SPDX General Meeting Minutes - April 7, 2022
- Attendance: 27
- Lead by Phil Odence
- Minutes from last meeting approved.
SPDX in the Yocto Project – Joshua Watt
- Link ot recording will be provides / Link to slides?
- Source, policy, code go intro Bitbake and produce and image for embedded systems
- Recipies contain important SBOM data
- When recipes are process, SPDX docs are produced
- Full support for anything that Yocto can build. Rust & Go are still WIP.
- Note: need to have external references being on LHS of expression - validation tooling issue, as well as implications for runtime SPDX docs. Need to be on LHS & RHS.
- One line in configuation file, to trigger generation. Some knobs to adjust how much is there.
Tech Team Report - Gary/Kate/Thomas
- Meetings have started up, join the mailing list for details.
Core 3.0 Model
- 2.2.2 released in next day, then start pulling in the PRs to 2.3
- Focus of changes will be to fill in gaps that DocFest has identified.
- Planned: Link to Vulnerability Report, relax mandatory inclusion of NOASSERTION licensing, more hash algorithms, ... (must align with 3.0 directions)
New working groups
- Build Profile working group spinning up, starting next week.
- AI Profile working group has started meeting this week, currently going through GAP analysis between desired elements for AI BOM & what's in SPDX today based on work from IBM & IEEE.
- First Canonicalization meeting on 4/15.
- Submission in, project ideas still welcome.
- Students working on proposals.
Legal Team Report - Jilayne/Paul/Steve
- Working on bits of spec for 2.2 & 2.3
- Working on 3.17 of the license list.
Outreach Team Report - Sebastian
- Podcast update - LF is looking to starting podcasting division, to release what's been recorded over last few months.
- GSOC candiates is high, and proposals are starting to come in.
- Microsoft working on a software composition analysis tool - github, component dection.
- Membership -
- SPDX website rebuild to be more under community control.
- Libreplanet talk - recording at
- Phil Odence, Black Duck Audits/Synopsys
- Adrian Diglio
- Alexios Zavras
- Alberto Pianon
- Anthony Harrison
- Bob Martin
- Christopher Lusk
- David Edelsohn
- Dennis Clark
- Gary O'Neall
- Jeff Schutt
- Joshua Watt
- Joshua Marpet - MJM Growth, et al.
- Karan Marjara
- Kate Stewart
- Marc-Ettinne Vargenau
- Mark Atwood
- Matthew Crawford
- Matt Weber (Collins Aerospace)
- Luca Miotto
- Paul Madick
- Sam Ellis
- Sebastian Crane
- Shawn Kilpatrick
- Steven Kilbane
- VM Brasseur (Wipro)
- Brian Fox (Sonatype)