Adding to Kate’s comments, the SPDX presumption is that developers of open source software would like to: a. have their software used by others b. make sure the software is used under the terms they

The base document that these changes are being proposed for is SPDX 2.0 see: http://spdx.org/SPDX-specifications/spdx-version-2.0 The goal of software package data exchange (SPDX) is to create a

Its impossible to answer this question, largely because there's not enough data -- what are these "other systems" (Windows?) and what are the "external packages"? This is my assumption as well. I

Beats me. But to me the proposed solution looks much worse than whatever problem it is that you're trying to solve. Speaking of which, where is the document that describes the problem you're trying to

The SPEC being referred to is a NIST one, rather than ANSI. see: http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8060 Which is open. Its in its second reading right now, and its in a

here's the link: https://docs.google.com/document/d/1j6LWnkh5GbMV9Xo5_zJ0wTNLROEIa4o1OU279YueI90/edit

To add to Philippe's comments, and speaking on behalf of a major producer of open source software, the proposal for an "External Security and Asset Management Identifier" seems to be fundamentally

Hi Philippe, The document you commented on was from last week's discussion. Your input is appreciated and you're opinion is lining up with some of the thoughts expressed as part of the external

Hi Philippe, HI Yev Philippe, You are right about SWID. Yev, I may be biased over using CPEs and not using SWIDs. Here are my points on SWID. 1. SWID looks nice to have for software asset management

D’oh! Arrgh! Other grunting noises! Here is the correct link. Terribly sorry for the confusion/inconvenience. https://docs.google.com/document/d/1HTgrEKBlza_U3yZBKpgu9JDYhZkZ6Jbj9jNsmRreCMo/edit

<ybronshteyn@...> wrote: Yev: I guess you meant External and not Eternal.... I provided a few comments to your proposed spec in the doc

Hi Yev, The spec you linked to was the one I created for las week's call. Is there a different document we should be refering to? Thanks, Kate

Here is the spec for the proposed EternalPackage element. While I touch on usage in the beginning, I'll discuss some specific use cases in the context of SpdxTools on the

Hi, We're now less than on month away from LinuxCon, and we wanted to get some information out for those who want to participate in the SPDX 2.0 Bakeoff. If you can make it to Seattle that’s

http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02 Thanks again to Gary and the UNO team for the interesting presentation. L. Philip Odence General Manager Audit Services Vice President of

Hi everyone, Thanks for the chance to discuss the UNO SPDX tools at the General Meeting. Here are the links to the GH repositories for projects that are currently active: DoSOCS:

Hi, I would love to hear about SPDX 2 integrated into yocto or Open Embedded if someone has done that. Regards, Jeremiah On Jul 1, 2015 2:09 PM, "Philip Odence" <podence@...> wrote:

I’m trying to spice up every General Meeting with a speaker talking about a special topic, usually their organizations’ use of SPDX or work related to. If you have any ideas for future

Hi Rob, Thanks for you email. To request a new license be added to the SPDX License List, you need to provide the info listed on this page (most of which you already have)

I'm told I should contact you about registering Toybox's "zero clause bsd" license for an official 0BSD acronym/abbreviation. The license text itself (paragraphs 2 and 3 here):