Yes, understood. Thanks, Dick. For that use case, the President was more concerned with a cyber attack that a license violation. This is the point of evolving SPDX to be “configurable” with

Die 14. 09. 21 et hora 17:52 Phil Odence via lists.spdx.org scripsit: I know. I’m just excited by the prospect of synergies and more use of SPDX in the wild! I can already see how the wider

Phil, Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal

Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX. From:spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...> Date:

Congratulations! This is indeed a massive step for the software world, and hopefully not just in terms of license compliance! hip hip hurrah! Matija --

The content that went into the standard is the same as what is in our github repo today, and a pretty version is at: https://spdx.github.io/spdx-spec/. The sources for the 2.2.1 are at:

I believe that is correct. It seems an odd systems, but as I understand it, it’s not unusual to have free and paid for versions of specs with the same content. Openchain is, I believe, and example

I’ll defer to Phil or Kate for an official answer, but my understanding is that SPDX will continue to publish the specification directly from the SPDX project to the community, but certain versions

It now costs CHF198 to buy. This is the ISO way, and I think it's literally criminal. As in: violates UN Charter of Human Rights. If it doesn't wind up on the Publically Available Standards list,

"I guess it will..." does not sound very reassuring, to be honest 🤠 So will it definitely become an "ISO Publicly Available Standard" and is that just a question of time? Viele Grü0e, Henk

I guess it will… The OpenChain one took a couple of months to appear, though, so I don’t know how quickly this gets updated. -- zvr

This is wonderful news! Congrats to Kate and everyone else who had a hand in this! Hopefully this means wider adoption and growth for the future! Zachary Fetters Freelance graphic/web

Since the standard was not developed by ISO itself, will the standard be publicly available athttps://standards.iso.org/ittf/PubliclyAvailableStandards/ ? I think it should. Do we know?

I just realized that the DocFest will be demonstrating interoperability of an ISO standard SBOM. Great timing getting the ISO standard status before the 9/16 DocFest. Very cool! Thanks, Dick

Please do 🙂

This is great news, very happy to see it and kudos to everyone involved. People may also be interested to know that we just merged SPDX SBOM generation into OpenEmbedded-Core, just before our feature

We may quote you on that! From:spdx@... <spdx@...> on behalf of Shane Coughlan <scoughlan@...> Date: Thursday, September 9, 2021 at 9:16 PM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes

Seconded! This is tremendously important for the governance ecosystem. Regards Shane

A truly amazing achievement – well done and congratulations to Kate and the entire SPDX and Linux Foundation community that made this happen. So much looking forward to advancing SPDX

A big +1 from me. Thank you to all the SPDX contributors and everyone involved in the years-long process of getting the SPDX standard to where it is today, and especially to Kate for her tireless