SPDX Outreach Meeting 2025-03-31 Alexios Zavras Bob Martin Ilan Schifter Victor Lu Agenda Notes Bob will be unavailable from next Thu (April 9th) till April 27th discussion on signatures

Overview FOSDEM is one of the world's premier meetings of free software developers, with thousands of people attending each year. FOSDEM 2025 will take place on the weekend of 1-2 February 2024 in Brussels. This is the Call for Participation (CfP) in the Software Bill of Materials (SBOM) Devroom at FOSDEM 2025. Details The SBOM Devroom will take place for a full day (09:00-17:00), on Sunday 2 February 2024, and will be an in-person event in a room to be announced later. The SBOM Devroom at FOSDEM is an informal, technical event oriented to authors, users, and enthusiasts of FLOSS programs that produce, consume, or transform SBOMs.

Full proposal content: Proposal title: Software Bill of Materials (SBOM) devroom Notes: This devroom has run the last two years with great success, and we want to host it again in 2025. The number of submissions we received in our CfP in both years was enough to cover almost double the time allocated! We even made the decision to reject any tool-specific presentations, pushing them to a fringe event. Both years we ran almost the whole day in full room capacity (I should mention last year we were unpleasantly surprised when we realized that K.4.401 only had 60 desk seats and 16 chairs in front instead of the advertised size). Language: en

Full proposal content: Proposal title: Software Bill of Materials devroom Notes: After the success of last year's first-ever SBOM devroom, we want to host it again in 2024. Last year we initially had a half-day, but it got extended to a full-day. The number of submissions we received in our CfP was enough to cover almost double the time allocated! We ran almost the whole day in full room capacity. Language: en

SPDX-License-Identifier: Community-Spec-1.0 Summary A mathematically calculated representation of a grouping of data. Description A hash is a grouping of characteristics unique to the result of applying a mathematical algorithm that maps data of arbitrary size to a bit string (the hash) and is a one-way function, that is,

"deb": package manager ... "zlib-1.2.3.tar": software/package (source) name: ... ... "zlib-1.2.3.deb": package

SPDX-License-Identifier: Community-Spec-1.0 Summary Base domain class from which all other SPDX-3.0 domain classes derive. Description An Element is a representation of a fundamental concept either directly inherent to the Bill of Materials (BOM) domain or indirectly related to the BOM domain and necessary for contextually characterizing BOM concepts and relationships. Within SPDX-3.0 structure this is the base class acting as a consistent,

There are many ways to add links to our documentation. Let's see how these are translated when PDF is produced: the most MD-like way, with text pointing to a URL, like look at the SPDX License List spelling out the link after the text, like like at the SPDX License List https://spdx.org/licenses even omitting the text, like look at https://spdx.org/licenses Ideally we would use the first alternative, but we have to have a way for the actual URL to appear in the final (printed) text for ISO, I assume. If this is done automatically, that would be great. Ah, there is also the case that we have internal links to other parts of the documentation.

Dear creator of SPDX-supporting tool, We are reaching out to inform you of the recent major update to the SPDX specification, which has now reached version 3 (SPDXv3). As a valued member of the community that provides tools supporting SPDX, your contribution is essential to the ongoing success and adoption of the standard. With the release of SPDXv3, we are in the process of updating the information on the SPDX website to reflect the latest capabilities and features of the tools that support any version of SPDX. To ensure that your tool is accurately represented and to help users make informed decisions, we kindly request that you submit the updated data for your tool(s) using the online form provided. We want to collect basic information such as the tool name and contact email, as well as more details like supported capabilities, SPDX versions supported, etc. An online form collecting this data is implemented as a GitHub issue submission and can be accessed at the following link: https://github.com/spdx/outreach/issues/new?assignees=&labels=tools&projects=&template=add-tool.yaml&title=%5BTool+Request%5D%3A+

Overview FOSDEM is one of the world's premier meetings of free software developers, with thousands of people attending each year. FOSDEM 2024 will take place on the weekend of 3-4 February 2024 in-person in Brussels. This is the Call for Participation (CfP) in the Software Bill of Materials (SBOM) Devroom at FOSDEM 2024. Details The SBOM Devroom will take place for a full day (09:00-17:00), on Sunday 4 February 2024, and will be an in-person event in a room to be announced later. The SBOM Devroom at FOSDEM is an informal, technical, in-person event oriented to authors, users, and enthusiasts of FLOSS programs that produce, consume, or transform SBOMs.

# Legal Team notes