Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add September General meeting minutes #776

Merged
merged 1 commit into from
Oct 15, 2024
Merged

Add September General meeting minutes #776

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 109 additions & 0 deletions general/2024/2024-09-05.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
# SPDX General Meeting Minutes- 2024-09-05

## Administrative
- Approve meeting minutes from last month: https://github.com/spdx/meetings/pull/772
- Approved

## Presentation: Dots - A Visual Editing Tool Designed to Help Newcomers Get Started Quickly with SPDX-3
- Presenter: Ilan schifter
- Dots tool: github.com/condots/dots
- Dots is a visual editing tool designed to help newcomers get started quickly with SPDX 3. It can be used for creating, editing and exploring SPDX documents.
- Ilan found SPDX through general SBOM experience -- difficult to force cdx to be a graph and describe the software supply chain this way and eventually found SPDX
- A graphical SBOM authoring tool. A user can select from a menu to create an object of a class, add values to its properties, and also add relationship between objects.
- Dots starts empty - loads the latest ontology - parses it, creates the class definitions
- Enforces requirements of the spec (i.e. created date in CreationInfo)
- Shows issues when requirements not met/missing object property/missing edge
- If you want to drag an edge to an instance that you created - it will show you potential connections when dragging around in the WebUI
- Everytime we have a new spec version, dots will load ontology and everything works - why there’s no history
- Can get a preview of what an element/node will look like once it’s exported to SBOM format
- Can upload an SBOM to the tool and it will render in the Dots UI
- Datatypes can be enforced through the interface, for example for date time datatype, the input interface for that property will be a date time picker.
- Mandatory property that is still missing will be shown in red border. Its parent object will also have a red dot at the corner.

## Tech Team Report
- Publishing of 3.0.1 & working through SPDX & OMG review cycles.

### AI / Dataset Profiles Team - Karen/Gopi
- Working group meetings each Wednesday at 3pm EST (again) with once a month meeting with Far East members
- 3.1 discussions underway: Prompts, RAGs, Agents/Human-Computer Interaction, Impact checklist, cwe/threat strategy
- Potential for collaboration with Security, Functional Safety and Operation profiles and several new realtionships (like mitigatedBy, tunedOn, etc)
- SPDX AI/Dataset 3.0.1 Whitepaper - technical review completed, ediitorial review underway
- SPDX AI/Dataset video underway - target for Linux Europe
- Several members created a workshop called AIware Leadership Bootcamp in Toronto, Canada (Nov 3-8, 2024), to dive deep into LLM/AI-powered software, explore cutting-edge research, and gain hands-on experience https://www.aiwarebootcamp.io/

### Build Profile Team - Brandon/Nisha
- No updates

### Functional Safety Team - Nicole/Kate
- Modeling discussions continue
- Working through representations of Evidence
- Clarification between hazards and risks
- New relationship of "MitigatedBy" - need to discuss with Security team
- Exploration of roles on relationships

### Hardware Team - Steven/Alfred/Kate
- Working through Cube-Sat reference example
- Introduced concept of Roles and discussing implications
- Exploration of Systems as it's own class

### Implementers Team - Rose
- Mostly questions from Ilan on SPDX 3.0 :)

### Licensing Profile Team - Jilayne/Steve
- No updates

### Lite Profile Team - Ito/Ninjouji/Asaba/Kobota
- No update

### Operations Team - Matthew/Marcel/Ummo
- Working branch for draft: https://github.com/spdx/spdx-3-model/tree/profile-operations
- Working on translating the previous hierarchical draft into class descriptions
- Potential for collaboration with Security profile on AssessmentRelationship

### Security Profile Team - Jeff/Rose
- No update, no meetings happening at this time

### Serialization Team - Joshua Watt
- No update

### Software as a Service Team – Gary
- No new updates - looking to restart meetings after 3.0.1 release

## Legal Team Update - Jilayne/Steve
- 3.25.0 released - 9 new licenses, see https://github.com/spdx/license-list-XML/releases/tag/v3.25.0 for details

## Outreach Team - Alexios/Bob
- New tools page has been rolled out at: https://spdx.dev/use/spdx-tools/
- If favorite tool isn't there - please file an issue: https://github.com/spdx/outreach/issues/new/choose
- Working toward 3.0.1


## General Announcements
- SPDX 3.0.1 review window closed. Waiting to hear back from OMG and then we’ll be doing the tagging for it.
- Those in Vienna for OSS - let Alexios know, as coordinating SPDX get together.


## Attendees (22)
- Agustin Benito
- Alfred L Strauch
- Arthit Suriyawongkul
- Gary O'Neall
- Ilan Schifter
- Jeff Brewster
- Jilayne Lovejoy
- Jim Vitrano
- Karen Bennet, IEEE, ISO
- Karsten Klein
- Kate Stewart
- Marc-Etienne Vargenau, Nokia
- Matti
- Michael Herzog
- Phil Odence, Black Duck
- Robert Martin
- Rose Judge
- Sandra Hermoso Rodriguez
- Sandy Wambold
- Steve Winslow
- Steven Carbno
- Timo
- Ummo Schwarting