Hello, all, looking forward to seeing you Thursday. Note, we’ll have guest presentation from Microsoft on what they are doing with SPDX. Best, Phil GENERAL MEETING Meeting Time: Thurs,

Recording now available. Part #5 explores how SPDX ISO/IEC 5962 works as a Software Bill of Materials (SBOM) in the supply chain through existing open source tooling for open source

REMINDER: OpenChain Automation Case Study showing SPDX Software Bill of Materials being used in a “virtual supply chain” @ 09:00 UTC. Join without registration

REMINDER: Today is the OpenChain Automation Case Study “virtual supply chain” showing code going through multiple scanners and maintaining SPDX integrity @ 09:00 UTC. We will hold it on

Hi Vicky We also have a nice website https://oss-compliance-tooling.org/ Perhaps this is better suited for getting an overview Ciao Oliver

You may also want to look at the SLSA framework. https://slsa.dev/levels --- Mike Dolan The Linux Foundation Office: +1.330.460.3250 Cell: +1.440.552.5322 mdolan@... ---

Yessssss… It’ll take a while to get through it all, but this will be very helpful for us. Many thanks, Steve and Tooling Group Team! --V -- VM (Vicky) Brasseur Director, Senior

Hi Vicky, There's been some great work in the OSS Compliance Tooling Group which addresses this – if you're asking what I think you're asking. See:

There's been some industry wide agreement on the taxonomy to use to classify tools here: https://www.ntia.gov/files/ntia/publications/ntia_sbom_tooling_taxonomy-2021mar30.pdf I think the path of

A taxonomy of this SSC ecosystem. I would like to have one, plz&thx. For instance, looking at this (very much work in progress, just noodling about as I think about things) picture, those items in

Dear Marc-Etienne, Yay! I was indeed just wondering about this earlier today, so thank you very much for the notification :) Best wishes, Sebastian

Hi all, Great news: ISO SPDX standard is now publicly available at: https://standards.iso.org/ittf/PubliclyAvailableStandards/ Best regards, Marc-Etienne

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-11-04 General Meeting/Minutes/2021-11-04 < General Meeting‎ | Minutes · Attendance: 25 · Lead by Phil Odence ·

Came up on the call today. For those interested, here is an overview: https://asia.nikkei.com/Business/China-tech/New-China-data-transfer-rules-to-be-costly-for-foreign-companies Asia SPDX

Apologies for the late reminder. Notes: For Euro folks, time diff is off by an hour as US doesn’t go back to standard time until this weekend We will have a Google Summer of Code presentation

The "public domain" part appears to be the text of the Unlicense, so I'd assume "MIT OR Unlicense". Richard

Hi Pierre, I am moving the general SPDX list to BCC and sending this via the SPDX legal list, as that is the right place for this question! Also not - I have approved your message and copied you here

Hello, I am trying to identify this software in term of license expression https://github.com/nothings/stb It's is claimed to be "public domain or MIT". I don't see any license identifier for public

I’m pretty sure President Biden does too. From:spdx@... <spdx@...> on behalf of Dick Brooks <dick@...> Date: Friday, October 15, 2021 at 10:33 AM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX

Thanks, Phil. 100% agree with you. Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788