Re: SPDX Oct Gen Meeting Minutes


Phil Odence
 

I’m pretty sure President Biden does too.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Friday, October 15, 2021 at 10:33 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Thanks, Phil. 100% agree with you.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 9:59 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

That’s great, Dick. A very important direction for us IMO.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Friday, October 15, 2021 at 9:49 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Thanks, Phil.

 

Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 7:43 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

Dick, apologies for the slow response. Frankly we had a pretty tech team update this time. I think it’s a good idea to get some specifics from profile sub-teams next month and (herewith) suggest to Kate/Gary.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Saturday, October 9, 2021 at 11:28 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Phil,

 

               I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support profiles?

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 8, 2021 8:08 AM
To: SPDX-general <spdx@...>
Subject: [spdx] SPDX Oct Gen Meeting Minutes

 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·         Attendance: 25

·         Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·         Governance Update

·         New governance is in place

·         Will be announcing mechanism for signing up Member Companies

·         With that will announce the mechanism for nominating Steering Committee members

·         Wipro

·         Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·         Tools 

·         no update

·         Specification

·         Spec version compatible with ISO, now available

·         Version 3

·         Working on how to establish the repos

·         Question about SPDX Lite

·         That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·         New license request volume slowed down this month

·         Doing some general catchup with members of the legal team

·         Due for a new release at the end of the month

·         Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·         Recent Docfest was a success, brought in several tool vendors to compare results

·         Updated Wikipedia page progressing slowing

·         Lead section updated - this is what you seen when you do a Google search

·         Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·         Website is being updated

·         A section will be added to showcase company usage of SPDX

·         Updating meeting time to be more time available

·         Times are shown as UTC Note: will change next month

·         new time will be the off weeks at the same time as legal

·         going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·         Joshua reported the SPDX official podcasts started

·         Once a month

·         Outreach team will meeting every other month

·         Will interview many community members

·         Will follow-up with Vicki and others in the general meeting

·         Kate - presented keynote at open source summit

·         well received, good interested

·         Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Andrew Jorgenson, AWS

·         Kate Stewart, LF

·         Gary O’Neall, SourceAuditor

·         Bill Jaeger

·         Bob Martin, Mitre

·         Eric Billingsley, Calculi

·         Chrissini de Castro

·         Michael Mehlberg, Dark Sky Technology

·         Maximilian Huber, TNG

·         Sebastian Crane

·         William Cox, Synopsys

·         Vicky Brasseur, Wipro

·         Matthew Crawford, ARM

·         Marc Gisi, Windriver

·         Pierre Tardy,

·         Joshua Marpet, RM-ISAO

·         Brad Goldring

·         Paul Madick, Jenzabar

·         Jilayne Lovejoy, Red Hat

·         Christopher Lusk

·         Clement Poulain

·         Joshua Dubin, Verizon

·         Takashi Ninjouji

 

Join spdx@lists.spdx.org to automatically receive all group messages.