[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Meeting Minutes 10/16

Hi everyone, here are notes from our meeting earlier today, copied below for convenience.

October 16, 2019

Attendees (please make corrections):

Philippe-Emmanuel Douziech

David Nalley

Brian Russell

Brian Lorenc

Ido Green

Kate Stewart

Bryan Sullivan

Gerald Heidenreich

Kay Williams

Santiago Torres Arias

William Cox

Gàry O'Neall



  • Housekeeping
    • Record meeting
      • Not possible this week
      • Only the host (William Bartholomew) can record
      • Can we modify settings for the zoom meeting so that others can record?
    • Welcome new members (Steve Springett, Ido Green, Gàry O'Neall)
      • Kay to work with Bob Martin to add Gary
    • Face to Face Meeting(s)
      • Longer Conference Call Week of Nov 4?
        • One week ahead of 11/11 submission
        • Keep in mind for working group members
      • Nov 18 in SanDiego (CD Summit/Kubecon)?
        • Opportunity to meet; Kay exploring meeting locations
      • Dec 10/11 in Long Beach CA (OMG Technical Meeting)
        • Half day on 10th/full day on 11th
        • Dec 9 - presentation to OMG Architecture Board
        • Dec 12 - Architecture Board meets again
  • User scenarios (here) - Kay (filling in for William Bartholomew)
    • Philippe-Emmanuel provided guidance
    • Brian Russell, William Bartholomew, Kay to meet next week and further refine
  • SPDX 3.0 Update - Kate Stewart
    • William Bartholomew presented SBOM-friendly SPDX 3.0 at weekly tech meeting
      • Remove requirements on licensing
      • Add concepts including the following
        • Signing
        • Ways of describing people, companies (identity)
        • Partial consumption of external SBOM (take a file out of another package)
        • Enhance concept of annotations – attach structured data to different entities in the SBOM
      • Split into profiles (base, licensing, security, etc.)
  • Model (here) ( Philippe-Emmanuel Douziech
    • Generated documents (generated so as to remain in sync)
      • generated_3T-SBOM-EMS.docx: the word description of the model
      • generated_3T-SBOM-EMS.xmi: the representation in xmi format of the model
      • with the following evolutions since last Wednesday
        • finer-grain modeling of pedigree information
        • proposition to keep licensing information to a “simple” SPDX license _expression_
        • proposition to keep fewer relation type than SPDX (when there are pairs of reversed relationships)
    • Non-standard representation of the model, for illustration purposes only
      • 3T-SBOM-EMS-classAttributeOrganization.png: classes only
      • 3T-SBOM-EMS-classEnumarationAssociation.png: classes, enumerations, associations
      • Still looking for a solution to generate the standard UML diagram as an SVG file (so far, the tool I used have a watermark “unregistered” or “community edition” as I don’t have a commercial edition of an UML modeler) 
  • Plan for next week
    • Review Scenarios, Model, Specification