At some point we will start fleshing out the actual information model. I propose we use the SPDX license list as the basis for that portion of the information model. To my knowledge, all existing SBOM formats use this list as their basis so it's uncontroversial but I would like to get agreement before spending time actually making the information model. So I drafted an FAQ to capture the agreement (presuming we'll agree).
I, Duncan Sparrell, move that PR #52 (an FAQ where the license list comes from) be approved, and request that if seconded via this list, and no objections received via this list within one week (ie by 25-Oct-2024 7 PM Eastern) , that the motion automatically carry and the maintainers may merge the PRs at their convenience.
------------------------------
Duncan Sparrell
Chief Cyber Curmudgeion
sFractal Consulting LLC
Oakton VA
703-828-8646
------------------------------