No special presentation this month, so meeting should go shorter than usual. GENERAL MEETING Meeting Time: Thurs, July 7, 8am PT / 10 am CT / 11am ET / 15:00 UTC.

What makes you think they don't apply? If you have to reproduce the notice, the terms apply. You can't just take code and change the license without the permission of the copyright holders/owners/etc.

No, that’s not really my issue. I believe the logical operators and the ability to designate file-level licenses in SPDX handle your situation. I’m talking about using SPDX to provide a copy of

I have spent a lot of time contemplating the question, but want to confirm I'm thinking about the same thing: Are you talking about the nature of open source requiring (such as in a requirements.txt)

Well the example is the reverse: inbound BSD-2-Clause, outbound MIT. I’m more thinking license identifiers that go with the code (since I think for most folks that’s where they do license

Hi McCoy! I’m moving the SPDX-general list to BCC and replying to SPDX-legal as that is the right place for this discussion. Where is this question coming up in terms of context? That is, are you

Get BlueMail for Android

I didn’t see this particular topic addressed in the specification (although I’m happy to be correcedt if I missed it), so I thought I’d post and see whether there is a solution that’s commonly

I lean strongly toward `docs` as the repo name. It’s a standard and expected name for a repo that contains any sort of documentation, so people will be able to find it in GitHub. Yes, the spec

I agree something like help or getting started as a repo name. That way someone can just grab all of the getting started collaterals that may get generated over time: documents, examples, etc.,.

May I propose something like github.com/spdx/help since “docs” covers a lot more things (even the specification itself). +1 on being a new, separate location. -- zvr

GitHub is a given, which is why we decided to start opening issues rather than just maintaining a file. I’d prefer to have either a dedicated docs repo or a /docs folder in another appropriate

Hi , What is the license type that needs be used in spdx for 3rd parties with proprietary licenses (e.g., Microsoft)? Regards Sandeep

Yes! I think this is a great idea. We’ve tried in the past to do this but could never get people “focused” on it. I agree its needed. I vote to put it the list in GitHub. The wiki doesn’t

I would put them in the spdx-spec repository, and we can label them as docs. One of the reasons for this is it allows us to address issues holistically, for example, the right thing to do might be to

Howdy, team. In last week’s Outreach call we discussed the lack of “getting started with SPDX” documentation, info that could take someone from Zero to SPDX. Currently it’s really hard for

Sandeep, A good example of a VEX advisory is provided by Siemens in their log4j advisory: https://cert-portal.siemens.com/productcert/csaf/ssa-661247.json NOTE: VEX’s are vulnerability

Hi Sandeep, To add to Rose’s comments… For version 2.3, the new Advisory identifier (F.2.3) is a catch-all that will enable linking to any VEX information, e.g., as contained within OSV or

Hoping this is recorded – I have another unmovable meeting at this time! Ria

It was not recorded and I don’t think we’ve ever really done that for general meetings specifically nor for other meetings for the most part (not to say we can’t, but that has been and is the