#SPDX General Meeting Minutes - January 5, 2023

## Administrative

* Lead by Phil Odence

* Minutes from last meeting approved

### Attendence: 18

## Steering Commitee Update - Phil

* Little work going on leading up to holiday.

## Tech Team Report - Gary, William, Kate

* https://github.com/spdx/meetings/blob/goneall-patch-7/tech/2022-12-20.md

* SPDX 3.0

* Working on how to pull inputs from profiles into spec

* Core Profile - William/Gary/Kate

* Licensing Profile - Steve/Alexios

* Much of the work had already been discussed in the legal meetings previously, matter of getting the licensing profile into the 3.0 format

* had been waiting on Core Profile

* Security Profile - Thomas/Jeff

* Scheduling is a chanllege for international team

* Build Profile - Brandon/Nisha

* Build model needs to be generalize

* Usage Profile - Ito/Ninjouji/Asaba/Kobota

* Working of issue regarding whether some fileds are part of file or package

* AI & Dataset Profile - Gopi/Karen/Kate

* Will split to separate Dataset Profile

* Functional Safety - Nicole/Kate

* Targeted for 3.1

* Group safety elements together

* Tracing safety issues and impacts

* Canonicalization

* Waiting for Core Profile

* Serialization

* How to represent

* Hardware Profile

* Interest and potential for 3.1

* Interest from Chips Alliance Group to bring domain expertise

* Implementers

* Tools

* Light attendance

* Every other week on Wednesdays

* Upcoming discussion on what constitutes a quality SBOM

* Tooling

* More maintainter coming in on NTIA conformance checker

* New release of online tools pending; aiming for this week

* Java tools

* lots of activity

* Maven plug in

* Cyclone DX conversion

* Python libraries

* Much refactoring activity

* Up on PyPy

## Legal Team Update - Jilayne/Steve/Paul

* Next license release, 3.20, aiming for end of month

* Lots of new Fedora licenses added

* in wake of Fedora adopting SPDX identifiers in July and documentation release last quarter

* Could always use more input and help

* Updating license adding process doc

* recorded videos of different ways to create files - will be uploaded soon

* Upcoming topics, potentially for joint Tech Team discussion

* Change proposal for extending the concept of license ref for exceptions on Jan 12th during legal team meeting time. See https://github.com/spdx/change-proposal/blob/main/proposals/ExceptionRef.md and https://github.com/spdx/change-proposal/issues/4

* Reminder email will go out to Legal and Tech Teams as to time and topic

* Side note: Jilayne working on history of license list to capture legacy knowledge

* Should be posted shortly

* also working on history of OSI/SPDX collaboration as people ask about that every so often

* other ideas on recording of legacy knowledge welcome!

## Outreach Team Update - Sebastian/Alexios/Jack

* Website update in process

* Goal is to maintain content in GitHub

* Working with LF on how to

* SPDX fo Security white paper to be published in the LF blog

## Attendees

* Phil Odence (Black Duck Audits, Synopsys)

* Bob Martin

* Jari Koivisto

* Armin Tänzer

* Paul Madick

* Mary Hardy (Microsoft)

* Gary O'Neall

* Peter Caven

* Steve Winslow

* Mike McDonel

* Adolfo Garcia Veytia (Chainguard)

* Dick Brooks (REA)

* Steven Carbno (Smart Talk Beacon)

* Jilayne Lovejoy

* David Edelsohn

* Kate Stewart

* Alfred Strauch (Smart Talk Security Inc.)

* Brad Goldring (GTC Law Group)