Pull request not yet approved in GH, so here are the minutes. Sorry they are ugly and indentation isn’t working right. All good in GH.
#SPDX General Meeting Minutes - January 5, 2023 ## Administrative * Lead by Phil Odence * Minutes from last meeting approved ### Attendence: 18 ## Steering Commitee Update - Phil * Little work going on leading up to holiday. ## Tech Team Report - Gary, William, Kate * https://github.com/spdx/meetings/blob/goneall-patch-7/tech/2022-12-20.md * SPDX 3.0 * Working on how to pull inputs from profiles into spec * Core Profile - William/Gary/Kate * Licensing Profile - Steve/Alexios * Much of the work had already been discussed in the legal meetings previously, matter of getting the licensing profile into the 3.0 format * had been waiting on Core Profile * Security Profile - Thomas/Jeff * Scheduling is a chanllege for international team * Build Profile - Brandon/Nisha * Build model needs to be generalize * Usage Profile - Ito/Ninjouji/Asaba/Kobota * Working of issue regarding whether some fileds are part of file or package * AI & Dataset Profile - Gopi/Karen/Kate * Will split to separate Dataset Profile * Functional Safety - Nicole/Kate * Targeted for 3.1 * Group safety elements together * Tracing safety issues and impacts * Canonicalization * Waiting for Core Profile * Serialization * How to represent * Hardware Profile * Interest and potential for 3.1 * Interest from Chips Alliance Group to bring domain expertise * Implementers * Tools * Light attendance * Every other week on Wednesdays * Upcoming discussion on what constitutes a quality SBOM * Tooling * More maintainter coming in on NTIA conformance checker * New release of online tools pending; aiming for this week * Java tools * lots of activity * Maven plug in * Cyclone DX conversion * Python libraries * Much refactoring activity * Up on PyPy ## Legal Team Update - Jilayne/Steve/Paul * Next license release, 3.20, aiming for end of month * Lots of new Fedora licenses added * in wake of Fedora adopting SPDX identifiers in July and documentation release last quarter * Could always use more input and help * Updating license adding process doc * recorded videos of different ways to create files - will be uploaded soon * Upcoming topics, potentially for joint Tech Team discussion * Change proposal for extending the concept of license ref for exceptions on Jan 12th during legal team meeting time. See https://github.com/spdx/change-proposal/blob/main/proposals/ExceptionRef.md and https://github.com/spdx/change-proposal/issues/4 * Reminder email will go out to Legal and Tech Teams as to time and topic * Side note: Jilayne working on history of license list to capture legacy knowledge * Should be posted shortly * also working on history of OSI/SPDX collaboration as people ask about that every so often * other ideas on recording of legacy knowledge welcome! ## Outreach Team Update - Sebastian/Alexios/Jack * Website update in process * Goal is to maintain content in GitHub * Working with LF on how to * SPDX fo Security white paper to be published in the LF blog ## Attendees * Phil Odence (Black Duck Audits, Synopsys) * Bob Martin * Jari Koivisto * Armin Tänzer * Paul Madick * Mary Hardy (Microsoft) * Gary O'Neall * Peter Caven * Steve Winslow * Mike McDonel * Adolfo Garcia Veytia (Chainguard) * Dick Brooks (REA) * Steven Carbno (Smart Talk Beacon) * Jilayne Lovejoy * David Edelsohn * Kate Stewart * Alfred Strauch (Smart Talk Security Inc.) * Brad Goldring (GTC Law Group) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1626): https://lists.spdx.org/g/spdx/message/1626 Mute This Topic: https://lists.spdx.org/mt/96701950/21656 Group Owner: spdx+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-