Dear all, We'd usually have our weekly Canonicalisation Committee meeting later on today. However, we don't appear to have any active topics of discussion: the two outstanding issues are (1) License E

Moving this thread to the spdx-tech list. The main spdx mail list is supposed to be low volume, for announcements. The developers at github are working to address the issues, let's give them some time

Hello spdx-legal and spdx-tech team lists, As a reminder, following from the joint teams meeting in January, there is a pending Change Proposal [1] regarding whether and how to add the ability to expr

Reminder: SPDX tech team meeting When: Tuesday, March 28, 2023 11:00am to 12:30pm (UTC-05:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descrip

Issue 137 covers one of the topics discussed at the 3/23 serialization subteam meeting. It proposes that a serialization model be defined, and that checksums/hashes be serialized as readably in JSON a

Dear SPDX Community, We've put together an overview of how things have changed from SPDX 1.0 to SPDX 2.3, and from 2.3 to 3.0. Could you take a look? Best regards, OpenChain JWG SBOM SG(Taima Toru and

Hello spdx-team, I am interested in contributing to the tools-python project in the spdx organization but during setting up my development environment I am unable to install all the required libraries

Reminder: SPDX tech team meeting When: Tuesday, March 21, 2023 11:00am to 12:30pm (UTC-05:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descrip

At the SPDX Serialisation Meeting 2023-03-16: Sean presented a deck of slides that he and Alexios had created to explain concepts relating to JSON-LD and RDF with regard to SPDX. The presentation cove

I want to contribute in https://github.com/opensbom-generator/parsers project. I would love to have some suggestions and things I need to mention in my proposal. This project seems very interesting to

Team In generating SBOMs, I am encountering a lot of issues with licence information obtained from either ecosystem meta data or actual source files most do not appear to be using SPDX license identif

Dear SPDX tech communities, Thank you for providing a lot of useful documents about SPDX! We, OpenChain Japan SBOM-sg members, illustrated the v2.3 JSON schema a little easier to see. https://qiita.co

Hi all, we just released v0.7.1 of the tools-python! Best, Meret

Reminder: SPDX tech team meeting When: Tuesday, March 14, 2023 11:00am to 12:30pm (UTC-05:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descrip

FYI: Update an update today from Allan Friedman re: CISA SBOM activities – see email below. NOTE from Allan: As a reminder, CISA facilitates these open discussions, but the participants shape the agen

Serialization subteam members: Alexios contributed a toy example JSON file for Issue #89, which illustrates both the correspondence and the difference between any Set class defined in a logical model

https://github.com/ossf/wg-vulnerability-disclosures/issues/125 This video leaves me questioning where Microsoft stands on OpenVEX. Art Manion’s, description of the CISA process is worth listening to:

Just an FYI: Both Willian and I work on the CISA ICT_SCRM Task Force SW Assurance Work Stream, which is developing guidance for Federal Procurement Offers with regard to OMB M-22-18 and EO 14028. Toda

Hi guys, I am Banula Kumarage. I am interested in contributing to the "SPDX License Submission Online Tool - increase functionality" through GSOC 2023. I have given a brief intro about myself in the g

Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program