Date   

Public Domain license identifier

Pierre Tardy
 

Hello,

I am trying to identify this software in term of license expression


It's is claimed to be "public domain or MIT".
I don't see any license identifier for public domain. It is arguabily not a license, and not valid across jurisdictions, but anyway we would like to document the authors will even if we will conclude the use of MIT.

So what should we document in your opinion?

Regards

Pierre


Re: SPDX Oct Gen Meeting Minutes

Phil Odence
 

I’m pretty sure President Biden does too.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Friday, October 15, 2021 at 10:33 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Thanks, Phil. 100% agree with you.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 9:59 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

That’s great, Dick. A very important direction for us IMO.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Friday, October 15, 2021 at 9:49 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Thanks, Phil.

 

Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 7:43 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

Dick, apologies for the slow response. Frankly we had a pretty tech team update this time. I think it’s a good idea to get some specifics from profile sub-teams next month and (herewith) suggest to Kate/Gary.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Saturday, October 9, 2021 at 11:28 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Phil,

 

               I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support profiles?

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 8, 2021 8:08 AM
To: SPDX-general <spdx@...>
Subject: [spdx] SPDX Oct Gen Meeting Minutes

 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·         Attendance: 25

·         Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·         Governance Update

·         New governance is in place

·         Will be announcing mechanism for signing up Member Companies

·         With that will announce the mechanism for nominating Steering Committee members

·         Wipro

·         Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·         Tools 

·         no update

·         Specification

·         Spec version compatible with ISO, now available

·         Version 3

·         Working on how to establish the repos

·         Question about SPDX Lite

·         That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·         New license request volume slowed down this month

·         Doing some general catchup with members of the legal team

·         Due for a new release at the end of the month

·         Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·         Recent Docfest was a success, brought in several tool vendors to compare results

·         Updated Wikipedia page progressing slowing

·         Lead section updated - this is what you seen when you do a Google search

·         Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·         Website is being updated

·         A section will be added to showcase company usage of SPDX

·         Updating meeting time to be more time available

·         Times are shown as UTC Note: will change next month

·         new time will be the off weeks at the same time as legal

·         going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·         Joshua reported the SPDX official podcasts started

·         Once a month

·         Outreach team will meeting every other month

·         Will interview many community members

·         Will follow-up with Vicki and others in the general meeting

·         Kate - presented keynote at open source summit

·         well received, good interested

·         Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Andrew Jorgenson, AWS

·         Kate Stewart, LF

·         Gary O’Neall, SourceAuditor

·         Bill Jaeger

·         Bob Martin, Mitre

·         Eric Billingsley, Calculi

·         Chrissini de Castro

·         Michael Mehlberg, Dark Sky Technology

·         Maximilian Huber, TNG

·         Sebastian Crane

·         William Cox, Synopsys

·         Vicky Brasseur, Wipro

·         Matthew Crawford, ARM

·         Marc Gisi, Windriver

·         Pierre Tardy,

·         Joshua Marpet, RM-ISAO

·         Brad Goldring

·         Paul Madick, Jenzabar

·         Jilayne Lovejoy, Red Hat

·         Christopher Lusk

·         Clement Poulain

·         Joshua Dubin, Verizon

·         Takashi Ninjouji

 


Re: SPDX Oct Gen Meeting Minutes

Dick Brooks
 

Thanks, Phil. 100% agree with you.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 9:59 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

That’s great, Dick. A very important direction for us IMO.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Friday, October 15, 2021 at 9:49 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Thanks, Phil.

 

Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 7:43 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

Dick, apologies for the slow response. Frankly we had a pretty tech team update this time. I think it’s a good idea to get some specifics from profile sub-teams next month and (herewith) suggest to Kate/Gary.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Saturday, October 9, 2021 at 11:28 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Phil,

 

               I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support profiles?

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 8, 2021 8:08 AM
To: SPDX-general <spdx@...>
Subject: [spdx] SPDX Oct Gen Meeting Minutes

 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·        Attendance: 25

·        Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·        Governance Update

·        New governance is in place

·        Will be announcing mechanism for signing up Member Companies

·        With that will announce the mechanism for nominating Steering Committee members

·        Wipro

·        Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·        Tools 

·        no update

·        Specification

·        Spec version compatible with ISO, now available

·        Version 3

·        Working on how to establish the repos

·        Question about SPDX Lite

·        That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·        New license request volume slowed down this month

·        Doing some general catchup with members of the legal team

·        Due for a new release at the end of the month

·        Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·        Recent Docfest was a success, brought in several tool vendors to compare results

·        Updated Wikipedia page progressing slowing

·        Lead section updated - this is what you seen when you do a Google search

·        Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·        Website is being updated

·        A section will be added to showcase company usage of SPDX

·        Updating meeting time to be more time available

·        Times are shown as UTC Note: will change next month

·        new time will be the off weeks at the same time as legal

·        going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·        Joshua reported the SPDX official podcasts started

·        Once a month

·        Outreach team will meeting every other month

·        Will interview many community members

·        Will follow-up with Vicki and others in the general meeting

·        Kate - presented keynote at open source summit

·        well received, good interested

·        Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·        Phil Odence, Black Duck/Synopsys

·        Alexios Zavras, Intel

·        Andrew Jorgenson, AWS

·        Kate Stewart, LF

·        Gary O’Neall, SourceAuditor

·        Bill Jaeger

·        Bob Martin, Mitre

·        Eric Billingsley, Calculi

·        Chrissini de Castro

·        Michael Mehlberg, Dark Sky Technology

·        Maximilian Huber, TNG

·        Sebastian Crane

·        William Cox, Synopsys

·        Vicky Brasseur, Wipro

·        Matthew Crawford, ARM

·        Marc Gisi, Windriver

·        Pierre Tardy,

·        Joshua Marpet, RM-ISAO

·        Brad Goldring

·        Paul Madick, Jenzabar

·        Jilayne Lovejoy, Red Hat

·        Christopher Lusk

·        Clement Poulain

·        Joshua Dubin, Verizon

·        Takashi Ninjouji

 


Re: SPDX Oct Gen Meeting Minutes

Phil Odence
 

That’s great, Dick. A very important direction for us IMO.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Friday, October 15, 2021 at 9:49 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Thanks, Phil.

 

Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 7:43 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

Dick, apologies for the slow response. Frankly we had a pretty tech team update this time. I think it’s a good idea to get some specifics from profile sub-teams next month and (herewith) suggest to Kate/Gary.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Saturday, October 9, 2021 at 11:28 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Phil,

 

               I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support profiles?

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 8, 2021 8:08 AM
To: SPDX-general <spdx@...>
Subject: [spdx] SPDX Oct Gen Meeting Minutes

 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·         Attendance: 25

·         Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·         Governance Update

·         New governance is in place

·         Will be announcing mechanism for signing up Member Companies

·         With that will announce the mechanism for nominating Steering Committee members

·         Wipro

·         Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·         Tools 

·         no update

·         Specification

·         Spec version compatible with ISO, now available

·         Version 3

·         Working on how to establish the repos

·         Question about SPDX Lite

·         That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·         New license request volume slowed down this month

·         Doing some general catchup with members of the legal team

·         Due for a new release at the end of the month

·         Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·         Recent Docfest was a success, brought in several tool vendors to compare results

·         Updated Wikipedia page progressing slowing

·         Lead section updated - this is what you seen when you do a Google search

·         Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·         Website is being updated

·         A section will be added to showcase company usage of SPDX

·         Updating meeting time to be more time available

·         Times are shown as UTC Note: will change next month

·         new time will be the off weeks at the same time as legal

·         going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·         Joshua reported the SPDX official podcasts started

·         Once a month

·         Outreach team will meeting every other month

·         Will interview many community members

·         Will follow-up with Vicki and others in the general meeting

·         Kate - presented keynote at open source summit

·         well received, good interested

·         Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Andrew Jorgenson, AWS

·         Kate Stewart, LF

·         Gary O’Neall, SourceAuditor

·         Bill Jaeger

·         Bob Martin, Mitre

·         Eric Billingsley, Calculi

·         Chrissini de Castro

·         Michael Mehlberg, Dark Sky Technology

·         Maximilian Huber, TNG

·         Sebastian Crane

·         William Cox, Synopsys

·         Vicky Brasseur, Wipro

·         Matthew Crawford, ARM

·         Marc Gisi, Windriver

·         Pierre Tardy,

·         Joshua Marpet, RM-ISAO

·         Brad Goldring

·         Paul Madick, Jenzabar

·         Jilayne Lovejoy, Red Hat

·         Christopher Lusk

·         Clement Poulain

·         Joshua Dubin, Verizon

·         Takashi Ninjouji

 


Re: SPDX Oct Gen Meeting Minutes

Dick Brooks
 

Thanks, Phil.

 

Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 15, 2021 7:43 AM
To: spdx@...
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

 

Dick, apologies for the slow response. Frankly we had a pretty tech team update this time. I think it’s a good idea to get some specifics from profile sub-teams next month and (herewith) suggest to Kate/Gary.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Saturday, October 9, 2021 at 11:28 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Phil,

 

               I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support profiles?

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 8, 2021 8:08 AM
To: SPDX-general <spdx@...>
Subject: [spdx] SPDX Oct Gen Meeting Minutes

 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·        Attendance: 25

·        Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·        Governance Update

·        New governance is in place

·        Will be announcing mechanism for signing up Member Companies

·        With that will announce the mechanism for nominating Steering Committee members

·        Wipro

·        Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·        Tools 

·        no update

·        Specification

·        Spec version compatible with ISO, now available

·        Version 3

·        Working on how to establish the repos

·        Question about SPDX Lite

·        That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·        New license request volume slowed down this month

·        Doing some general catchup with members of the legal team

·        Due for a new release at the end of the month

·        Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·        Recent Docfest was a success, brought in several tool vendors to compare results

·        Updated Wikipedia page progressing slowing

·        Lead section updated - this is what you seen when you do a Google search

·        Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·        Website is being updated

·        A section will be added to showcase company usage of SPDX

·        Updating meeting time to be more time available

·        Times are shown as UTC Note: will change next month

·        new time will be the off weeks at the same time as legal

·        going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·        Joshua reported the SPDX official podcasts started

·        Once a month

·        Outreach team will meeting every other month

·        Will interview many community members

·        Will follow-up with Vicki and others in the general meeting

·        Kate - presented keynote at open source summit

·        well received, good interested

·        Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·        Phil Odence, Black Duck/Synopsys

·        Alexios Zavras, Intel

·        Andrew Jorgenson, AWS

·        Kate Stewart, LF

·        Gary O’Neall, SourceAuditor

·        Bill Jaeger

·        Bob Martin, Mitre

·        Eric Billingsley, Calculi

·        Chrissini de Castro

·        Michael Mehlberg, Dark Sky Technology

·        Maximilian Huber, TNG

·        Sebastian Crane

·        William Cox, Synopsys

·        Vicky Brasseur, Wipro

·        Matthew Crawford, ARM

·        Marc Gisi, Windriver

·        Pierre Tardy,

·        Joshua Marpet, RM-ISAO

·        Brad Goldring

·        Paul Madick, Jenzabar

·        Jilayne Lovejoy, Red Hat

·        Christopher Lusk

·        Clement Poulain

·        Joshua Dubin, Verizon

·        Takashi Ninjouji

 


Re: SPDX Oct Gen Meeting Minutes

Phil Odence
 

Dick, apologies for the slow response. Frankly we had a pretty tech team update this time. I think it’s a good idea to get some specifics from profile sub-teams next month and (herewith) suggest to Kate/Gary.

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Saturday, October 9, 2021 at 11:28 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Oct Gen Meeting Minutes

Phil,

 

               I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support profiles?

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 8, 2021 8:08 AM
To: SPDX-general <spdx@...>
Subject: [spdx] SPDX Oct Gen Meeting Minutes

 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·         Attendance: 25

·         Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·         Governance Update

·         New governance is in place

·         Will be announcing mechanism for signing up Member Companies

·         With that will announce the mechanism for nominating Steering Committee members

·         Wipro

·         Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·         Tools 

·         no update

·         Specification

·         Spec version compatible with ISO, now available

·         Version 3

·         Working on how to establish the repos

·         Question about SPDX Lite

·         That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·         New license request volume slowed down this month

·         Doing some general catchup with members of the legal team

·         Due for a new release at the end of the month

·         Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·         Recent Docfest was a success, brought in several tool vendors to compare results

·         Updated Wikipedia page progressing slowing

·         Lead section updated - this is what you seen when you do a Google search

·         Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·         Website is being updated

·         A section will be added to showcase company usage of SPDX

·         Updating meeting time to be more time available

·         Times are shown as UTC Note: will change next month

·         new time will be the off weeks at the same time as legal

·         going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·         Joshua reported the SPDX official podcasts started

·         Once a month

·         Outreach team will meeting every other month

·         Will interview many community members

·         Will follow-up with Vicki and others in the general meeting

·         Kate - presented keynote at open source summit

·         well received, good interested

·         Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Andrew Jorgenson, AWS

·         Kate Stewart, LF

·         Gary O’Neall, SourceAuditor

·         Bill Jaeger

·         Bob Martin, Mitre

·         Eric Billingsley, Calculi

·         Chrissini de Castro

·         Michael Mehlberg, Dark Sky Technology

·         Maximilian Huber, TNG

·         Sebastian Crane

·         William Cox, Synopsys

·         Vicky Brasseur, Wipro

·         Matthew Crawford, ARM

·         Marc Gisi, Windriver

·         Pierre Tardy,

·         Joshua Marpet, RM-ISAO

·         Brad Goldring

·         Paul Madick, Jenzabar

·         Jilayne Lovejoy, Red Hat

·         Christopher Lusk

·         Clement Poulain

·         Joshua Dubin, Verizon

·         Takashi Ninjouji

 


Re: SPDX Oct Gen Meeting Minutes

Dick Brooks
 

Phil,

 

               I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support profiles?

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Friday, October 8, 2021 8:08 AM
To: SPDX-general <spdx@...>
Subject: [spdx] SPDX Oct Gen Meeting Minutes

 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·        Attendance: 25

·        Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·        Governance Update

·        New governance is in place

·        Will be announcing mechanism for signing up Member Companies

·        With that will announce the mechanism for nominating Steering Committee members

·        Wipro

·        Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·        Tools 

·        no update

·        Specification

·        Spec version compatible with ISO, now available

·        Version 3

·        Working on how to establish the repos

·        Question about SPDX Lite

·        That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·        New license request volume slowed down this month

·        Doing some general catchup with members of the legal team

·        Due for a new release at the end of the month

·        Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·        Recent Docfest was a success, brought in several tool vendors to compare results

·        Updated Wikipedia page progressing slowing

·        Lead section updated - this is what you seen when you do a Google search

·        Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·        Website is being updated

·        A section will be added to showcase company usage of SPDX

·        Updating meeting time to be more time available

·        Times are shown as UTC Note: will change next month

·        new time will be the off weeks at the same time as legal

·        going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·        Joshua reported the SPDX official podcasts started

·        Once a month

·        Outreach team will meeting every other month

·        Will interview many community members

·        Will follow-up with Vicki and others in the general meeting

·        Kate - presented keynote at open source summit

·        well received, good interested

·        Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·        Phil Odence, Black Duck/Synopsys

·        Alexios Zavras, Intel

·        Andrew Jorgenson, AWS

·        Kate Stewart, LF

·        Gary O’Neall, SourceAuditor

·        Bill Jaeger

·        Bob Martin, Mitre

·        Eric Billingsley, Calculi

·        Chrissini de Castro

·        Michael Mehlberg, Dark Sky Technology

·        Maximilian Huber, TNG

·        Sebastian Crane

·        William Cox, Synopsys

·        Vicky Brasseur, Wipro

·        Matthew Crawford, ARM

·        Marc Gisi, Windriver

·        Pierre Tardy,

·        Joshua Marpet, RM-ISAO

·        Brad Goldring

·        Paul Madick, Jenzabar

·        Jilayne Lovejoy, Red Hat

·        Christopher Lusk

·        Clement Poulain

·        Joshua Dubin, Verizon

·        Takashi Ninjouji

 


SPDX Oct Gen Meeting Minutes

Phil Odence
 

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to be affiliated with a company, that information is also helpful. I didn’t catch for everyone. If you’d like to me to add, just let me know via email. Additions/corrections also welcome.

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1352972488   signature_1412948865   signature_476665210   signature_1426161603

 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-10-07

 

General Meeting/Minutes/2021-10-07

General Meeting‎ | Minutes

·         Attendance: 25

·         Lead by Phil Odence

 

Contents

 [hide

Special Topics- Phil / Vicky[edit]

·         Governance Update

·         New governance is in place

·         Will be announcing mechanism for signing up Member Companies

·         With that will announce the mechanism for nominating Steering Committee members

·         Wipro

·         Vicky discussed Wipro’s view of benefits and reasons for joining

Tech Team Report - Kate/Gary/Others[edit]

 

·         Tools 

·         no update

·         Specification

·         Spec version compatible with ISO, now available

·         Version 3

·         Working on how to establish the repos

·         Question about SPDX Lite

·         That would be the minimum mandatory fields

Legal team update - Jilayne[edit]

·         New license request volume slowed down this month

·         Doing some general catchup with members of the legal team

·         Due for a new release at the end of the month

·         Update on collaboration with OSI and FSF

  * Gary is working on 3 year old issues with the LicenseListPublisher to automate the inclusion of data from FSF and OSI   * Data is in the isFsfFree column and the OSI approved columns for the SPDX listed licenses   * Recently, getting good response from FSF and OSI - especially from OSI   * OSI has a machine readable format that is being actively worked on   * In addition to tool automation, there may be an opportunity for the legal team to have a communication process on license updates   * Jilayne provided history on previous attempts to work with FSF on integrating their data which at times has been less responsive  

Outreach team - Sebastian[edit]

·         Recent Docfest was a success, brought in several tool vendors to compare results

·         Updated Wikipedia page progressing slowing

·         Lead section updated - this is what you seen when you do a Google search

·         Sebastian resolved an accessibility issue with the SPDX spec web pages - increasing the contrast making it much more readable

·         Website is being updated

·         A section will be added to showcase company usage of SPDX

·         Updating meeting time to be more time available

·         Times are shown as UTC Note: will change next month

·         new time will be the off weeks at the same time as legal

·         going to meetings every other week from once a week.  Vicki pointed out that there will be more work being done on the mailing list, so feel free to volunteer for outreach activities even if you can't make the meetings.

·         Joshua reported the SPDX official podcasts started

·         Once a month

·         Outreach team will meeting every other month

·         Will interview many community members

·         Will follow-up with Vicki and others in the general meeting

·         Kate - presented keynote at open source summit

·         well received, good interested

·         Sebastian and Gary reporting increasing interest in SBOM tooling - we're seeing some good momentum

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Andrew Jorgenson, AWS

·         Kate Stewart, LF

·         Gary O’Neall, SourceAuditor

·         Bill Jaeger

·         Bob Martin, Mitre

·         Eric Billingsley, Calculi

·         Chrissini de Castro

·         Michael Mehlberg, Dark Sky Technology

·         Maximilian Huber, TNG

·         Sebastian Crane

·         William Cox, Synopsys

·         Vicky Brasseur, Wipro

·         Matthew Crawford, ARM

·         Marc Gisi, Windriver

·         Pierre Tardy,

·         Joshua Marpet, RM-ISAO

·         Brad Goldring

·         Paul Madick, Jenzabar

·         Jilayne Lovejoy, Red Hat

·         Christopher Lusk

·         Clement Poulain

·         Joshua Dubin, Verizon

·         Takashi Ninjouji

 


Thursday's SPDX General Meeting Reminder

Phil Odence
 

A couple of special items for this month’s meeting:

  • Quick status of updated SPDX governance
  • Short presentation by VM (Vicky) Brasseur, Director, Senior Strategy Advisor at Wipro. Her company has recently decided to become a member and put its full support behind SPDX. She’ll talk about what they do with SPDX and why they are so keen

 

GENERAL MEETING

 

Meeting Time: Thurs, Oct 7, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the meeting:
https://meet.jit.si/SPDXGeneralMeeting

To join by phone instead, tap this: +1.512.647.1431,,1310118349#

Looking for a different dial-in number?
See meeting dial-in numbers: 
https://meet.jit.si/static/dialInInfo.html?room=SPDXGeneralMeeting


If also dialing-in through a room phone, join without connecting to audio: 
https://meet.jit.si/SPDXGeneralMeeting#config.startSilent=true

 

Administrative Agenda

Attendance

Minutes Approval https://wiki.spdx.org/view/General_Meeting/Minutes/2021-07-01

 

Update/Presentation

  • Governance – Phil
  • Wipro and SPDX - Vicky

Technical Team Report – Kate/Gary/Others

  • Specification and Profiles

 

Technical Team Report – Kate/Gary/Others

  • Specification and Profiles
    • Overview
    • Core
    • Legal
    • Integrity
    • Defects
    • Usage and Other Emerging
  • Tooling

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach/Website Team Report – Jack 

  

 

 

 


Re: SPDX Goes ISO

Dick Brooks
 

Thanks, Phil – I’m very much looking forward to the configurable profiles capability.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Tuesday, September 14, 2021 1:16 PM
To: spdx@...
Subject: Re: [spdx] SPDX Goes ISO

 

Yes, understood. Thanks, Dick. For that use case, the President was more concerned with a cyber attack that a license violation. This is the point of evolving SPDX to be “configurable” with profiles to meet different use cases.

 

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Tuesday, September 14, 2021 at 12:44 PM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Goes ISO

Phil,

 

               Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber risk, i.e. C-SCRM, whereas license management is a Legal/Financial risk.

 

The use of SBOM for license legal risk management is indeed a good practice, but it is not required to satisfy NTIA minimal SBOM requirements for EO 14028.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Tuesday, September 14, 2021 11:53 AM
To: spdx@...
Subject: Re: [spdx] SPDX Goes ISO

 

Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX.

 

From: spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...>
Date: Tuesday, September 14, 2021 at 10:31 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Goes ISO

Congratulations!

This is indeed a massive step for the software world, and hopefully not just
in terms of license compliance!


hip hip hurrah!
Matija
--
gsm:    tel:+386.41.849.552
www:    https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$
xmpp:   matija.suklje@...
sip:    matija_suklje@...






Re: SPDX Goes ISO

Phil Odence
 

Yes, understood. Thanks, Dick. For that use case, the President was more concerned with a cyber attack that a license violation. This is the point of evolving SPDX to be “configurable” with profiles to meet different use cases.

 

 

From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...>
Date: Tuesday, September 14, 2021 at 12:44 PM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Goes ISO

Phil,

 

               Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber risk, i.e. C-SCRM, whereas license management is a Legal/Financial risk.

 

The use of SBOM for license legal risk management is indeed a good practice, but it is not required to satisfy NTIA minimal SBOM requirements for EO 14028.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Tuesday, September 14, 2021 11:53 AM
To: spdx@...
Subject: Re: [spdx] SPDX Goes ISO

 

Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX.

 

From: spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...>
Date: Tuesday, September 14, 2021 at 10:31 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Goes ISO

Congratulations!

This is indeed a massive step for the software world, and hopefully not just
in terms of license compliance!


hip hip hurrah!
Matija
--
gsm:    tel:+386.41.849.552
www:    https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$
xmpp:   matija.suklje@...
sip:    matija_suklje@...







Re: SPDX Goes ISO

Matija Šuklje
 

Die 14. 09. 21 et hora 17:52 Phil Odence via lists.spdx.org scripsit:
Absolutely not just license compliance. Security too is a
big driver and an important part/direction of SPDX.
I know. I’m just excited by the prospect of synergies and more use of SPDX in
the wild!

I can already see how the wider community would start working together on
joint SPDX documents, fixing issues together, nesting/referring existing SPDX
documents for subcomponents in the SPDX documents of the wider codebase
instead of re-scanning the whole thing over and over again …ah, may the dreams
finally become true! :)


cheers,
Matija
--
gsm: tel:+386.41.849.552
www: https://matija.suklje.name
xmpp: matija.suklje@gabbler.org
sip: matija_suklje@ippi.fr


Re: SPDX Goes ISO

Dick Brooks
 

Phil,

 

               Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber risk, i.e. C-SCRM, whereas license management is a Legal/Financial risk.

 

The use of SBOM for license legal risk management is indeed a good practice, but it is not required to satisfy NTIA minimal SBOM requirements for EO 14028.

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org
Sent: Tuesday, September 14, 2021 11:53 AM
To: spdx@...
Subject: Re: [spdx] SPDX Goes ISO

 

Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX.

 

From: spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...>
Date: Tuesday, September 14, 2021 at 10:31 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Goes ISO

Congratulations!

This is indeed a massive step for the software world, and hopefully not just
in terms of license compliance!


hip hip hurrah!
Matija
--
gsm:    tel:+386.41.849.552
www:    https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$
xmpp:   matija.suklje@...
sip:    matija_suklje@...






Re: SPDX Goes ISO

Phil Odence
 

Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX.

 

From: spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...>
Date: Tuesday, September 14, 2021 at 10:31 AM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Goes ISO

Congratulations!

This is indeed a massive step for the software world, and hopefully not just
in terms of license compliance!


hip hip hurrah!
Matija
--
gsm:    tel:+386.41.849.552
www:    https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$
xmpp:   matija.suklje@...
sip:    matija_suklje@...







Re: SPDX Goes ISO

Matija Šuklje
 

Congratulations!

This is indeed a massive step for the software world, and hopefully not just
in terms of license compliance!


hip hip hurrah!
Matija
--
gsm: tel:+386.41.849.552
www: https://matija.suklje.name
xmpp: matija.suklje@gabbler.org
sip: matija_suklje@ippi.fr


Re: SPDX Goes ISO

Kate Stewart
 

The content that went into the standard is the same as what is
in our github repo today, and a pretty version is at:  https://spdx.github.io/spdx-spec/.
The sources for the 2.2.1 are at: https://github.com/spdx/spdx-spec that fed into the review
process.   There's some editorial changes we incorporated into the ISO spec after the review, but nothing substantive, and we're working on a plan right now to capture those in SPDX 2.2.2 release.

Net: the ISO version of the specification has some specific formatting requirements 
that ISO requests us to follow (document structure, table numbering, etc.), but the
actual fields are publicly available either at the web link or the github repo directly.

SPDX is a living standard that is evolving with open participation in the SPDX tech
mailing list and calls.   Issues and pull requests are encouraged and welcome as we continue
to evolve to SPDX 3.0.   Once we solidify on the next set of changes, we may decide to submit to ISO, but it's being worked on in the github repo first.

Kate


On Mon, Sep 13, 2021 at 1:34 PM Michael Richardson <mcr@...> wrote:

It now costs CHF198 to buy.  This is the ISO way, and I think it's literally criminal.
As in: violates UN Charter of Human Rights.

If it doesn't wind up on the Publically Available Standards list, then I
think it's just been killed as a specification.
No open source person is going to buy the document.









Re: SPDX Goes ISO

Phil Odence
 

I believe that is correct. It seems an odd systems, but as I understand it, it’s not unusual to have free and paid for versions of specs with the same content. Openchain is, I believe, and example of same.

 

From: spdx@... <spdx@...> on behalf of William Bartholomew via lists.spdx.org <iamwillbar=github.com@...>
Date: Monday, September 13, 2021 at 2:43 PM
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Goes ISO

I’ll defer to Phil or Kate for an official answer, but my understanding is that SPDX will continue to publish the specification directly from the SPDX project to the community, but certain versions will be also published as ISO standards (the first being 2.2.1 which is materially the same as what’s published on the SPDX site today).

 

William

 

On 9/13/21, 11:34 AM, "spdx@..." <spdx@...> wrote:

 

It now costs CHF198 to buy.  This is the ISO way, and I think it's literally criminal.

As in: violates UN Charter of Human Rights.

 

If it doesn't wind up on the Publically Available Standards list, then I

think it's just been killed as a specification.

No open source person is going to buy the document.

 

 

 

 

 

 

 

 

 


Re: SPDX Goes ISO

William Bartholomew
 

I’ll defer to Phil or Kate for an official answer, but my understanding is that SPDX will continue to publish the specification directly from the SPDX project to the community, but certain versions will be also published as ISO standards (the first being 2.2.1 which is materially the same as what’s published on the SPDX site today).

 

William

 

On 9/13/21, 11:34 AM, "spdx@..." <spdx@...> wrote:

 

It now costs CHF198 to buy.  This is the ISO way, and I think it's literally criminal.

As in: violates UN Charter of Human Rights.

 

If it doesn't wind up on the Publically Available Standards list, then I

think it's just been killed as a specification.

No open source person is going to buy the document.

 

 

 

 

 

 

 

 


Re: SPDX Goes ISO

Michael Richardson
 

It now costs CHF198 to buy. This is the ISO way, and I think it's literally criminal.
As in: violates UN Charter of Human Rights.

If it doesn't wind up on the Publically Available Standards list, then I
think it's just been killed as a specification.
No open source person is going to buy the document.


Re: SPDX Goes ISO

Henk Birkholz
 

"I guess it will..." does not sound very reassuring, to be honest 🤠

So will it definitely become an "ISO Publicly Available Standard" and is that just a question of time?

Viele Grü0e,

Henk

On 13.09.21 09:23, Alexios Zavras wrote:
I guess it will…
The OpenChain one took a couple of months to appear, though, so I don’t know how quickly this gets updated.
-- zvr
*From:* spdx@lists.spdx.org <spdx@lists.spdx.org> *On Behalf Of *Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay)
*Sent:* Friday, 10 September, 2021 16:40
*To:* spdx@lists.spdx.org
*Cc:* Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) <marc-etienne.vargenau@nokia.com>
*Subject:* Re: [spdx] SPDX Goes ISO
Since the standard was not developed by ISO itself, will the standard be publicly available at https://standards.iso.org/ittf/PubliclyAvailableStandards/ <https://standards.iso.org/ittf/PubliclyAvailableStandards/> ?
I think it should.
Do we know?
Marc-Etienne
*From:*spdx@lists.spdx.org <mailto:spdx@lists.spdx.org> <spdx@lists.spdx.org <mailto:spdx@lists.spdx.org>> *On Behalf Of *Phil Odence via lists.spdx.org
*Sent:* Thursday, September 9, 2021 5:03 PM
*To:* SPDX-general <spdx@lists.spdx.org <mailto:spdx@lists.spdx.org>>
*Subject:* [spdx] SPDX Goes ISO
I’m pleased to announce that SPDX is now ISO/IEC 5962:2021 <https://urldefense.com/v3/__https:/www.iso.org/standard/81870.html__;!!A4F2R9G_pg!IzcEk2nRZUdfzZmQ8bT_tVgInVURy_PWptKdAupJoT8av2upo-tStlSbY_4GqlpA$>.
Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught.
Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials <https://urldefense.com/v3/__http:/www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials__;!!A4F2R9G_pg!IzcEk2nRZUdfzZmQ8bT_tVgInVURy_PWptKdAupJoT8av2upo-tStlSbY89Cvfim$>
Best regards,
Phil
**
*L. Philip Odence*
General Manager, Black Duck Audit Business
Synopsys Software Integrity Group, Burlington, MA
M (781) 258-9502 | phil.odence@synopsys.com <mailto:phil.odence@synopsys.com>
https://www.synopsys.com/audits <https://www.synopsys.com/audits>
SIG-emailsig-2020
signature_653089988<https://www.linkedin.com/showcase/sw_integrity/>signature_1312878970<https://twitter.com/SW_Integrity>signature_1721301777<https://www.youtube.com/channel/UC0I_hKR1E-Ty0roBUEQN4Ww>signature_106429426<https://www.facebook.com/SynopsysSoftwareIntegrity>
Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de>
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

21 - 40 of 1485