SPDX Update

Philip Odence

SPDX Community,

As most of you know, the Linux Foundation web properties were victim to a very sophisticated attack from which the Foundation is nearly recovered. The time it has taken to recover is reflective of how seriously the Foundation took has taken the incident. They have been pretty much 100%, 7 days a week focused on putting back in place a super-hardened infrastructure to avoid the issue in the future. Finally, SPDX and our mailing lists are back in action. Thanks for your patience. 

This has obviously been a big hit to SPDX progress. Amazingly, some good work has gotten done over the last couple months, hurdles notwithstanding. Now it's time to get a back on track. To get momentum ramped up, we need everyone individually to dive back in; please take 30 seconds to get yourself psyched up. First order of business is for each of the teams to create a report on current status and next steps, which we will circulate to the General list. Otherwise it's business as usual on our old normal schedule.

An elephant in the room is: How do we avoid this in the future? As companies become committed to SPDX, they will also become dependent on our on-line assets. In this sense, the timing of the incident could have been much worse. Let's take it as a wakeup call that we need to ensure we have a reliable site. Given the work that the LF has done, there's a good chance that the new platform and processes are sufficiently secure and reliable for our needs. We are in the midst of discussions with the Linux Foundation to verify that the new infrastructure can meet our needs in the future.

To help everyone sync'ed, below is the ongoing schedule. Looking forward to reconnecting and once again moving forward.

Best wishes,

L. Philip Odence
Vice President of Business Development
Black Duck Software, Inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence

Purpose- Reporting out of by each team.
Mailing list- spdx@...
Calls- Every two weeks; Thursday at 11am US Eastern time. Next one: Dec 1
Organizer- Phil Odence, podence@...
Dial in Info-
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 

Purpose- Technical discussion around the spec and its implementation
Mailing list- spdx-tech@...
IRC: #spdx at Freenode.net
Contact - Kate Stewart (stewart@...)
Calls- every week on Tuesday at 2pm EST (1900 GMT)
Host - Bill Schineller (bschineller@...)
Dial in Info-  (877) 435-0230; Conference code: 7833942033.
Screenshare: http://blackducksoftware.na6.acrobat.com/spdxrdf/

Purpose- Discuss business team issues such as website, community outreach, business processes.
Mailing list- spdx-biz@...
Calls- Every other week (opposite week from General Meeting); Thursday 11am ET/8am PT; Next one Dec 8
Organizer-Kim Weins, kim.weins@...
Dial in Info- 866-740-1260  ID 2404502

Purpose- Handling all legal issues associated with the project (spec, website, licensing, etc.)
Mailing list- spdx-legal@...
Calls- Every two weeks; Wednesday at 11am US Eastern time. Next one: Nov 30
Organizer-Esteban Rockett rockett@...
Dial in Info-  1.877.825.8522 PIN:0376146