Re: Spdx Digest, Vol 93, Issue 2


John Scott
 

Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

-------------------------------------------
John Scott, President, Ion Channel
 240.401.6574 @johnmscott
www.ionchannel.io

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to
spdx@...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...

You can reach the person managing the list at
spdx-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."


Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


----------------------------------------------------------------------

Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@...>
Content-Type: text/plain; charset="utf-8"

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila



Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings



Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation



Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 93, Issue 2
***********************************

Join spdx@lists.spdx.org to automatically receive all group messages.