Thursday SPDX General Meeting Reminder

Phil Odence

Hello all,


Max Huber of TNG Technology Consulting will be presenting on Thursday:

  • In this presentation, Max will give a brief update of the recentdevelopment in the Python Tools. It went through a huge refactoring andis now ready for 3.0. Max will also present, how it can be a helpful tool to test assumptions and serializations of SPDX3
  • Max started developing with SPDX more then 7 years ago, when he added SPDX2.0 import and export support to FOSSology. Since then, he is a active member in the SPDX community. He also participates in a lot of compliance tooling projects.

Please note that last meeting’s minutes are not yet “pulled” into GitHub, so I have included at the bottom. 


Also, a reminder that March 15 is the deadline for nominating Leads for the three vacancies, one on each team. And, shortly, a notification will be going out to main points of contact at SPDX member companies to solicit Member Rep nominations in the same timeframe. (See my Feb 15 email for details.)





L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...  






signature_2892046952   signature_4149161518   signature_715487372   signature_2597224942





Meeting Time: Thurs, March 2, 8am PT / 10 am CT / 11am ET / 15:00 UTC.

Conf call dial-in:

Join the meeting:

To join by phone instead, tap this: +1.512.647.1431,,1310118349#

Looking for a different dial-in number?
See meeting dial-in numbers:

If also dialing-in through a room phone, join without connecting to audio:


Etherpad for minutes:


Administrative Agenda


Minutes Approval: At the bottom of this email


Steering Committee Update - Phil


Technical Team Report – Kate/Gary/Others

  • Specification and Profiles
    • Overview
    • Core
    • Legal
    • Integrity
    • Defects
    • Usage and Other Emerging
  • Tooling


Legal Team Report – Jilayne/Paul/Steve


Outreach/Website Team Report – Jack/Sebastian/Alexios





#SPDX General Meeting Minutes - February 2, 2023


  • Lead by Phil Odence
  • Minutes from last meeting approved.

Attendance: 25

Steering Committee Update - Phil

  • Any one have special presenation ideas?
  • Steering Committee membership heads up
  • GSOC
  • Cyclone DX meeting

Tech Team Report - William, Kate

  • SPDX 3.0
    • Core Profile - William/Gary/Kate
      • good progress making it through the remaining model punch list
      • started documenting the spec itself in the SPDX 3 model repo:
      • model up and profile groups are filling in
    • Licensing Profile - Steve/Alexios
    • Security Profile - Thomas/Jeff
    • Build Profile - Brandon/Nisha
    • Usage Profile - Ito/Ninjouji/Asaba/Kobota
    • AI & Dataset Profile - Gopi/Karen/Kate
      • One group, two different profiles
    • Functional Safety - Nicole/Kate
      • Good progress
      • Presentation from Nicole at Fosdem
        • will be streamed
        • May need to add some new types and relationships
    • Canonicalization
    • Serialization
    • Hardware Profile
    • Implementers `* Working on what makes a quality SBOM
  • Tools
    • Python version officially released on PyPI
    • Performance improvements on the Java tooling
    • Good activity and improvements on the Golang tools
    • Rust tools in process
    • Help welcome on all of the above

Legal Team Update - Jilayne/Steve/Paul

  • 3.20 release
    • pushed back to mid Feb (instead of end of Jan)
    • about 40 open issues related to new license requests (lots from Fedora)
    • could use help sorting through
    • how to help is well-documented
  • Change proposal in play

Outreach Team Update - Sebastian/Alexios/Jack

  • Website is in play
    • Proceeding nicely
    • Using a programming environtment called Nix
      • Will allow staging to review changes easily
      • All community members will be able to access this
  • Reviewing charter for team
    • Will run by Steering Committee
    • Next few weeks


  • Alex Rybak (Revenera)
  • Alfred L Strauch
  • Artem Mygaiev
  • Bob Martin
  • Brad Goldring - GTC Law Group
  • Bruce Robertson
  • David Edelsohn, IBM
  • Jari Koivisto, KPMGI
  • Jeff Hart, M2 Technology
  • Jack Manbeck, TI
  • Jilayne Lovejoy, Red Hat
  • Jim Vitrano
  • Joseph Silvia, OrielStat
  • Juliya Rubin
  • Karen Bennet
  • Kate Stewart
  • Mark Atwood, Amazon
  • Mike McDonel, Manifest
  • Phil Odence, Black Duck Audits, Synopsys
  • Sanat Basavaraj Bennur
  • Saul Wold, Wind River
  • Sebastian Crane
  • Steven Carbno , Smart Talk Beacon
  • Trevor Stalnaker, W&M Researcher
  • William Cox, Synopsys