|
| 1 | +<img src="https://tc54.org/images/ecma.svg" align="right" height="70" alt="Ecma logo" /> <!-- markdownlint-disable-line MD041 --> |
| 2 | + |
| 3 | +# Agenda for the fifteenth meeting of Ecma TC54-TG2 on 2025-04-11 |
| 4 | + |
| 5 | +- **Host**: Remote |
| 6 | +- **Dates and times**: |
| 7 | + - 14:00 to 15:00 UTC |
| 8 | + - 16:00 to 17:00 CEST (Europe/Brussels) |
| 9 | + - 10:00 to 11:00 EDT (America/New_York) |
| 10 | + - 07:00 to 08:00 PDT (America/Los Angeles) |
| 11 | + - 23:00 to 00:00 JST (Tokyo, Japan) |
| 12 | + |
| 13 | +- **Attendee information**: |
| 14 | + - https://meet.google.com/vwc-duqp-hcm |
| 15 | + - [Meeting invite](https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=NzAzNjU3ZTk3NHVzYTRsMjdnaG5jbGVkb2VfMjAyNTAzMjhUMTQwMDAwWiBjX2MwODYxYWJlYmRmNjllZjBkZmVjNjgxM2IyN2JmYzdjMjk3ZDU5MThiM2EyZTk3NmZjYTdiYmViMzg1OGE5YjNAZw&tmsrc=c_c0861abebdf69ef0dfec6813b27bfc7c297d5918b3a2e976fca7bbeb3858a9b3%40group.calendar.google.com&scp=ALL) |
| 16 | + |
| 17 | +## Agenda items |
| 18 | +- Opening, welcome, and roll call (Chair) |
| 19 | +- Review last call minutes: https://github.com/Ecma-TC54/tg2/blob/main/meetings/2025-03-28.md |
| 20 | + |
| 21 | +## Attendees |
| 22 | +- Philippe Ombredanne, creator of PURL, Lead maintainer of AboutCode, TC54-TG2 convener |
| 23 | +- Steve Springett, OWASP Foundation / ServiceNow |
| 24 | +- Jan Kowalleck, CycloneDX, Sovereign Tech Agency, TC54 member |
| 25 | +- Jannis Hermanns, Apple |
| 26 | +- Matt Rutkowski, IBM |
| 27 | +- John Horan, AboutCode |
| 28 | + |
| 29 | +## Notes |
| 30 | +- The meeting is being recorded. Our code of conduct applies to this meeting. |
| 31 | +- Intro by John, preliminary matters, proposed agenda. |
| 32 | +- Minutes from last meeting: approved. |
| 33 | +- Attendees commented on topics they'd like to discuss today. |
| 34 | + - Jan: the new milestones |
| 35 | + - Jannis: nothing atm |
| 36 | + - Matt: nothing atm |
| 37 | + - Steve: roadmap, plus brief VulnCon panel discussion update |
| 38 | + - Philippe: nothing (traveling) |
| 39 | +- Milestones: |
| 40 | + - John briefly described initial thinking re the new set of milestones as placeholders for community members to comment on and improve, ideally beginning to do so in earnest at next week's PURL community meeting rather than at this TC54-TG2 meeting. |
| 41 | + - Jan suggested that we focus as planned on the core spec (and thereafter on vers) and not the existing/new types, which do not need to be included in the milestone structure at all – perhaps no versioning or standardizing of the PURL types. |
| 42 | + - Steve: some in the PURL community will care most about their own PURL types, since that's the part of the community they represent. This call is intended to address the core spec and we just need to make an executive decision. |
| 43 | +- Steve: |
| 44 | + - He was invited to be part of a panel at this week's VulnCon focused on software identifiers. The majority of the participants were from the vulnerability management perspective, not too much enterprise software or anything else – from Mitre, CVE Program, National Vulnerability Database and similar. There were a number of good questions about PURL; and some asked why there was a need for the three current identifier standards (CPE, PURL and Omnibor) – why not a single identifier? In addition, during the panel Steve addressed the suggestion that PURL was only for open source software: PURL is *not* limited to open source software. (https://www.first.org/conference/vulncon2025/program#pSoftware-Identity-in-the-Vulnerability-Management-Ecosystem) |
| 45 | + - Given the nature of the questions and the level of interest, Steve suggested that when we create the Ecma documentation, it is imperative that we include introductory material clearly describing the problem(s) PURL was designed to solve and address some of the other concerns, e.g., from an inventory- or vulnerability-management perspective. We could tackle that at the same time we continue our work on the technical aspects of the core spec. Steve will prepare an initial draft while the core spec work continues. |
| 46 | +- John gave a brief summary of the progress on the core spec, in particular a productive 2025-04-02 PURL community meeting that included updating the 'qualifiers' rules and "Character encoding" section. |
| 47 | +- The meeting was adjourned. |
0 commit comments