Note: lists.spdx.org will be down for maintenance on Wednesday, October 5th, starting at 9AM Pacific Time (4PM Wednesday October 5, 2022 UTC), for approximately one hour.
SPDX Outreach Team report for December General Meeting
Since we didn't have time at the SPDX General Meeting today for the
usual team reports, I'm writing to send the Outreach Team's report in
textual form! Feel free to reply if you have any questions about the
activities of the SPDX Outreach Team, or would like to be involved.
# Wikipedia article
We've added a version history section to the article at
https://wikipedia.org/wiki/Software_Package_Data_Exchange with a
version table and explanatory paragraphs (as is the format used in
articles for a lot of other open source projects). Plus, the
disambiguation link that said 'license documentation standard' now
says 'software bill of materials standard'.
Here are a couple of 'perma-links' to the before and after states of
# SBOM Landscape page
At the most recent Outreach Team meeting, we discussed various
categories and taxonomies that could be used in the SBOM Landscape
page we are developing at: https://github.com/spdx/sbom-landscape
We'll be trying to form 'neighbourhoods' of related use-cases such as
attestation, automation etc.
The automated tests for the page are still failing, but builds seem to
work correctly so can continue work on it.
We now have Syft, OSS Review Toolkit, REUSE and Tern listed on the
SBOM Landscape page, and will be adding more in the coming weeks!
# SPDX Podcast
Joshua Marpet has resolved the audio issues, meaning that we can start
recording podcast episodes again.
Joshua is working on an episode with the SPDX Asia Team.
# 'SPDX Ambassadors'
Vicky Brasseur suggested that having an ambassadors programme would be
a good idea, so we are exploring the possibility of having contact
details of SPDX Ambassadors on our main website. This will help
newcomers to quickly contact representatives of SPDX.
I have been in correspondence with a steering committee member of the
Replicant project. Replicant aims to replace proprietary components in
Android, and are looking to improve their source code license
scanning. SPDX SBOMs could be useful in reducing unnecessary
repetition of audits here.
We have had good interaction with the developers of FOSSLight, an open
source license scanner from Logitech. Gary O'Neall and I have been
proactively examining SPDX-related failures in order to help them with
their use of the SPDX Java libraries.
FOSSLight is a top priority for addition to the spdx.dev Open Source
Tools page, as well as the SBOM Landscape!