Re: Spdx Digest, Vol 93, Issue 2

John Scott

Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

John Scott, President, Ion Channel
 240.401.6574 @johnmscott

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to

You can reach the person managing the list at

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."

Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Content-Type: text/plain; charset="utf-8"

General Meeting/Minutes/2018-05-03
< General Meeting<>? | Minutes<>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<>
? 2 Tech Team Report - Kate/Gary<>
? 3 Outreach Team Report - Jack<>
? 4 Legal Team Report - Paul<>
? 5 Attendees<>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila

Tech Team Report - Kate/Gary[edit<>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings

Outreach Team Report - Jack[edit<>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation

? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>


Spdx mailing list

End of Spdx Digest, Vol 93, Issue 2

Join to automatically receive all group messages.