SPDX Sept General Meeting Minutes & Announcement

Phil Odence

SPDX Community,


Minutes: https://wiki.spdx.org/view/General_Meeting/Minutes/2021-09-02


As you are aware, in last week’s meeting we discussed a proposal to change the SPDX workgroup’s governance framework. The discussion was a good one and resulted in consensus. As things were rushed a bit at the end of the meeting and wanting to ensure no one was uncomfortable, we left the door open for concerns to be voiced “within a day or so” on this list. Subsequently there was a brief exchange on the list in support of the proposal as presented. And so, from this point forward, the SPDX is operating under the new framework.


For anyone who may have missed, a summary is attached. Additionally, here are links to the website that now specifies the newly adopted framework and a link directly to the repo that contains the details of the governance framework:

·  website: https://spdx.dev/about/governance/

·  GitHub repo: https://github.com/spdx/governance/


Thanks to all who participated in the smooth transition to the new framework.


Best regards,


Chair, SPDX Steering Committee


L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...







signature_454131419   signature_92975526   signature_1517895499   signature_1172968236




General Meeting/Minutes/2021-09-02

General Meeting‎ | Minutes

·         Attendance: 26

·         Lead by Phil Odence

·         GSoC Presentation was postponed

SPDX Governance - Phil[edit]

·         Intro -Phil


·         GOAL of today: Consensus  


·         Background

·         About 8 years ago, we put in place a governance structure for SPDX.

·         Factors

·         ISO standardization- near to announcing

·         Executive Order

·         More participation from comm members with standards body experience

·         Working with other standards, i.e. SWID and CycloneDX


·         Goal of Change - retain spirit and ways of working

·         more accurately reflect the current reality and future direction of the project

·         establishing a mechanism for official company membership in the project

·         using contribution processes and a license for the spec that ensure explicit patent license commitments from contributors

·         improving clarity around decision-making processes and establishing an appeals process

·         adopting a code of conduct


·         Solution - Steve to explain further

·         Legal Entity creation- switched from JDF to a much simpler

·         Retained Community Specification model

·         Review of pdf Summary - Steave

·         Legal Entity

·         Membership Agreement

·         Community Specs process and license

·         Q&A/Discussion

·         Various clarifications

·         Code of Conduct

·         Agreed that under new structure it could, if need be, be modified in the future

·         Possibility of Dual-licensing Spec

·         Agreed to not address at this time

·         Resolution

·         Consensus reached

·         ...unless significant concerns were raised on the General Mailing List within a day of so of the meeting's close


·         Phil Odence, Black Duck/Synopsys

·         Sebastian Crane

·         Joshua Marpet, RM-ISAO

·         Mike Nemmers

·         William Cox, Synopsys

·         Andrew Jorgenson, AWS

·         Bob Martin, Mitre

·         Philippe Emmanuel Douziech, CAST

·         Alexios Zavras, Intel

·         Marc Etienne Vargenau, Nokia

·         Jilayne Lovejoy, Red Hat

·         Steve Winslow, LF

·         Mike Dolan, LF

·         Mark Atwood, Amazon

·         Gary O’Neall, SourceAuditor

·         Paul Madick, Jenzabar

·         Jeff Schutt, Cisco

·         Vicky Brasseur, Wipro

·         Warner Losh, FreeBSD

·         Zach Hill, Anchore

·         Pierre Tardy

·         David Edelsohn, IBM

·         Maximilian Huber, TNG

·         Bill Jaeger

·         Michael Mehlberg, Dark Sky Technology

·         Henk Birkholz, Fraunhofe


Join {spdx@lists.spdx.org to automatically receive all group messages.