The "public domain" part appears to be the text of the Unlicense, so I'd assume "MIT OR Unlicense". Richard

Hi Pierre, I am moving the general SPDX list to BCC and sending this via the SPDX legal list, as that is the right place for this question! Also not - I have approved your message and copied you here

Hello, I am trying to identify this software in term of license expression https://github.com/nothings/stb It's is claimed to be "public domain or MIT". I don't see any license identifier for public d

I’m pretty sure President Biden does too. From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...> Date: Friday, October 15, 2021 at 10:33 AM To: spd

Thanks, Phil. 100% agree with you. Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-

That’s great, Dick. A very important direction for us IMO. From: spdx@... <spdx@...> on behalf of Dick Brooks <dick@...> Date: Friday, October 15, 2021 at

Thanks, Phil. Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn. Thanks, Dick Brooks Never trust software, a

Dick, apologies for the slow response. Frankly we had a pretty tech team update this time. I think it’s a good idea to get some specifics from profile sub-teams next month and (herewith) suggest to Ka

Phil, I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support pro

There were a few of anonymous participants that I did not include in the count. It would be helpful to get names for these minutes and to use them for future meetings. Also, while it’s not required to

A couple of special items for this month’s meeting: Quick status of updated SPDX governance Short presentation by VM (Vicky) Brasseur, Director, Senior Strategy Advisor at Wipro. Her company has recen

Thanks, Phil – I’m very much looking forward to the configurable profiles capability. Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email

Yes, understood. Thanks, Dick. For that use case, the President was more concerned with a cyber attack that a license violation. This is the point of evolving SPDX to be “configurable” with profiles t

Die 14. 09. 21 et hora 17:52 Phil Odence via lists.spdx.org scripsit: I know. I’m just excited by the prospect of synergies and more use of SPDX in the wild! I can already see how the wider community

Phil, Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber r

Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX. From: spdx@... <spdx@...> on behalf of Matija Šuklje

Congratulations! This is indeed a massive step for the software world, and hopefully not just in terms of license compliance! hip hip hurrah! Matija

The content that went into the standard is the same as what is in our github repo today, and a pretty version is at: https://spdx.github.io/spdx-spec/. The sources for the 2.2.1 are at: https://github

I believe that is correct. It seems an odd systems, but as I understand it, it’s not unusual to have free and paid for versions of specs with the same content. Openchain is, I believe, and example of

I’ll defer to Phil or Kate for an official answer, but my understanding is that SPDX will continue to publish the specification directly from the SPDX project to the community, but certain versions wi