Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

SPDX General Meeting Minutes - April 7, 2022


  • Attendance: 27
  • Lead by Phil Odence
  • Minutes from last meeting approved.

SPDX in the Yocto Project – Joshua Watt

  • Link ot recording will be provides / Link to slides?
  • Source, policy, code go intro Bitbake and produce and image for embedded systems
  • Recipies contain important SBOM data
  • When recipes are process, SPDX docs are produced
  • Full support for anything that Yocto can build. Rust & Go are still WIP.
  • Note: need to have external references being on LHS of expression - validation tooling issue, as well as implications for runtime SPDX docs. Need to be on LHS & RHS.
  • One line in configuation file, to trigger generation. Some knobs to adjust how much is there.

Tech Team Report - Gary/Kate/Thomas



  • Meetings have started up, join the mailing list for details.

Core 3.0 Model

  • xxx

2.3 Release

  • 2.2.2 released in next day, then start pulling in the PRs to 2.3
  • Focus of changes will be to fill in gaps that DocFest has identified.
  • Planned: Link to Vulnerability Report, relax mandatory inclusion of NOASSERTION licensing, more hash algorithms, ... (must align with 3.0 directions)

New working groups

  • Build Profile working group spinning up, starting next week.
  • AI Profile working group has started meeting this week, currently going through GAP analysis between desired elements for AI BOM & what's in SPDX today based on work from IBM & IEEE.
  • First Canonicalization meeting on 4/15.



  • Submission in, project ideas still welcome.
  • Students working on proposals.

Legal Team Report - Jilayne/Paul/Steve

  • Working on bits of spec for 2.2 & 2.3
  • Working on 3.17 of the license list.

Outreach Team Report - Sebastian

  • Podcast update - LF is looking to starting podcasting division, to release what's been recorded over last few months.
  • GSOC candiates is high, and proposals are starting to come in.
  • Microsoft working on a software composition analysis tool - github, component dection.
  • Membership -
  • SPDX website rebuild to be more under community control.
  • Libreplanet talk - recording at


  • Phil Odence, Black Duck Audits/Synopsys
  • Adrian Diglio
  • Alexios Zavras
  • Alberto Pianon
  • Anthony Harrison
  • Bob Martin
  • Christopher Lusk
  • David Edelsohn
  • Dennis Clark
  • Gary O'Neall
  • Jeff Schutt
  • Joshua Watt
  • Joshua Marpet - MJM Growth, et al.
  • Karan Marjara
  • Kate Stewart
  • Marc-Ettinne Vargenau
  • Mark Atwood
  • Matthew Crawford
  • Matt Weber (Collins Aerospace)
  • Luca Miotto
  • Paul Madick
  • Sam Ellis
  • Sebastian Crane
  • Shawn Kilpatrick
  • Steven Kilbane
  • VM Brasseur (Wipro)
  • Brian Fox (Sonatype)