Merge pull request package-url#515 from package-url/384-add-2025-06-25-minutes

Add minutes for 2025-06-25 PURL community meeting package-url#384

Author: pombredanne

meetings/2025-06-25.md

@@ -0,0 +1,65 @@
+# Agenda for the PURL community meeting on 2025-06-25
+
+- **Host**: Remote
+- **Dates and times**:
+    - 16:00 to 17:00 UTC
+    - 18:00 to 19:00 CEST (Europe/Brussels)
+    - 12:00 to 13:00 EDT (America/New_York)
+    - 09:00 to 10:00 PDT (America/Los Angeles)
+    - 01:00 to 02:00 JST (Tokyo, Japan)
+
+- **Attendee information**:
+    - https://meet.google.com/ryq-aimn-ghd
+    - [Meeting invite](https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=MnFlaXE3a2VqcnJqcTRkN2Vtb2EyMW4xbnRfMjAyNTA2MjVUMTYwMDAwWiBjX2MwODYxYWJlYmRmNjllZjBkZmVjNjgxM2IyN2JmYzdjMjk3ZDU5MThiM2EyZTk3NmZjYTdiYmViMzg1OGE5YjNAZw&tmsrc=c_c0861abebdf69ef0dfec6813b27bfc7c297d5918b3a2e976fca7bbeb3858a9b3%40group.calendar.google.com)
+
+## Agenda items
+- Opening of the meeting and welcome
+- Meetings will follow the Ecma TC54 Code of Conduct https://github.com/Ecma-TC54/tg2/blob/main/CODE_OF_CONDUCT.md
+- Review minutes of the 2025-06-11 meeting – https://github.com/package-url/purl-spec/blob/main/meetings/2025-06-11.md
+- GitHub project board – https://github.com/orgs/package-url/projects/1/views/1
+- Open issues/PRs –  https://docs.google.com/spreadsheets/d/1RKw0XB-xAPsZ09Uzj1W4ycYIvS1BVOyD/
+- Next TG2 meeting rescheduled from July 4 to July 3 due to US holiday
+- Mailing list - see https://github.com/package-url/purl-spec/discussions/488
+
+## Attendees
+- Philippe Ombredanne, creator of PURL, Lead maintainer of AboutCode, TC54-TG2 convener
+- Jon Moroney
+- Jaime Rodríguez-Guerra, Quansight
+- Matt Rutkowski, IBM
+- Michael Herzog, AboutCode
+- John Horan, AboutCode
+
+## Notes
+- Meeting minutes are being kept and will be published, and the meeting will be recorded with Google Meet video and Gemini "note-taking".
+- Our code of conduct (link in agenda above) applies to this meeting.
+- Introductions.
+- Additional agenda items:
+    - Philippe: various announcements, status
+    - John: nothing atm
+    - Jon: nothing atm
+    - Matt: nothing atm
+    - Michael: mailing list, rescheduled July 4 TC54-TG2 mtg (to July 3), June 30 target date status/steps
+    - Jaime:
+        - https://github.com/package-url/packageurl-python/pull/191
+        - https://github.com/package-url/packageurl-python/pull/186
+        - https://github.com/aboutcode-org/univers/pull/157
+- Philippe noted that he joined John Bresser on a 2025-06-23 podcast to discuss PURL.  https://opensourcesecurity.io/2025/2025-06-purl-philippe-ombredanne/
+- Jaime: discussed his 3 PRs with Philippe.
+    - PR 191 (package-url/packageurl-python).  Philippe approved and merged.
+    - PR 186 (package-url/packageurl-python).  Jaime: problem with a `univers` import/reliance (type hints).  He and Philippe discussed and agreed a simple solution was the addition of a `py.typed` file to `univers`.  https://github.com/aboutcode-org/univers/pull/159/files
+    - PR 157 (aboutcode-org/univers).  Philippe said Jaime's proposed changes would be welcome.
+- Michael explained the purpose of the new package-url/community repo https://github.com/package-url/community – for project infrastructure and operational matters, distinct from the governance repo – and provided a link to the PackageURL website issue he'd opened as issue 1.  https://github.com/package-url/community/issues/1
+- Michael discussed the need for a mailing list, e.g., for broader outreach and announcements.  See https://github.com/package-url/purl-spec/discussions/488.  He suggested groups.io and Google Groups as potential options and is looking for feedback.
+- Michael and John are triaging the PURL Ecma-standard v0.90 milestone's issues and PRs, looking to differentiate between discussions and actionable items.  We have added various reports on the milestones to the shared Google Drive purl-spec folder, e.g. PURL Ecma-Standard v0.90 open issues/PRs.  Michael asked John to create a discussion item to document their approach.
+- The group discussed messaging platform candidates, including Slack, Gitter, and Zulip https://zulip.com/.  Matt suggested we pick a single, preferred messaging mechanism and focus on effective calendaring management – keep up-to-date.
+- Based on the 2025-06-20 TC54-TG2 meeting, Michael said he planned to start a Google Document, with Steve Springett's approval, as a target for the actual standard document, which Steve would then convert. Matt inquired about tagging releases or branches for automation purposes.  Matt, Michael and Philippe discussed the need for more programmatic access and tagging.  Matt advocated for a minimalistic approach using Markdown and GitHub issues/PRs for documentation and maintenance, reiterating the need for a tag for stable reference.
+- Michael outlined his plan to break down the current specification to clearly define the scope of the standard and avoid duplication of information, aiming for individual Markdown documents managed in GitHub.  Philippe and Jon discussed Forgejo, noting its adoption by Fedora as a potential replacement for existing systems and its distributed model, which deviates from GitHub's fork and pull request model. The origins and forks of the software (Gitea vs Gogs vs Forgejo) were briefly discussed.
+- Matt: the website requires CI automation – can we provide him with a tag he can use to automate off the tag?  Maybe a tag branch?  Discussed with Philippe and Michael.  Michael: standard vs specification.  Matt: release tags could reflect formal boundaries or even interim status.
+- Matt and Philippe discussed availability of a hosted service.  Philippe suggested AboutCode could potentially shoulder some of the burden, ideally aiming for a distributed model similar to old SourceForge mirrors.
+- Michael returned to focused standard vs. broader specification (containing the standard).  Standard is critical near-term focus.  Philippe will decide which issues to move to discussions.  Michael differentiated between items needed by September 1st (standard) and those by December 1st (like branding), encouraging continued progress on all fronts.
+- Design discussion, e.g., use of some form of pearl as icon for PURL/Package-URL.  Matt suggested that PURL could be treated like YAML, where the acronym itself becomes the name, and proposed a colorized pearl image as a potential icon. Michael recalled previous ideas for imagery, including packages and various animals.  Michael confirmed creating an issue for Matt to work on the website, providing a concrete starting point. Matt will forward it to his developers.
+- Michael noted that the Cyclone DX site served as a reference point for the proposed website layout.
+- Matt asked whether PURL could be used as an identifier for CycloneDX 2.0.  His view: everything that can be represented as a CycloneDX 'component' can be identified with a PURL, even hardware assets.
+    - Matt, Jon, Michael, and Philippe discussed in detail.  Jon: skeptical, including re PURL for hardware – advocated for purpose-built identifiers.  Philippe: there are several other proposals re different uses of PURL, e.g., software vs hardware, open source software vs. proprietary software.  C/C++. Oracle internal use, DNS use.  Jon: how would one represent a PURL for proprietary software, e.g., vendor vs vendor – maybe types is not the right component for this?
+    - Matt reiterated the need to represent hardware assets in a fully compliant stack and suggested PURL could be a valuable identifier to avoid reversing ID boundaries. Jon raised a concern about the impact on consumers of SBOMs if PURL's meaning expands to include hardware, potentially complicating interpretation logic.  Michael suggested that type definitions could address the distinction between software and hardware. Jon questioned how to create a type definition for hardware. Michael proposed "service" as a potential adjacent type to software.  A detailed discussion followed concerning a range of related topics.
+- The meeting was adjourned.