Date
1 - 2 of 2
Spdx Digest, Vol 93, Issue 2
John Scott (Ion) <john.scott@...>
Hi All,
Sorry for getting on the call late.
For comment: https://github.com/ion-channel/SEVA
We recently released this Spec.
SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.
Our clients would like all evidence to be portable so it can move with a piece of software thru an organization.
We could talk about it next month
-------------------------------------------
John Scott, President, Ion Channel
240.401.6574 @johnmscott
< john.scott@... >
On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:
Send Spdx mailing list submissions to
spdx@...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...
You can reach the person managing the list at
spdx-owner@...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."
Today's Topics:
1. May SPDX General Meeting Minutes (Phil Odence)
----------------------------------------------------------------------
Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@...>
Content-Type: text/plain; charset="utf-8"
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03
General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila
Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings
Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation
Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>
------------------------------
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
End of Spdx Digest, Vol 93, Issue 2
***********************************
Kate Stewart
Hi John,
Thanks,
Thanks for reaching out! I think this discussion is best handled
with the tech team so switching mailing lists, and moving
general to bcc. :-)
Some of the information you're proposing in SEvA is already
handled in the SPDX specification. https://spdx.g
which has been in development by supply chain participants for
over 8 years now.
Its not clear from your proposal if you're planning on using
the SPDX license identifiers to capture the licensing information,
can you clarify this? Also, have you compared the information
you're looking to be captured in SEvA with the fields that are
already in place and standardized on in the specification?
The next rev of the specification will explicitly permit JSON and YAML,
document expression in addition to RDF, tag:value. Prototype translators
between formats are already in place if you want to experiment.
If there are fields you're looking to see captured, that aren't in place already,
Feel free to open an issues on https://github.com/spdx/spd
with background how it will be used, and where the information should be
derived from.
Also, if you'd like to have a more interactive discussion, the tech team
meets weekly[1], and we'd be happy to add you on to the agenda to
explore collaboration options, just let us know.
Looking forward to continuing the discussion.
Thanks,
Kate
SPDX tech team co-lead.
On Thu, May 3, 2018 at 11:01 AM, John Scott (Ion) <john.scott@...> wrote:
Hi All,Sorry for getting on the call late.For comment: https://github.com/ion-channel/SEVA We recently released this Spec.
SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.Our clients would like all evidence to be portable so it can move with a piece of software thru an organization.We could talk about it next month
------------------------------------------- John Scott, President, Ion Channel240.401.6574 @johnmscott< john.scott@... >On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:
Send Spdx mailing list submissions to
spdx@...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...
You can reach the person managing the list at
spdx-owner@...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."
Today's Topics:
1. May SPDX General Meeting Minutes (Phil Odence)
------------------------------------------------------------ ----------
Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@internal. synopsys.com>
Content-Type: text/plain; charset="utf-8"
https://wiki.spdx.org/view/General_Meeting/Minutes/2018- 05-03
General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/ view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/ 2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/ Minutes/2018-05-03#Guest_ Presentation.2C_Automating_ Governance_with_SPDX-_Yev_ Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/ Minutes/2018-05-03#Tech_Team_ Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/ 2018-05-03#Outreach_Team_ Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/ 2018-05-03#Legal_Team_Report_- _Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/ Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title= General_Meeting/Minutes/2018- 05-03&action=edit§ion=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila
Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title= General_Meeting/Minutes/2018- 05-03&action=edit§ion=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings
Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_ Meeting/Minutes/2018-05-03& action=edit§ion=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_ Meeting/Minutes/2018-05-03& action=edit§ion=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation
Attendees[edit<https://wiki.spdx.org/index.php?title= General_Meeting/Minutes/2018- 05-03&action=edit§ion=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/ 20180503/d3816c4f/attachment. html>
------------------------------
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
End of Spdx Digest, Vol 93, Issue 2
***********************************
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
