Dear all, I'm wondering why https://spdx.org/licenses/Unicode-TOU.html is (still) part of the license list. Could it be deprecated? 1. First of all, the current text of the "Unicode® Copyright and Ter

Dear all The OpenChain Telco Work Group has a meeting today at 17:00 CEST (15:00 UTC). This meeting will be of special interest to anyone working on matters related to SBOMs, as the work group is curr

This month’s presentation will be one of the every popular reports on a Google Summer of Code project: Project Title: NTIA Conformance Checker – Josh Lin Project Abstract: This project implemented an

REA is pleased to announce the general availability of SAG-PM Version 1.2 with support for SPDX V 2.3 and CycloneDX V 1.4. This release satisfies the requirements outlined on OMB memo M-22-18 publishe

Dear SPDX community, As mentioned on a couple of the general calls some time ago, the Steering Committee has been working on a Change Proposal template and process to facilitate communication, priorit

It’s September! Apologies for the late reminder. I just never hit send yesterday. Note that the minutes from August meeting are at the bottome of this email. This month, there will be no special prese

Hi All, Is there any tool to merge two spdx file ? Regards Sandeep

Hi All, Is there any guidelines to sign SPDX file ? Regards Sandeep

Special Presentation this month by Matthew Crawford from Arm: Title A new era for SPDX at Arm, are we ready for change? Let me walk you through the journey of open source software compliance at Arm, f

Jilayne, this is awesome news -- thanks for passing it along! Looking forward to us working with the Fedora community to support them adding SPDX license IDs across the distro. Steve

Hot off the press! Link to blog post of this here: https://communityblog.fedoraproject.org/important-changes-to-software-license-information-in-fedora-packages-spdx-and-more/ Thanks for the support on

Greetings all, The SPDX spec version 2.3 is now available for review at https://spdx.github.io/spdx-spec/v2.3-RC1/. A summary of the changes can be found in the SPEC Annex I. If you identify any issue

I didn’t see this particular topic addressed in the specification (although I’m happy to be correcedt if I missed it), so I thought I’d post and see whether there is a solution that’s commonly used, o

No special presentation this month, so meeting should go shorter than usual. GENERAL MEETING Meeting Time: Thurs, July 7, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock

Hi , What is the license type that needs be used in spdx for 3rd parties with proprietary licenses (e.g., Microsoft)? Regards Sandeep

Howdy, team. In last week’s Outreach call we discussed the lack of “getting started with SPDX” documentation, info that could take someone from Zero to SPDX. Currently it’s really hard for new people

Hi Sandeep, The SPDX Defects working group announced security enhancements to the ExternalReference section of the spec as well as an explanatory Annex about how to include security information in an

No special presentation this month, but I will announce this year’s recently added Member Reps and provide a little review of this aspect of the governance process. GENERAL MEETING Meeting Time: Thurs

Hi , Is there any roadmap to integrate VEX to with SPDX ? Or is there already way in current SPDX specification to integrate vulnerability information ? Regards Sandeep

Hi All, We have requirement to specify End Of Life as part of package information in SBoM , Is there way current SPDX format support this ? Regards Sandeep