No special presentation this month, so meeting should go shorter than usual.
GENERAL MEETING Meeting Time: Thurs, July 7, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.timeanddate.com_worldclock_converter.html&d=DwMGaQ&c=DPL6_X_6JkXFx7AXWqB0tg&r=CGsG_HWslMnHmDRZngTUv7VswbuEgSDQQD-XjX0ZZFc&m=aTno2MdPkEyWeFF6NtTVsvkwhro4X8E0ghAjdiaNKPY&s=ZE9sYJcHMoEO3g5qrPPuiKU0gFK7mMjd9Km_ClCNBbU&e=> Conf call dial-in: Join the meeting: https://meet.jit.si/SPDXGeneralMeeting<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2FSPDXGeneralMeeting&sa=D&ust=1619537013292000&usg=AOvVaw224M4IF9lZQ--a36gO3Lwh__;JSUlJQ!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41BGCiD_0k$> To join by phone instead, tap this: +1.512.647.1431,,1310118349# Looking for a different dial-in number? See meeting dial-in numbers: https://meet.jit.si/static/dialInInfo.html?room=SPDXGeneralMeeting<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2Fstatic*2FdialInInfo.html*3Froom*3DSPDXGeneralMeeting&sa=D&ust=1619537013292000&usg=AOvVaw0CFb1socSljscXVhl5wU_R__;JSUlJSUlJQ!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41BhDXVXvs$> If also dialing-in through a room phone, join without connecting to audio: https://meet.jit.si/SPDXGeneralMeeting#config.startSilent=true<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2FSPDXGeneralMeeting*23config.startSilent*3Dtrue&sa=D&ust=1619537013292000&usg=AOvVaw0KXqpP-XHq4V1GzN9CrPgS__;JSUlJSUl!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41B0qALsVU$> Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes Administrative Agenda Attendance Minutes Approval: Not yet posted in GitHub but included at the bottom here. Steering Committee Update - Phil Technical Team Report – Kate/Gary/Others * Specification and Profiles * Overview * Core * Legal * Integrity * Defects * Usage and Other Emerging * Tooling Legal Team Report – Jilayne/Paul/Steve Outreach/Website Team Report – Jack/Sebastian/Alexios * Attendance: 28 * Lead by Phil Odence * Minutes from last meeting approved. ## Steering Committee Update - Phil * Governance updates - minor clarifications * Starting work on a project management framework * Team Leads trying out a kickoff form before formalizing anything * Alexios selected as new co-lead for Outreach Team, joining Steering Committee in that capacity ## OpenSSF and White House Meeting - Kate * Focus on SBOMs - looking to engage with SPDX community, particularly on Defects side + laser focus on security * Early January 2022 - discussing security and SBOMs; many companies putting resources towards solving problems are OpenSSF members; discussion was under Chatham House Rule, info present but not disclosing speaker / organization * New meeting - included representatives from many organizations, including outside OpenSSF / LF * Kate and William Bartholomew present and active in SBOM workstream * Mobilization plan: https://openssf.org/oss-security-mobilization-plan/ - Stream 9, "SBOMs Everywhere" * Stream 10 also relevant to SPDX * Additionally a working group for package managers, with recurring meetings * June 20 or later - will be meeting in Austin among SPDX, CycloneDX and others re: identifying key use cases; reach out to Kate if wanting to participate in discussion * Looking to find companies willing to invest in improving tooling, especially with going to 2.3 and 3.0; tools requested by community; improving documentation; doing outreach * CISA Federal Register notice: https://www.federalregister.gov/documents/2022/06/01/2022-11733/public-listening-sessions-on-advancing-sbom-technology-processes-and-practices * RedHat readout from meeting: https://www.linkedin.com/posts/mark-bohannon-54b66a_red-hats-open-approach-to-vulnerability-activity-6931970156457840640-BrD8/?utm_source=linkedin_share&utm_medium=member_desktop_web ## Tech Team Report - Gary/Kate/Thomas ### Spec * SPDX 2.2.2 has been released * docs bugs have been resolved, and can be accessed at: https://spdx.github.io/spdx-spec/ * SPDX 2.3 is close to feature complete, we'll be declaring a release candidate in the next week, and generating ontologies for the tools to start trying it out. * Likely aiming to release in next couple of weeks * Documented in spdx-spec GitHub repo re: remaining tasks and activities * Only a couple items left impacting syntax of documents; hoping they'll be resolved this week, though can't commit b/c seeking consensus across multiple teams and time zones * Aiming to have a draft schema out w/in a week after consensus, to be available for review * Tooling folks then to update tools in parallel * A couple of big issues _separate from_ those impacting the syntax: e.g. license namespaces, licenses and snippets; intending to be compatible with existing syntax, but want to document in spec if adopting * SPDX 3.0 moving in parallel, revised model posted. * William leading up core profile team effort * Small list of outstanding items, will soon transition to documentation phase, moving from visual to written model * Defects profile, canonicalisation, usage profile * WG: AI BOM team meeting regularly, looking at defining how to define training data, data sets, etc., starting to work up minimal set of fields * focused on how to represent models and training data for models * WG: SPDX Implementers Group - meeting to discuss best practices around generating SPDX documents, meeting every other Wednesday * WG: Build data - Brandon Lum heading up recurring meeting, Monday nights European time * WG: Canonicalization - Meets on Friday, discussing the serializations for the 3.0 model. * Namespace discussions, additional meeting with Friday. * Desire to have working group meetings listed and calendar invites visible * Sebastian - looking to update wiki in short term, https://wiki.spdx.org/ * Gary - currently discussed primarily on tech team list * Jilayne - would it make sense to add meeting times to https://github.com/spdx/meetings -- main README ## Legal Team Report - Jilayne/Paul/Steve * License List 3.17 released in May * Focus currently on discussion of cross-team topics for spec - license namespaces, etc. * Looking to get a bit more formalization on cross-team topics: * avoid multiple conversations on separate calls, look to have joint calls where appropriate * proposals for something significant and new: aim to be more disciplined in articulating what's being solved for, e.g. "problem statement" / "what is this trying to achieve"; articulate how this fits into the mission of the project * try to define the goals / problem statement before jumping to implementation * Namespace discussion tomorrow - https://lists.spdx.org/g/Spdx-tech/message/4539; please read first before coming to meeting ## Outreach Team Report - Sebastian / Jack / Alexios * GSOC * 2 projects for this summer, now in the community bonding period * communicate with participants * Coding period starts next week * Material progress on SPDX website rebuild, sneak peek on upcoming outreach team call * Joshua Marpet working on additional outreach things * Upcoming talks: * Kate - upcoming RSA talk with Allen Friedman re: SBOMs and tooling, come by and say hi in person if you'll be there! * Steve - Zephyr Developer Summit next week, SBOMs at build time * Steve - OSPOCon / OSS NA later in June, SPDX License List ##Steering Committee * No update ## Attendees * David Edelsohn, IBM * Kate Stewart, LF * Jeff Buddington * Gary O'Neall * Alex Rybak, Revenera * Dick Brooks, REA * Alexios Zavras * Rich Steenwyk, GE Healthcare * Jeff Schutt * Sebastian Crane * Molly Menoni * Phil Odence, Synopsys * Steve Winslow, Boston Tech Law * Jack Manbeck * Yoshiyuki Ito * Brad Goldring, GTC Law Group * Andrew Jorgensen * Michael Herzog * Joshua Watt * Rose Judge * Sunil Jain * Karsten Klein * Mark Atwood, Amazon.com * Tony Aiuto, Google * Marc-Etienne Vargenau, Nokia * VM Brasseur, Wipro * Adrian Diglio, Microsoft * Hector Fernandez, VMware -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1552): https://lists.spdx.org/g/spdx/message/1552 Mute This Topic: https://lists.spdx.org/mt/92213296/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
