owned this note
owned this note
Published
Linked with GitHub
# Outreach calls minutes
# SPDX Outreach Meeting 2024-12-16
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Gary O'Neall
- Karen Bennet
- Victor Liu
## Agenda
- Go libs
- updates
## Notes
- Go libraries for SPDXv3 not ready yet
- Updates
- FOSDEM
- presentations accepted/rejected
- schedule published
- Open Source Stewards and Maintainers
- OpenSSF establishes working group
- Is SLSA competitive to SPDX?
# SPDX Outreach Meeting 2024-12-02
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Gary O'Neall
- Ilan Schifter
- Victor Liu
## Agenda
- updates
- spec diagrams
- info on other efforts
## Notes
- Updates
- FOSDEM
- Deadline for submissions
- 20+ submissions
- now review
- program to be announced on Dec 15th
- Channels
- Alexios told Sebastian to go ahead and delete unused Matrix and IRC channels
- Ambassadors
- proposal to be submitted to Steering Committee on Jan 7th
- Model diagrams in spec
- Alexios working on them
- Do we need enumeration values?
- No one is in favor
- Alexios to prepare new versions and show them in Tech call
- Other efforts
- Basic Formal Ontology (BFO) https://basic-formal-ontology.org/
- Kubernetes BOM tool
- Request for podcast guest on SPDX by Viktor Petersson
- AR: update presentations list
- Next calls:
- Alexios will be out next week
- No calls during the two weeks of holidays
# SPDX Outreach Meeting 2024-11-25
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Gary O'Neall
## Agenda
- updates: FOSDEM, UO
- LF member summit update
## Notes
- FOSDEM
- deadline end of Nov (this week)
- capstone project
- Univ. of Oregon Comp. Sci. department
- team of 6 students
- LF member summit update
# SPDX Outreach Meeting 2024-11-18
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Gary O'Neall
- Ilan Schifter
## Agenda
- PDF update
- old channels
- SPDX Ambassadors
## Notes
- update on PDF for OMG/ISO
- almost done
- Bob and Alexios meeting Jory on Thursday
- ancient communication channels
- Sebastian wants to hand over Matrix and IRC channel
- ask Kate about IRC / Matrix channels
- two X/twitter accounts: SPDXTeam and SPDX_SBOM
- Ilan is interested in modeling processes
- propose the idea (what, why, how) and depending on the interest a new profile team might be formed
- SPDX Ambassadors
- Steering committee to decide on process and details
- Then run by Outreach team
# SPDX Outreach Meeting 2024-11-04
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Gary O'Neall
- Ilan Schifter
## Agenda
## Notes
- FOSDEM CfP sent to mailing lists
- No feedback from OMG about the spec yet
- Work needed:
- Go over the website to find out what needs updating
- Adoption needs tools; we need to find someone for the Go libraries
- Java and Python are work-in-progress
- Examples of SPDXv3 data
---
# SPDX Outreach Meeting 2024-10-28
- Arthit Suriyawongkul
- Gary O'Neall
## Agenda
- SPDX adoption in tools
- Microsoft SPDX support beyond 2.2
- Write SPDX 2.2 https://github.com/microsoft/sbom-tool
- Read SPDX 2.2 https://github.com/microsoft/component-detection
- If sbom-tool support 2.2.1, it will support German BSI TR-03183 2.0.0
https://github.com/microsoft/sbom-tool/issues/738
https://github.com/microsoft/sbom-tool/issues/537
---
# SPDX Outreach Meeting 2024-10-07
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Ilan Schifter
## Agenda
- PDF versions of the spec
- SPDX website
## Notes
- PDFs of the 3.0.1 spec
- Bob to connect with OMG editor
- She is the final approver of the OMG document
- The ISO document will go to OMG/LF standards people
- Website
- As soon as the spec is out of our hands, we should go through all pages and add mentions and references to SPDXv3
---
# SPDX Outreach Meeting 2024-08-05
- Alexios Zavras
- Bob Martin
- Gary O'Neall
- Ilan Schifter
## Agenda
- Discussion on work on PDF generation
- Ilan's questions
## Notes
- Discussion on work on PDF generation
- Ilan's questions:
- Q: where are the RDF files?
- A: committed in the repo, https://github.com/spdx/spdx-spec/tree/development/v3.0.1/rdf
- Q: I also need descriptions
- A: you can run spec-parser and use the json dump
- Q: anything else missing from the model, like listed licenses
- A: nothing now, there will be a list of crypto algorithms in the future
---
# SPDX Outreach Meeting 2024-08-05
- Alexios Zavras
- Bob Martin
- Gary O'Neall
- Kate Stewart
## Agenda
Discussion on work on PDF generation
## Notes
Discussion on work on PDF generation
---
# SPDX Outreach Meeting 2024-08-05
- Alexios Zavras
- Arthit Suriyawongkul
- Ilan Schifter
- Victor Liu
## Agenda
- Spec updates
- Tools page on website
- Ilan update
## Notes
- Spec updates
- trying to finalize
- Ilan trying to make videos
- duration of a few minutes
- put it to youtube
(to check if SPDX has its own YouTube channel.
The Linux Foundation has one at https://www.youtube.com/@LinuxfoundationOrg )
- Discussion about the Dot tool with Ilan, which can be part of his video
- Relationship between SpdxDocument and Sbom
- The tool should not let the user create ListedLicense,
as they can only be defined in the official SPDX License List.
---
# SPDX Outreach Meeting 2024-07-29
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Gary O'Neall
- Victor Liu
## Agenda
- Tools page on website
- Spec updates
## Notes
- Tools page on website
- missing responses
- create an issue for tracking open source tools
- https://github.com/spdx/outreach/issues/78
- project libraries and tools should appear also on top, before list
- Spec updates
- all contents
- Lite
- There are information differences (for example, in cardinality)
between "Annex H: SPDX Lite" and the Lite Profile.
---
# SPDX Outreach Meeting 2024-07-22
- Alexios Zavras
- Arthit Suriyawongkul
- Bob Martin
- Gary O'Neall
## Agenda
- Spec structure
- Other published documents
- Tools
## Notes
- Spec structure
- will also dicsuss it on tech call tomorrow
- Other published docs
- web presence: think about how to communicate new version
- spdx/using repo: needs updating, after spec
- Tools
- question on slack
- quick reply on issues, if no planned progress/resolution
- Extensions of an SPDX file. OMG needs one extension per one file
---
# SPDX Outreach Meeting 2024-07-15
- Alexios Zavras
- Bob Martin
- Karen Bennet
## Agenda
- spec Production
- tutorial on SBOM per lifecycle
- efforts to record standards and regulations
## Notes
- Spec Production
- waiting for Jason on hierarhy sections
- SBOM types
- as per stages in software lifecycle
- AI group wants presentation
- Bob will do it this Wednesday
- recording requirements of standards/regulations
- document on spdx/using repo
- https://github.com/spdx/using/blob/main/docs/using-SPDX-to-comply-with-industry-guidance.md
- MITRE System of Trust
- https://sot.mitre.org/
---
# SPDX Outreach Meeting 2024-07-08
* Alexios Zavras
* Bob Martin
## Agenda
* Tools update
* Spec PDF production
## Notes
- Tools update
- we still don't have the new setup on web site
- we have got some replie from tools
- we should probably add the information
- Alexios to work with Gary on it
- Alexios workign on the PDF production
- open decisions for hierarchy and numbering
---
# SPDX Outreach Meeting 2024-07-01
## Attendees
* Alexios Zavras
* Bob Martin
## Agenda
* Updates
## Notes
- Alexios workign on the PDF production
- Bob will contact OMG for introductory sections of the spec
---
# SPDX Outreach Meeting 2024-06-24
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Victor Lu
## Agenda
* Update on PDF generation
* Tools responses
* Go libraries
## Notes
* Update on PDF generation
* last week Alexios collaborated with Jason (from OMG) and found a way forward
* Tools responses
* still waiting for LF to provide info on web infrastructure (Zephyr-like)
* one tool to be added to the website
* Go libraries
* GUAC waits for libraries
---
# SPDX Outreach Meeting 2024-06-17
## Attendees
* Alexios Zavras
* Bob Martin
* Victor Lu
## Agenda
* Updates on initiatives
* Updates on OMG production of spec PDF
## Notes
* ECMA has a new Technical Committee [TC54](https://ecma-international.org/technical-committees/tc54/) with two Task Groups, focusing on:
* [Transparency Exchange API](https://ecma-international.org/task-groups/tc54-tg1/), and
* [Package URL](https://ecma-international.org/task-groups/tc54-tg2/)
* working with Jason Smith
* Alexios explained the current production setup via email
* Jason is using LaTeX to generate the output
* short call to be arrnged in the week for sync up
---
# SPDX Outreach Meeting 2024-06-10
## Attendees
* Alexios Zavras
* Bob Martin
## Agenda
* OMG updates
## Notes
* Bob currently in OMG meeting
* talked to Jason Smith, about tool for translating Markdown to PDF
* OMG spec has history of collaboration section
* maybe an informational annex/section
* list of contributors
* Bob to ask about links in documents
* OMG finalization task force also interest in commercial viability
# --- everything below already in https://github.com/spdx/meetings/tree/main/outreach
# SPDX Outreach Meeting 2024-05-13
## Attendees
* Alexios Zavras
* Victor Lu
## Agenda
## Notes
# SPDX Outreach Meeting 2024-04-29
## Attendees
* Alexios Zavras
* Bob Martin
* Karen Bennet
## Agenda
* Letter for tools information
* OSS EU
* OMG review
## Notes
* Letter for tools information
* some of the proprietary tools listed have no contact info
* ask in General call about contact info
* OSS EU
* presentation about SPDX
* ask via the mailing lists about attendance
* decide about f2f event depending on response
* OMG review
* public commenting period ongoing
* June meeting
* mid-June finalization task force (FTF) starts
* report on September
* then to ISO
# SPDX Outreach Meeting 2024-04-22
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Karen Bennet
* Victor Lu
## Agenda
* Conference feedback
* Tools registration
## Notes
* Conference feedback
* Open Source Summit North America
* foss-northy
* LLW
* Tools registration
* online form (GitHub issue template is live)
* draft letter to existing tools
* "with the release of 3.0, provide information"
* fill in [this form](https://github.com/spdx/outreach/issues/new?assignees=&labels=tools&projects=&template=add-tool.yaml&title=%5BTool+Request%5D%3A+)
* feel free to attend SPDX [implementors meeting](https://github.com/spdx/meetings#implementers-group-meetings)
# SPDX Outreach Meeting 2024-04-08
## Attendees
* Alexios Zavras
* Bob Martin
* Gary Armstrong
* Maximilian Huber
* Phil Odence
## Agenda
* SPDX 3.0 release
## Notes
* SPDX 3.0
* Frozen model – for 3.0.0
* Fix security json examples
* Complete specification (besides model) – add annexes (can also be done in 3.0.1)
* Lite Annex
* Migration guide 2->3
* Ontology RDF
* JSON schema
* Specification website
* Specification PDF – not for the announcement
* ODF looking at a tool to automatically generate it from Markdown input
* Examples – a couple present; more nice to have (in JSON)
* Tools
* Decide on a plan/timeline
* Alexios and Bob to reach out and ask for updated data (after announcement)
* Phil and Gary to work on "infrastructure"
* Gary to implement reply form (GitHub issue template)
* Phil to coordinate with LF for Zephyr-like presentation of tools
# SPDX Outreach Meeting 2024-03-04
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Karen Bennet
* Maximilian Huber
* Phil Odence
* Victor Lu
## Agenda
* Tools
## Notes
* Tools
* list of SPDX website
* [Zephyr landscape](https://zephyrproject.org/ecosystem-vendor-offerings/)
* WordPress plugin
* [OpenSSF SBOM landscape](https://hm-seclab.github.io/SBOM-Landscape/)
* GitHub repo (and published pages)
* We can get data from there!
* AR: Gary to create an issue template to collect all data needed
* Calendar(s)
* AR: make it visible in meetings repo
* Next week:
* update timeline for collecting tool data
# SPDX Outreach Meeting 2024-02-26
## Attendees:
- Gary O'Neall
- Phil Odence
- Victor Lu
- Robert Martin
- Karen Bennet
## Minutes
### Discussion on use cases and minutes
- Victor will look into better use case documentation including examples
- We could start with Security - follow-up with Jeff Schutt
- Consider having a technical presentation about GUAC to compliment the user-level presentation previously given.
### Blog post
- Agree to post https://docs.google.com/document/d/1qi4wrKh8IT-U0HNeWcWR5-yMjCUaYCnl0GLnv2ZptYE/edit#heading=h.34i77crh451c - if Kate or Phil can post this week, that would be great. Otherwise, Gary will post next week when back from travels
### Video
- Karen asked if there was budget for a video production on SPDX 3.0
- We have a crowd funded budget that could be used
- Cost would be in the order of magnitude of $1K
# SPDX Outreach Meeting 2024-02-19
## Attendees
* Alexios Zavras
* Victor Lu
## Agenda
* 3.0-rc2
* Outreach discussion (Victor)
## Notes
* 3.0-rc2
* Frozen on Saturday 2024-02-17
* PDF not ready (missing: section and page numbering, etc.)
* Bob in the process of making it by hand
* Outreach
* Slack channel
* Perception
# ----
# SPDX Outreach Meeting 2024-02-12
## Attendees
* Alexios Zavras
* Victor Lu
## Agenda
## Notes
Discussion on SDPX adoption and friendliness
# ----
# SPDX Outreach Meeting 2024-01-22
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Maximilian Huber
* Phil Odence
* Victor Lu
## Agenda
* FOSDEM face-to-face meeting
* new outreach ideas
* Slack channel
* blog post on SPDX
## Notes
* FOSDEM face-to-face meeting
- Friday afternoon, after Philippe's event
- AR: Alexios to email tech list
* Slack channel
- spdx.slack.com not available
- Victor has set up another channel: [invitation to join](https://join.slack.com/t/spdx-sbom/shared_invite/zt-29wnpgtfb-t00cAJnQWyUc9~xaAvwF1A)
* blog post on SPDX
- from developer's view
- SPDX is complicated, scares people away
- easy steps on how to use the tools
- SPDX also has verification features
- we could publish a simpler JSON schema
- we could publish a new version, unrelated (but interoperable)
- there are critical business needs
- may have simpler format, that can be automatically converted to full
# ---
# SPDX Outreach Meeting 2024-01-15
## Attendees
* Alexios Zavras
* Victor Lu
## Agenda
- blog post on SPDXv3
## Notes
# ---
# SPDX Outreach Meeting 2024-01-08
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Maximilian Huber
* Phil Odence
## Agenda
- Request for new tool inclusion
- Industry Advisory Group
- F2F in FOSDEM
## Notes
- addition of new tool
- https://github.com/spdx/outreach/issues/52
- all in favor
- Industry Advisory Group
- shall we have an SPDX group for industry reach-out?
- once a month, external participants
- user view, what hinders adoption/use
- ask what Outreach can do to help
- specific meetings with specific people
- need structure/agenda/...
- Gary will create a propose in email to the outreach team
- Decide in the following outreach meeting if we want to invite others
- face to face in FOSDEM
- probably not in the days of conference (weekend)
- send an email asking for attendance and timeslot preferences
# ---
# SPDX Outreach Meeting 2023-12-18
## Attendees
* Alexios Zavras
* Gary O'Neall
* Phil Odence
## Agenda
- FOSDEM update
- sponsorship request
- Tool inclusion
## Notes
- FOSDEM
- schedule done!
- 17 talks and 2 panels
- emails later this week
- sponsorship request
- Tool inclusion
# ---
# SPDX Outreach Meeting 2023-12-11
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Phil Odence
## Agenda
- Compliance Summit report
- FOSDEM news
- Tool inclusion
- Specification update
## Notes
- Report from Compliance Summit
- Lots of support for SPDX in Asian community
- Huawei interest for OpenEuler
- Bloomberg (Alyssa Wright) also interested; they use CycloneDX currently
- FOSDEM
- CfP closed
- 48 submissions
- Still to come: review, decisions, scheduling
- Tool inclusion
- Max has provided SBOM checking functionality
- if it fails, negative results are also shown
- badges: passed (new) criteria, contributed quick start
- we need dedicated meeting for this
- Update on SPDX specification production
- tooling should be in place for 3.0RC2
- generating HTML pages and PDF (not ISO format)
# ---
# SPDX Outreach Meeting 2023-11-27
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Phil Odence
* Victor Lu
## Agenda
- Tool inclusion
-
## Notes
# ---
# SPDX Outreach Meeting 2023-11-20
## Attendees
* Alexios Zavras
* Bob Martin
* Phil Odence
## Agenda
- Tool inclusion
- FOSDEM
## Notes
- Tool inclusion
- No need to validate input
- have a disclaimer like "Information provided by tools"
- annual check whether info is still accurate
- separate their validation from inclusion process
- bring it to next Steering Committee call, Tue 28 Nov
- FOSDEM
- CfP published
# --- to copy
# SPDX Outreach Meeting 2024-mm-dd
## Attendees
* Alexios Zavras
* Bob Martin
* Gary O'Neall
* Maximilian Huber
* Phil Odence
* Tim Mackey
* Victor Lu
## Agenda
- FOSDEM
- SPDXv3 readiness
## Notes