A reminder that the General Meeting was pushed to this Thursday, March 7, at
the normal 11am EST time.
Minutes from February are not yet posted on GitHub but you can find them at the
bottom of this email, after agenda, login information, etc.
Don’t miss this Thursday’s special presentation!:
* SPDX 3.0 Release Candidate 2 Review – Gary and Bob
* This is a great opportunity to get current on the latest (seeing light
at the end of the tunnel) version of pre-release SPDX
Best,
Phil
L. Philip Odence
General Manager, Black Duck Audit Business
Synopsys Software Integrity Group, Burlington, MA
M (781) 258-9502 | [email protected]<mailto:[email protected]>
https://www.synopsys.com/audits
[SIG-emailsig-2020]
[signature_2892046952]<https://www.linkedin.com/showcase/sw_integrity/>
[signature_4149161518] <https://twitter.com/SW_Integrity>
[signature_715487372]
<https://www.youtube.com/channel/UC0I_hKR1E-Ty0roBUEQN4Ww>
[signature_2597224942] <https://www.facebook.com/SynopsysSoftwareIntegrity>
Meeting Agenda:
Administrative Agenda
Attendance
Minutes Approval
Special Presentation – Gary/Bob
Technical Team Report – Kate/Gary/Others
* Overview
* Specification and Profiles
* Core & Software
* Security
* Licensing
* Build
* Lite
* AI
* Dataset
* Functional Safety
* Canonicalization/Serialization
* Software as a Service
* Hardware
* Tooling + Implementers
Legal Team Report – Jilayne/Steve
Outreach/Website Team Report – Alexios/Bob
General Announcements
Meeting Time: First Thursday of every month, 8am PT / 10 am CT / 11am ET /
15:00 UTC.
http://www.timeanddate.com/worldclock/converter.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.timeanddate.com_worldclock_converter.html&d=DwMGaQ&c=DPL6_X_6JkXFx7AXWqB0tg&r=CGsG_HWslMnHmDRZngTUv7VswbuEgSDQQD-XjX0ZZFc&m=aTno2MdPkEyWeFF6NtTVsvkwhro4X8E0ghAjdiaNKPY&s=ZE9sYJcHMoEO3g5qrPPuiKU0gFK7mMjd9Km_ClCNBbU&e=>
Conf call dial-in:
Join the meeting:
https://meet.jit.si/SPDXGeneralMeeting<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2FSPDXGeneralMeeting&sa=D&ust=1619537013292000&usg=AOvVaw224M4IF9lZQ--a36gO3Lwh__;JSUlJQ!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41BGCiD_0k$>
To join by phone instead, tap this:
+1.512.647.1431,,1310118349#<tel:+15126471431,1310118349>
Looking for a different dial-in number?
See meeting dial-in numbers:
https://meet.jit.si/static/dialInInfo.html?room=SPDXGeneralMeeting<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2Fstatic*2FdialInInfo.html*3Froom*3DSPDXGeneralMeeting&sa=D&ust=1619537013292000&usg=AOvVaw0CFb1socSljscXVhl5wU_R__;JSUlJSUlJQ!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41BhDXVXvs$>
If also dialing-in through a room phone, join without connecting to audio:
https://meet.jit.si/SPDXGeneralMeeting#config.startSilent=true<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2FSPDXGeneralMeeting*23config.startSilent*3Dtrue&sa=D&ust=1619537013292000&usg=AOvVaw0KXqpP-XHq4V1GzN9CrPgS__;JSUlJSUl!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41B0qALsVU$>
Etherpad for minutes:
https://spdx.swinslow.net/p/spdx-general-minutes<https://urldefense.com/v3/__https:/spdx.swinslow.net/p/spdx-general-minutes__;!!A4F2R9G_pg!bkFgK9GI5IbYCG_91ZtQilKgVfK3GKVMNzWVmfR-vYiSdgqVJFuyjsogC7bylG6qLZWcg-pZsfwx1j22AYkUN1F-yUtbJ9gGY3R4AFJ0$>
SPDX General Meeting Minutes- 2024-02-08
Administrative
* Minutes from January meeting approved.
* Attendees - 24
Tech Team Report - Max
* Refactoring spec parser
* Alexios and Jeff have been working on this
* Will allow easy generation of easy human readable format
* Not complete but work proceeds to address bugs and integration issues
* Discussion regarding code genaration
* Allowing downstream users to generate
* Discussed at Fosdem in person
* Joshua is main contributor
* Idea is to reduce complexity of adopting programing
languages/ecosystems
* ...while maintaining single place for mantining libraries
* Working on the final push to resolve the open issues for -rc2.
* Gary did a full pass and punch down list has been documented in
spdx/spdx-3-model#622<https://github.com/spdx/spdx-3-model/issues/622> for
those who want to follow along.
* Blocker- integrity measures
* Annexes to spec (what can be lifted from 2.3, etc)
* A range of "small" issues
* Security Profile - Jeff
* No update
* Licensing Profile - Steve
* A number of small issues, cleanup.
* Build Profile - Brandon/Nisha
* No update
* Lite Profile - Ito/Ninjouji/Asaba/Kobota
* Some discussion about other serialization formats (eg tag value)
* To be updated
* AI Profile - Karen/Gopi
* Added "SupportLevel" to core, to be useful for AI & Datasets; as well
as general software.
* WG reviewing EU AI Act and EU AI Treaty to see how to handle their
requirments in AI/Data profiles
* Seeing more industry participants joining calls
* Workshop held on SPDX for Medical and Engineering graduates at UBC -
use case: Medicial devices; feedback was extremely positive and would us to
consider working with them to create courseware on SPDX
* Dataset Profile - Karen/Gopi
* see comments on "SupportLevel" in AI.
* Requested review of Dataset properties from data privacy & protection
officer, waiting feedback.
* Functional Safety - Nicole/Kate
* Working through strictdoc prototype SPDX for the requirements
traceability from the Zephyr project.
* Presentations planned for FOSDEM SBOM Devroom on Feb 4.
* Canonicalization / Serialization - Max
* Meetings on hold until after RC2 release. After RC2, we'll start
working on additional serialization formats beyond JSON-LD
* Software as a Service – Gary
* Started defining the model change to support software as a service in
the 3.1 release
* Updates are being made to the service-profile branch of the model
repository:
https://github.com/spdx/spdx-3-model/tree/service-profile/model/Service
* reviews and updates are welcome
* Hardware - Kate
* Working through the Virtualized Hardware properties.
* New participants joining, and providing orientation.
* Those interested in participating should subscribe to:
https://lists.spdx.org/g/spdx-hardware
* Operations - Marcel, Matthew
* Starting formation, all interested subscribe to
* Will meet tomorrow at 2:30PM UK time / 3:30PM CET
* Implementers - Rose
* no update
Legal Team Update - Jilayne/Steve
* 3.23 license list release to be published today
* Legal Team regularly scheduled call happening at the top of the hour
after today's General Meeting
Outreach Team Update - Alexios/Bob
* Tool inclusion process and requirements
* Still work in process, to be rolled in on weeks or small number of months
* Current tools will have to re-up
General Announcements
* Spec review
* Steering Committee Nominations
· Attendees -
* Mark Atwood (Amazon.com)
* Alex Stewart (NI)
* Alfred L. Strauch
* Alin Jerpelea (Sony)
* Brad Goldring (GTC)
* Dick Brooks (REA)
* Gale McCommons (Comcast)
* Gary Armstrong (FOSSID)
* Jeff H.
* Jessie Vaught
* Jilayne Lovejoy
* Jim Vitrano
* Karen Bennet
* Marc-Etienne Vargenau, Nokia
* Madhuri Padmanabhan
* Marcel Kurzmann
* Max Huber
* Phil Odence Black Duck Audits Synopsys
* Shalini Batra (Synopsys)
* Steven Carbno
* Steve Winslow
* Tim Bird (Sony)
* Ummo Schwarting
* Venkat Ramakrishnan (Individual)
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1837): https://lists.spdx.org/g/spdx/message/1837
Mute This Topic: https://lists.spdx.org/mt/104753783/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
