We agreed today to model Actor as a concrete class above Person, Organization, and SoftwareAgent. And we left the door open to augmenting that model in the future. It would be helpful to have a common

Reminder: SPDX tech team meeting When: Tuesday, February 7, 2023 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descr

SPDX Community, Many thanks to Steve Springett, Chief Architect of the CycloneDX SBOM standard for providing an honest and objective, side-by-side analysis of VEX and NIST VDR. https://github.com/Cycl

Hi All, We will be resuming build profile meetings next week to put together a PR to update the build profile for the spdx-3-model. Hope everyone is having fun at FOSDEM for those that are there! Chee

At the tech meeting we decided to accept the current identity model and move forward without blocking the 3.0 release. The discussion covered many ideas on which no decisions were documented, and I wo

Reminder: SPDX tech team meeting When: Tuesday, January 31, 2023 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descr

Hi all, this is an announcement to inform you that the new SPDX Python tools version 0.7.0 is now released on PyPI. Please feel free to test the new features and report any bugs you encounter as GitHu

Hello SPDX community, I have a question on Relationship and RelationshipType also. Is "RelationshipType" DESCRIBES limited to describing relationships between SPDX documents and software packages? Her

Hello, I was reading a thread about Package Supplier field clarification from late last year and was hoping to get even further clarification as we add this information to Tern’s SPDX documents. Regar

Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program

FYI – Release 1.1.4 of the SPDX Java Tools is now available. The new release has a rather significant improvement in performance, especially for JSON, Tag/Value, or YAML documents with a large number

Reminder: SPDX tech team meeting When: Tuesday, January 24, 2023 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descr

Hello, Turns out I don't have permission to create a build-profile branch in order to start development on the profile. Would anyone be able to create one for me and give me push permissions to that b

Hi folks, five years ago (!) I raised some questions on this list about SPDX in the email below. I'd love to link to the thread, but as far as I can tell the messages have been lost from the public ar

Hi everyone, I have two questions/remarks about the compound license expressions as defined in SPDX 2.3 Annex D.4. The OR is referred to as the "Disjunctive OR operator". However, as we have a choice

Reminder: SPDX tech team meeting When: Tuesday, January 17, 2023 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descr

Hi: If you drop by FOSDEM, there is this one day event before FOSDEM, on Feb. 3rd 2023, in Brussels. https://opencollective.com/aboutcode/events/fosdem-2023-fringe-event-foss-license-and-security-comp

I just finished publishing a new version of the SPDX online tools. It solves a couple of issues with the license submission utility and upgrades the NTIA Conformance Checker with an improved version.

Hi all, This is a reminder that Thursday, Jan 12th at the regular legal-team call time, we will have a joint call for the tech and legal teams to discuss the change proposal: https://github.com/spdx/c