Minutes from last SPDX General Meeting

Phil Odence

Pull request not yet approved in GH, so here are the minutes. Sorry they are ugly and indentation isn’t working right. All good in GH.


#SPDX General Meeting Minutes - January 5, 2023


## Administrative

* Lead by Phil Odence

* Minutes from last meeting approved

### Attendence: 18

## Steering Commitee Update - Phil

* Little work going on leading up to holiday.

## Tech Team Report - Gary, William, Kate

* https://github.com/spdx/meetings/blob/goneall-patch-7/tech/2022-12-20.md

* SPDX 3.0

* Working on how to pull inputs from profiles into spec

* Core Profile - William/Gary/Kate

* Licensing Profile - Steve/Alexios

* Much of the work had already been discussed in the legal meetings previously, matter of getting the licensing profile into the 3.0 format

* had been waiting on Core Profile

* Security Profile - Thomas/Jeff

* Scheduling is a chanllege for international team

* Build Profile - Brandon/Nisha

* Build model needs to be generalize

* Usage Profile - Ito/Ninjouji/Asaba/Kobota

* Working of issue regarding whether some fileds are part of file or package

* AI & Dataset Profile - Gopi/Karen/Kate

* Will split to separate Dataset Profile

* Functional Safety - Nicole/Kate

* Targeted for 3.1

* Group safety elements together

* Tracing safety issues and impacts

* Canonicalization

* Waiting for Core Profile

* Serialization

* How to represent

* Hardware Profile

* Interest and potential for 3.1

* Interest from Chips Alliance Group to bring domain expertise

* Implementers

* Tools

* Light attendance

* Every other week on Wednesdays

* Upcoming discussion on what constitutes a quality SBOM

* Tooling

* More maintainter coming in on NTIA conformance checker

* New release of online tools pending; aiming for this week

* Java tools

* lots of activity

* Maven plug in

* Cyclone DX conversion

* Python libraries

* Much refactoring activity

* Up on PyPy

## Legal Team Update - Jilayne/Steve/Paul

* Next license release, 3.20, aiming for end of month

* Lots of new Fedora licenses added

* in wake of Fedora adopting SPDX identifiers in July and documentation release last quarter

* Could always use more input and help

* Updating license adding process doc

* recorded videos of different ways to create files - will be uploaded soon

* Upcoming topics, potentially for joint Tech Team discussion

* Change proposal for extending the concept of license ref for exceptions on Jan 12th during legal team meeting time. See https://github.com/spdx/change-proposal/blob/main/proposals/ExceptionRef.md and https://github.com/spdx/change-proposal/issues/4

* Reminder email will go out to Legal and Tech Teams as to time and topic

* Side note: Jilayne working on history of license list to capture legacy knowledge

* Should be posted shortly

* also working on history of OSI/SPDX collaboration as people ask about that every so often

* other ideas on recording of legacy knowledge welcome!

## Outreach Team Update - Sebastian/Alexios/Jack

* Website update in process

* Goal is to maintain content in GitHub

* Working with LF on how to

* SPDX fo Security white paper to be published in the LF blog

## Attendees

* Phil Odence (Black Duck Audits, Synopsys)

* Bob Martin

* Jari Koivisto

* Armin Tänzer

* Paul Madick

* Mary Hardy (Microsoft)

* Gary O'Neall

* Peter Caven

* Steve Winslow

* Mike McDonel

* Adolfo Garcia Veytia (Chainguard)

* Dick Brooks (REA)

* Steven Carbno (Smart Talk Beacon)

* Jilayne Lovejoy

* David Edelsohn

* Kate Stewart

* Alfred Strauch (Smart Talk Security Inc.)

* Brad Goldring (GTC Law Group)