# Outreach calls minutes # SPDX Outreach Meeting 2024-11-04 - Alexios Zavras - Arthit Suriyawongkul - Bob Martin - Gary O'Neall - Ilan Schifter ## Agenda ## Notes - FOSDEM CfP sent to mailing lists - No feedback from OMG about the spec yet - Work needed: - Go over the website to find out what needs updating - Adoption needs tools; we need to find someone for the Go libraries - Java and Python are work-in-progress - Examples of SPDXv3 data --- # SPDX Outreach Meeting 2024-10-28 - Arthit Suriyawongkul - Gary O'Neall ## Agenda - SPDX adoption in tools - Microsoft SPDX support beyond 2.2 - Write SPDX 2.2 https://github.com/microsoft/sbom-tool - Read SPDX 2.2 https://github.com/microsoft/component-detection - If sbom-tool support 2.2.1, it will support German BSI TR-03183 2.0.0 https://github.com/microsoft/sbom-tool/issues/738 https://github.com/microsoft/sbom-tool/issues/537 --- # SPDX Outreach Meeting 2024-10-07 - Alexios Zavras - Arthit Suriyawongkul - Bob Martin - Ilan Schifter ## Agenda - PDF versions of the spec - SPDX website ## Notes - PDFs of the 3.0.1 spec - Bob to connect with OMG editor - She is the final approver of the OMG document - The ISO document will go to OMG/LF standards people - Website - As soon as the spec is out of our hands, we should go through all pages and add mentions and references to SPDXv3 --- # SPDX Outreach Meeting 2024-08-05 - Alexios Zavras - Bob Martin - Gary O'Neall - Ilan Schifter ## Agenda - Discussion on work on PDF generation - Ilan's questions ## Notes - Discussion on work on PDF generation - Ilan's questions: - Q: where are the RDF files? - A: committed in the repo, https://github.com/spdx/spdx-spec/tree/development/v3.0.1/rdf - Q: I also need descriptions - A: you can run spec-parser and use the json dump - Q: anything else missing from the model, like listed licenses - A: nothing now, there will be a list of crypto algorithms in the future --- # SPDX Outreach Meeting 2024-08-05 - Alexios Zavras - Bob Martin - Gary O'Neall - Kate Stewart ## Agenda Discussion on work on PDF generation ## Notes Discussion on work on PDF generation --- # SPDX Outreach Meeting 2024-08-05 - Alexios Zavras - Arthit Suriyawongkul - Ilan Schifter - Victor Liu ## Agenda - Spec updates - Tools page on website - Ilan update ## Notes - Spec updates - trying to finalize - Ilan trying to make videos - duration of a few minutes - put it to youtube (to check if SPDX has its own YouTube channel. The Linux Foundation has one at https://www.youtube.com/@LinuxfoundationOrg ) - Discussion about the Dot tool with Ilan, which can be part of his video - Relationship between SpdxDocument and Sbom - The tool should not let the user create ListedLicense, as they can only be defined in the official SPDX License List. --- # SPDX Outreach Meeting 2024-07-29 - Alexios Zavras - Arthit Suriyawongkul - Bob Martin - Gary O'Neall - Victor Liu ## Agenda - Tools page on website - Spec updates ## Notes - Tools page on website - missing responses - create an issue for tracking open source tools - https://github.com/spdx/outreach/issues/78 - project libraries and tools should appear also on top, before list - Spec updates - all contents - Lite - There are information differences (for example, in cardinality) between "Annex H: SPDX Lite" and the Lite Profile. --- # SPDX Outreach Meeting 2024-07-22 - Alexios Zavras - Arthit Suriyawongkul - Bob Martin - Gary O'Neall ## Agenda - Spec structure - Other published documents - Tools ## Notes - Spec structure - will also dicsuss it on tech call tomorrow - Other published docs - web presence: think about how to communicate new version - spdx/using repo: needs updating, after spec - Tools - question on slack - quick reply on issues, if no planned progress/resolution - Extensions of an SPDX file. OMG needs one extension per one file --- # SPDX Outreach Meeting 2024-07-15 - Alexios Zavras - Bob Martin - Karen Bennet ## Agenda - spec Production - tutorial on SBOM per lifecycle - efforts to record standards and regulations ## Notes - Spec Production - waiting for Jason on hierarhy sections - SBOM types - as per stages in software lifecycle - AI group wants presentation - Bob will do it this Wednesday - recording requirements of standards/regulations - document on spdx/using repo - https://github.com/spdx/using/blob/main/docs/using-SPDX-to-comply-with-industry-guidance.md - MITRE System of Trust - https://sot.mitre.org/ --- # SPDX Outreach Meeting 2024-07-08 * Alexios Zavras * Bob Martin ## Agenda * Tools update * Spec PDF production ## Notes - Tools update - we still don't have the new setup on web site - we have got some replie from tools - we should probably add the information - Alexios to work with Gary on it - Alexios workign on the PDF production - open decisions for hierarchy and numbering --- # SPDX Outreach Meeting 2024-07-01 ## Attendees * Alexios Zavras * Bob Martin ## Agenda * Updates ## Notes - Alexios workign on the PDF production - Bob will contact OMG for introductory sections of the spec --- # SPDX Outreach Meeting 2024-06-24 ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Victor Lu ## Agenda * Update on PDF generation * Tools responses * Go libraries ## Notes * Update on PDF generation * last week Alexios collaborated with Jason (from OMG) and found a way forward * Tools responses * still waiting for LF to provide info on web infrastructure (Zephyr-like) * one tool to be added to the website * Go libraries * GUAC waits for libraries --- # SPDX Outreach Meeting 2024-06-17 ## Attendees * Alexios Zavras * Bob Martin * Victor Lu ## Agenda * Updates on initiatives * Updates on OMG production of spec PDF ## Notes * ECMA has a new Technical Committee [TC54](https://ecma-international.org/technical-committees/tc54/) with two Task Groups, focusing on: * [Transparency Exchange API](https://ecma-international.org/task-groups/tc54-tg1/), and * [Package URL](https://ecma-international.org/task-groups/tc54-tg2/) * working with Jason Smith * Alexios explained the current production setup via email * Jason is using LaTeX to generate the output * short call to be arrnged in the week for sync up --- # SPDX Outreach Meeting 2024-06-10 ## Attendees * Alexios Zavras * Bob Martin ## Agenda * OMG updates ## Notes * Bob currently in OMG meeting * talked to Jason Smith, about tool for translating Markdown to PDF * OMG spec has history of collaboration section * maybe an informational annex/section * list of contributors * Bob to ask about links in documents * OMG finalization task force also interest in commercial viability # --- everything below already in https://github.com/spdx/meetings/tree/main/outreach # SPDX Outreach Meeting 2024-05-13 ## Attendees * Alexios Zavras * Victor Lu ## Agenda ## Notes # SPDX Outreach Meeting 2024-04-29 ## Attendees * Alexios Zavras * Bob Martin * Karen Bennet ## Agenda * Letter for tools information * OSS EU * OMG review ## Notes * Letter for tools information * some of the proprietary tools listed have no contact info * ask in General call about contact info * OSS EU * presentation about SPDX * ask via the mailing lists about attendance * decide about f2f event depending on response * OMG review * public commenting period ongoing * June meeting * mid-June finalization task force (FTF) starts * report on September * then to ISO # SPDX Outreach Meeting 2024-04-22 ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Karen Bennet * Victor Lu ## Agenda * Conference feedback * Tools registration ## Notes * Conference feedback * Open Source Summit North America * foss-northy * LLW * Tools registration * online form (GitHub issue template is live) * draft letter to existing tools * "with the release of 3.0, provide information" * fill in [this form](https://github.com/spdx/outreach/issues/new?assignees=&labels=tools&projects=&template=add-tool.yaml&title=%5BTool+Request%5D%3A+) * feel free to attend SPDX [implementors meeting](https://github.com/spdx/meetings#implementers-group-meetings) # SPDX Outreach Meeting 2024-04-08 ## Attendees * Alexios Zavras * Bob Martin * Gary Armstrong * Maximilian Huber * Phil Odence ## Agenda * SPDX 3.0 release ## Notes * SPDX 3.0 * Frozen model – for 3.0.0 * Fix security json examples * Complete specification (besides model) – add annexes (can also be done in 3.0.1) * Lite Annex * Migration guide 2->3 * Ontology RDF * JSON schema * Specification website * Specification PDF – not for the announcement * ODF looking at a tool to automatically generate it from Markdown input * Examples – a couple present; more nice to have (in JSON) * Tools * Decide on a plan/timeline * Alexios and Bob to reach out and ask for updated data (after announcement) * Phil and Gary to work on "infrastructure" * Gary to implement reply form (GitHub issue template) * Phil to coordinate with LF for Zephyr-like presentation of tools # SPDX Outreach Meeting 2024-03-04 ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Karen Bennet * Maximilian Huber * Phil Odence * Victor Lu ## Agenda * Tools ## Notes * Tools * list of SPDX website * [Zephyr landscape](https://zephyrproject.org/ecosystem-vendor-offerings/) * WordPress plugin * [OpenSSF SBOM landscape](https://hm-seclab.github.io/SBOM-Landscape/) * GitHub repo (and published pages) * We can get data from there! * AR: Gary to create an issue template to collect all data needed * Calendar(s) * AR: make it visible in meetings repo * Next week: * update timeline for collecting tool data # SPDX Outreach Meeting 2024-02-26 ## Attendees: - Gary O'Neall - Phil Odence - Victor Lu - Robert Martin - Karen Bennet ## Minutes ### Discussion on use cases and minutes - Victor will look into better use case documentation including examples - We could start with Security - follow-up with Jeff Schutt - Consider having a technical presentation about GUAC to compliment the user-level presentation previously given. ### Blog post - Agree to post https://docs.google.com/document/d/1qi4wrKh8IT-U0HNeWcWR5-yMjCUaYCnl0GLnv2ZptYE/edit#heading=h.34i77crh451c - if Kate or Phil can post this week, that would be great. Otherwise, Gary will post next week when back from travels ### Video - Karen asked if there was budget for a video production on SPDX 3.0 - We have a crowd funded budget that could be used - Cost would be in the order of magnitude of $1K # SPDX Outreach Meeting 2024-02-19 ## Attendees * Alexios Zavras * Victor Lu ## Agenda * 3.0-rc2 * Outreach discussion (Victor) ## Notes * 3.0-rc2 * Frozen on Saturday 2024-02-17 * PDF not ready (missing: section and page numbering, etc.) * Bob in the process of making it by hand * Outreach * Slack channel * Perception # ---- # SPDX Outreach Meeting 2024-02-12 ## Attendees * Alexios Zavras * Victor Lu ## Agenda ## Notes Discussion on SDPX adoption and friendliness # ---- # SPDX Outreach Meeting 2024-01-22 ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Maximilian Huber * Phil Odence * Victor Lu ## Agenda * FOSDEM face-to-face meeting * new outreach ideas * Slack channel * blog post on SPDX ## Notes * FOSDEM face-to-face meeting - Friday afternoon, after Philippe's event - AR: Alexios to email tech list * Slack channel - spdx.slack.com not available - Victor has set up another channel: [invitation to join](https://join.slack.com/t/spdx-sbom/shared_invite/zt-29wnpgtfb-t00cAJnQWyUc9~xaAvwF1A) * blog post on SPDX - from developer's view - SPDX is complicated, scares people away - easy steps on how to use the tools - SPDX also has verification features - we could publish a simpler JSON schema - we could publish a new version, unrelated (but interoperable) - there are critical business needs - may have simpler format, that can be automatically converted to full # --- # SPDX Outreach Meeting 2024-01-15 ## Attendees * Alexios Zavras * Victor Lu ## Agenda - blog post on SPDXv3 ## Notes # --- # SPDX Outreach Meeting 2024-01-08 ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Maximilian Huber * Phil Odence ## Agenda - Request for new tool inclusion - Industry Advisory Group - F2F in FOSDEM ## Notes - addition of new tool - https://github.com/spdx/outreach/issues/52 - all in favor - Industry Advisory Group - shall we have an SPDX group for industry reach-out? - once a month, external participants - user view, what hinders adoption/use - ask what Outreach can do to help - specific meetings with specific people - need structure/agenda/... - Gary will create a propose in email to the outreach team - Decide in the following outreach meeting if we want to invite others - face to face in FOSDEM - probably not in the days of conference (weekend) - send an email asking for attendance and timeslot preferences # --- # SPDX Outreach Meeting 2023-12-18 ## Attendees * Alexios Zavras * Gary O'Neall * Phil Odence ## Agenda - FOSDEM update - sponsorship request - Tool inclusion ## Notes - FOSDEM - schedule done! - 17 talks and 2 panels - emails later this week - sponsorship request - Tool inclusion # --- # SPDX Outreach Meeting 2023-12-11 ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Phil Odence ## Agenda - Compliance Summit report - FOSDEM news - Tool inclusion - Specification update ## Notes - Report from Compliance Summit - Lots of support for SPDX in Asian community - Huawei interest for OpenEuler - Bloomberg (Alyssa Wright) also interested; they use CycloneDX currently - FOSDEM - CfP closed - 48 submissions - Still to come: review, decisions, scheduling - Tool inclusion - Max has provided SBOM checking functionality - if it fails, negative results are also shown - badges: passed (new) criteria, contributed quick start - we need dedicated meeting for this - Update on SPDX specification production - tooling should be in place for 3.0RC2 - generating HTML pages and PDF (not ISO format) # --- # SPDX Outreach Meeting 2023-11-27 ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Phil Odence * Victor Lu ## Agenda - Tool inclusion - ## Notes # --- # SPDX Outreach Meeting 2023-11-20 ## Attendees * Alexios Zavras * Bob Martin * Phil Odence ## Agenda - Tool inclusion - FOSDEM ## Notes - Tool inclusion - No need to validate input - have a disclaimer like "Information provided by tools" - annual check whether info is still accurate - separate their validation from inclusion process - bring it to next Steering Committee call, Tue 28 Nov - FOSDEM - CfP published # --- to copy # SPDX Outreach Meeting 2024-mm-dd ## Attendees * Alexios Zavras * Bob Martin * Gary O'Neall * Maximilian Huber * Phil Odence * Tim Mackey * Victor Lu ## Agenda - FOSDEM - SPDXv3 readiness ## Notes