spdx@lists.spdx.org | SPDX Goes ISO

Home Messages Hashtags Subgroups

Date Date 1 - 20 of 22

SPDX Goes ISO

Phil Odence #1435 I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits
More All Messages By This Member
Steve Winslow #1436 A big +1 from me. Thank you to all the SPDX contributors and everyone involved in the years-long process of getting the SPDX standard to where it is today, and especially to Kate for her tireless efforts in making it all happen! Steve toggle quoted message Show quoted text On Thu, Sep 9, 2021 at 11:03 AM Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits -- Steve Winslow VP, Compliance and Legal The Linux Foundation swinslow@...
More All Messages By This Member
Dick Brooks #1437 A truly amazing achievement – well done and congratulations to Kate and the entire SPDX and Linux Foundation community that made this happen. So much looking forward to advancing SPDX interoperability via the DocFest event. Thanks, Dick Brooks *Never trust software, always verify and report!* ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 toggle quoted message Show quoted text From: spdx@... <spdx@...> On Behalf Of Steve Winslow Sent: Thursday, September 9, 2021 11:15 AM To: spdx@... Subject: Re: [spdx] SPDX Goes ISO A big +1 from me. Thank you to all the SPDX contributors and everyone involved in the years-long process of getting the SPDX standard to where it is today, and especially to Kate for her tireless efforts in making it all happen! Steve On Thu, Sep 9, 2021 at 11:03 AM Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits -- Steve Winslow VP, Compliance and Legal The Linux Foundation swinslow@...
More All Messages By This Member
Shane Coughlan #1438 Seconded! This is tremendously important for the governance ecosystem. Regards Shane toggle quoted message Show quoted text On Sep 10, 2021, at 0:15, Steve Winslow <swinslow@...> wrote: A big +1 from me. Thank you to all the SPDX contributors and everyone involved in the years-long process of getting the SPDX standard to where it is today, and especially to Kate for her tireless efforts in making it all happen! Steve On Thu, Sep 9, 2021 at 11:03 AM Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits <image001.png> <image002.jpg> <image003.jpg> <image004.jpg> <image005.jpg> -- Steve Winslow VP, Compliance and Legal The Linux Foundation swinslow@...
More All Messages By This Member
Phil Odence #1439 We may quote you on that! From: spdx@... <spdx@...> on behalf of Shane Coughlan <scoughlan@...> Date: Thursday, September 9, 2021 at 9:16 PM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes ISO Seconded! This is tremendously important for the governance ecosystem. Regards Shane toggle quoted message Show quoted text On Sep 10, 2021, at 0:15, Steve Winslow <swinslow@...> wrote: A big +1 from me. Thank you to all the SPDX contributors and everyone involved in the years-long process of getting the SPDX standard to where it is today, and especially to Kate for her tireless efforts in making it all happen! Steve On Thu, Sep 9, 2021 at 11:03 AM Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits <image001.png> <image002.jpg> <image003.jpg> <image004.jpg> <image005.jpg> -- Steve Winslow VP, Compliance and Legal The Linux Foundation swinslow@...
More All Messages By This Member
Richard Purdie #1440 On Thu, 2021-09-09 at 15:02 +0000, Phil Odence via lists.spdx.org wrote: I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials This is great news, very happy to see it and kudos to everyone involved. People may also be interested to know that we just merged SPDX SBOM generation into OpenEmbedded-Core, just before our feature freeze for our October release (3.4). This means that Yocto Project will have SPDX and hence ISO compliant SBOM generation out the box from then and hence on our next LTS planned for April. http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=f1a34a63e44dc444ed213c48bfeab9da1196bfc8 (and following patches) Cheers, Richard
More All Messages By This Member
Shane Coughlan #1441 Please do 🙂 toggle quoted message Show quoted text On Sep 10, 2021, at 19:45, Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: We may quote you on that! From: spdx@... <spdx@...> on behalf of Shane Coughlan <scoughlan@...> Date: Thursday, September 9, 2021 at 9:16 PM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes ISO Seconded! This is tremendously important for the governance ecosystem. Regards Shane On Sep 10, 2021, at 0:15, Steve Winslow <swinslow@...> wrote: A big +1 from me. Thank you to all the SPDX contributors and everyone involved in the years-long process of getting the SPDX standard to where it is today, and especially to Kate for her tireless efforts in making it all happen! Steve On Thu, Sep 9, 2021 at 11:03 AM Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits <image001.png> <image002.jpg> <image003.jpg> <image004.jpg> <image005.jpg> -- Steve Winslow VP, Compliance and Legal The Linux Foundation swinslow@...
More All Messages By This Member
Dick Brooks #1442 I just realized that the DocFest will be demonstrating interoperability of an ISO standard SBOM. Great timing getting the ISO standard status before the 9/16 DocFest. Very cool! Thanks, Dick Brooks *Never trust software, always verify and report!* ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 toggle quoted message Show quoted text From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org Sent: Friday, September 10, 2021 6:45 AM To: spdx@... Subject: Re: [spdx] SPDX Goes ISO We may quote you on that! From: spdx@... <spdx@...> on behalf of Shane Coughlan <scoughlan@...> Date: Thursday, September 9, 2021 at 9:16 PM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes ISO Seconded! This is tremendously important for the governance ecosystem. Regards Shane On Sep 10, 2021, at 0:15, Steve Winslow <swinslow@...> wrote: A big +1 from me. Thank you to all the SPDX contributors and everyone involved in the years-long process of getting the SPDX standard to where it is today, and especially to Kate for her tireless efforts in making it all happen! Steve On Thu, Sep 9, 2021 at 11:03 AM Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits <image001.png> <image002.jpg> <image003.jpg> <image004.jpg> <image005.jpg> -- Steve Winslow VP, Compliance and Legal The Linux Foundation swinslow@...
More All Messages By This Member
Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) #1443 Since the standard was not developed by ISO itself, will the standard be publicly available at https://standards.iso.org/ittf/PubliclyAvailableStandards/ ? I think it should. Do we know? Marc-Etienne toggle quoted message Show quoted text From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org Sent: Thursday, September 9, 2021 5:03 PM To: SPDX-general <spdx@...> Subject: [spdx] SPDX Goes ISO I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits
More All Messages By This Member
Zachary Fetters #1444 This is wonderful news! Congrats to Kate and everyone else who had a hand in this! Hopefully this means wider adoption and growth for the future! Zachary Fetters Freelance graphic/web designer. Twitter · LinkedIn · Polywork · GitHub ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, September 9th, 2021 at 11:02 AM, Phil Odence via lists.spdx.org <phil.odence=synopsys.com@...> wrote: toggle quoted message Show quoted text I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits publickey - zachfett@protonmail.com - 0xA7ED608A.asc publickey - zachfett@protonmail.com - 0xA7ED608A.asc signature.asc signature.asc
More All Messages By This Member
Alexios Zavras #1445 I guess it will… The OpenChain one took a couple of months to appear, though, so I don’t know how quickly this gets updated. -- zvr toggle quoted message Show quoted text From: spdx@... <spdx@...> On Behalf Of Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) Sent: Friday, 10 September, 2021 16:40 To: spdx@... Cc: Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) <marc-etienne.vargenau@...> Subject: Re: [spdx] SPDX Goes ISO Since the standard was not developed by ISO itself, will the standard be publicly available at https://standards.iso.org/ittf/PubliclyAvailableStandards/ ? I think it should. Do we know? Marc-Etienne From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org Sent: Thursday, September 9, 2021 5:03 PM To: SPDX-general <spdx@...> Subject: [spdx] SPDX Goes ISO I’m pleased to announce that SPDX is now ISO/IEC 5962:2021. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials Best regards, Phil L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... https://www.synopsys.com/audits Intel Deutschland GmbH Registered Address: Am Campeon 10, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
More All Messages By This Member
Henk Birkholz #1446 "I guess it will..." does not sound very reassuring, to be honest 🤠 So will it definitely become an "ISO Publicly Available Standard" and is that just a question of time? Viele Grü0e, Henk toggle quoted message Show quoted text On 13.09.21 09:23, Alexios Zavras wrote: I guess it will… The OpenChain one took a couple of months to appear, though, so I don’t know how quickly this gets updated. -- zvr From: spdx@... <spdx@...> On Behalf Of Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) Sent: Friday, 10 September, 2021 16:40 To: spdx@... Cc: Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) <marc-etienne.vargenau@...> Subject: Re: [spdx] SPDX Goes ISO Since the standard was not developed by ISO itself, will the standard be publicly available at https://standards.iso.org/ittf/PubliclyAvailableStandards/ <https://standards.iso.org/ittf/PubliclyAvailableStandards/> ? I think it should. Do we know? Marc-Etienne From:spdx@... <mailto:spdx@...> <spdx@... <mailto:spdx@...>> On Behalf Of Phil Odence via lists.spdx.org Sent: Thursday, September 9, 2021 5:03 PM To: SPDX-general <spdx@... <mailto:spdx@...>> Subject: [spdx] SPDX Goes ISO I’m pleased to announce that SPDX is now ISO/IEC 5962:2021 <https://urldefense.com/v3/__https:/www.iso.org/standard/81870.html__;!!A4F2R9G_pg!IzcEk2nRZUdfzZmQ8bT_tVgInVURy_PWptKdAupJoT8av2upo-tStlSbY_4GqlpA$>. Many people have worked hard over the last decade to get us to this point. Big credit goes to my Steering Committee colleagues who have all been instrumental. And we should recognize that this was all Kate’s brainchild. I believe it was Fall of 2009 when she started informally socializing the idea of a standard SBOM format at Linux Foundation events. Not too long thereafter, in the then single weekly meeting, early participants began debating whether it should be SPDE, ultimately deciding “X” at the end would be catchier. And now it’s officially caught. Here’s the LF press release: http://www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials <https://urldefense.com/v3/__http:/www.linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials__;!!A4F2R9G_pg!IzcEk2nRZUdfzZmQ8bT_tVgInVURy_PWptKdAupJoT8av2upo-tStlSbY89Cvfim$> Best regards, Phil ** L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 \| phil.odence@... <mailto:phil.odence@...> https://www.synopsys.com/audits <https://www.synopsys.com/audits> SIG-emailsig-2020 signature_653089988<https://www.linkedin.com/showcase/sw_integrity/>signature_1312878970<https://twitter.com/SW_Integrity>signature_1721301777<https://www.youtube.com/channel/UC0I_hKR1E-Ty0roBUEQN4Ww>signature_106429426<https://www.facebook.com/SynopsysSoftwareIntegrity> Intel Deutschland GmbH Registered Address: Am Campeon 10, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de> Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
More All Messages By This Member
Michael Richardson #1447 It now costs CHF198 to buy. This is the ISO way, and I think it's literally criminal. As in: violates UN Charter of Human Rights. If it doesn't wind up on the Publically Available Standards list, then I think it's just been killed as a specification. No open source person is going to buy the document. signature.asc signature.asc
More All Messages By This Member
William Bartholomew #1448 I’ll defer to Phil or Kate for an official answer, but my understanding is that SPDX will continue to publish the specification directly from the SPDX project to the community, but certain versions will be also published as ISO standards (the first being 2.2.1 which is materially the same as what’s published on the SPDX site today). William toggle quoted message Show quoted text On 9/13/21, 11:34 AM, "spdx@..." <spdx@...> wrote: It now costs CHF198 to buy. This is the ISO way, and I think it's literally criminal. As in: violates UN Charter of Human Rights. If it doesn't wind up on the Publically Available Standards list, then I think it's just been killed as a specification. No open source person is going to buy the document.
More All Messages By This Member
Phil Odence #1449 I believe that is correct. It seems an odd systems, but as I understand it, it’s not unusual to have free and paid for versions of specs with the same content. Openchain is, I believe, and example of same. From: spdx@... <spdx@...> on behalf of William Bartholomew via lists.spdx.org <iamwillbar=github.com@...> Date: Monday, September 13, 2021 at 2:43 PM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes ISO I’ll defer to Phil or Kate for an official answer, but my understanding is that SPDX will continue to publish the specification directly from the SPDX project to the community, but certain versions will be also published as ISO standards (the first being 2.2.1 which is materially the same as what’s published on the SPDX site today). William toggle quoted message Show quoted text On 9/13/21, 11:34 AM, "spdx@..." <spdx@...> wrote: It now costs CHF198 to buy. This is the ISO way, and I think it's literally criminal. As in: violates UN Charter of Human Rights. If it doesn't wind up on the Publically Available Standards list, then I think it's just been killed as a specification. No open source person is going to buy the document.
More All Messages By This Member
Kate Stewart #1450 The content that went into the standard is the same as what is in our github repo today, and a pretty version is at: https://spdx.github.io/spdx-spec/. The sources for the 2.2.1 are at: https://github.com/spdx/spdx-spec that fed into the review process. There's some editorial changes we incorporated into the ISO spec after the review, but nothing substantive, and we're working on a plan right now to capture those in SPDX 2.2.2 release. Net: the ISO version of the specification has some specific formatting requirements that ISO requests us to follow (document structure, table numbering, etc.), but the actual fields are publicly available either at the web link or the github repo directly. SPDX is a living standard that is evolving with open participation in the SPDX tech mailing list and calls. Issues and pull requests are encouraged and welcome as we continue to evolve to SPDX 3.0. Once we solidify on the next set of changes, we may decide to submit to ISO, but it's being worked on in the github repo first. Kate toggle quoted message Show quoted text On Mon, Sep 13, 2021 at 1:34 PM Michael Richardson <mcr@...> wrote: It now costs CHF198 to buy. This is the ISO way, and I think it's literally criminal. As in: violates UN Charter of Human Rights. If it doesn't wind up on the Publically Available Standards list, then I think it's just been killed as a specification. No open source person is going to buy the document.
More All Messages By This Member
Matija Šuklje #1451 Congratulations! This is indeed a massive step for the software world, and hopefully not just in terms of license compliance! hip hip hurrah! Matija -- gsm: tel:+386.41.849.552 www: https://matija.suklje.name xmpp: matija.suklje@... sip: matija_suklje@...
More All Messages By This Member
Phil Odence #1452 Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX. From: spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...> Date: Tuesday, September 14, 2021 at 10:31 AM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes ISO Congratulations! This is indeed a massive step for the software world, and hopefully not just in terms of license compliance! hip hip hurrah! Matija -- gsm: tel:+386.41.849.552 www: https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$ xmpp: matija.suklje@... sip: matija_suklje@...
More All Messages By This Member
Dick Brooks #1453 Phil, Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber risk, i.e. C-SCRM, whereas license management is a Legal/Financial risk. The use of SBOM for license legal risk management is indeed a good practice, but it is not required to satisfy NTIA minimal SBOM requirements for EO 14028. Thanks, Dick Brooks *Never trust software, always verify and report!* ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 toggle quoted message Show quoted text From: spdx@... <spdx@...> On Behalf Of Phil Odence via lists.spdx.org Sent: Tuesday, September 14, 2021 11:53 AM To: spdx@... Subject: Re: [spdx] SPDX Goes ISO Thanks, Matija. Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX. From: spdx@... <spdx@...> on behalf of Matija Šuklje <matija@...> Date: Tuesday, September 14, 2021 at 10:31 AM To: spdx@... <spdx@...> Subject: Re: [spdx] SPDX Goes ISO Congratulations! This is indeed a massive step for the software world, and hopefully not just in terms of license compliance! hip hip hurrah! Matija -- gsm: tel:+386.41.849.552 www: https://urldefense.com/v3/__https://matija.suklje.name__;!!A4F2R9G_pg!JDcVm_7nX5ihf6dF-lq5bEdOjwvrwPFEsQEyBY11L-icpBRYY7c2OV2t2w8ajmFojgc$ xmpp: matija.suklje@... sip: matija_suklje@... NTIA_SBOM_MIN.jpg
More All Messages By This Member
Matija Šuklje #1454 Die 14. 09. 21 et hora 17:52 Phil Odence via lists.spdx.org scripsit: Absolutely not just license compliance. Security too is a big driver and an important part/direction of SPDX. I know. I’m just excited by the prospect of synergies and more use of SPDX in the wild! I can already see how the wider community would start working together on joint SPDX documents, fixing issues together, nesting/referring existing SPDX documents for subcomponents in the SPDX documents of the wider codebase instead of re-scanning the whole thing over and over again …ah, may the dreams finally become true! :) cheers, Matija -- gsm: tel:+386.41.849.552 www: https://matija.suklje.name xmpp: matija.suklje@... sip: matija_suklje@...
More All Messages By This Member

1 - 20 of 22

Previous Topic Next Topic

Home Hashtags Subgroups Terms