Topics

Spdx Digest, Vol 93, Issue 2

John Scott
 

Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

-------------------------------------------
John Scott, President, Ion Channel
 240.401.6574 @johnmscott
www.ionchannel.io

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to
spdx@...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...

You can reach the person managing the list at
spdx-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."


Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


----------------------------------------------------------------------

Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@...>
Content-Type: text/plain; charset="utf-8"

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila



Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings



Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation



Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 93, Issue 2
***********************************

Kate Stewart
 

Hi John,
    Thanks for reaching out!  I think this discussion is best handled 
with the tech team so switching mailing lists, and moving 
general to bcc.  :-)

    Some of the information you're proposing in SEvA is already 
handled in the SPDX specification.  https://spdx.github.io/spdx-spec/ 
which has been in development by supply chain participants for 
over 8 years now.

    Its not clear from your proposal if you're planning on using
the SPDX license identifiers to capture the licensing information,
can you clarify this?   Also, have you compared the information 
you're looking to be captured in SEvA with the fields that are 
already in place and standardized on in the specification?

The next rev of the specification will explicitly permit JSON and YAML,
document expression in addition to RDF, tag:value. Prototype translators 
between formats are already in place if you want to experiment. 

If there are fields you're looking to see captured,  that aren't in place already,
Feel free to open an issues on https://github.com/spdx/spdx-spec/issues
with background how it will be used, and where the information should be
derived from. 

Also, if you'd like to have a more interactive discussion,  the tech team
meets weekly[1], and we'd be happy to add you on to the agenda to 
explore collaboration options,  just let us know. 

Looking forward to continuing the discussion. 

Thanks,
Kate 

SPDX tech team co-lead.

   


On Thu, May 3, 2018 at 11:01 AM, John Scott (Ion) <john.scott@...> wrote:
Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

-------------------------------------------
John Scott, President, Ion Channel
 240.401.6574 @johnmscott
www.ionchannel.io

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to
spdx@...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...

You can reach the person managing the list at
spdx-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."


Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


----------------------------------------------------------------------

Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@internal.synopsys.com>
Content-Type: text/plain; charset="utf-8"

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila



Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings



Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation



Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 93, Issue 2
***********************************

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx