Vulnerability - waiting for core. Snyk put up a nice post. · Feedback in progress. · Serialization needs to become clearer. · More examples are needed. · Follow up VEX and CSAF · Licensing profile - pretty similar to 2.2 already. · Once formatting for how template can be expressed. Other Topics[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-07-01&action=edit§ion=5>] · Open Question - why spdx.dev vs. spdx.org; license list dynamically generated spdx.org - Drupal → Wordpress. How to keep License list still populate to website. · Keep license list URL stable. · Wikipedia page on SPDX is pretty stale. · Needs to be updated. Outreach will take it. Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2021-07-01&action=edit§ion=6>] · Phil Odence, Black Duck/Synopsys · Philippe Emmanuel Douziech, CAST · Bob Martin, Mitre · Joshua Marpet, RM-ISAO · David Edelsohn, IBM · Sebastian Crane · Marc Etienne Vargenau, Nokia · Zach Hill, Anchore · Steve Winslow, LF · Kate Stewart, Linux Foundation · William Cox, Synopsys · Jack Manbeck, TI · Alexios Zavras, Intel · Warner Losh, FreeBSD · Alfredo Espinosa · Jilayne Lovejoy, Red Hat · Chris Lusk · Andrew Jorganson, AWS · Thomas Steenbergen, HERE · Ronda, · Brian Fox, Sonotype · Michael Herzog- nexB -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1418): https://lists.spdx.org/g/spdx/message/1418 Mute This Topic: https://lists.spdx.org/mt/84019725/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
