Re: [OpenChain] Knowledge Sharing: Reference guideline for exchanging license information in the supply chain

Shane Coughlan
 

HI Fukuchi San

Very interesting and exciting collaboration. I understand that companies like Fujitsu are actively deploying SPDX.

I think you have already spoken about your activity with Kate. I think the basic note is: if using a cut down version of SDPX the important thing is to have the File Analyzed attribute set to “false”.

I am adding SDPX mailing list to CC.

Regards

Shane

On Jan 11, 2019, at 18:10, <Hiroyuki.Fukuchi@...> <Hiroyuki.Fukuchi@...> wrote:

Hi all,

Yesterday, the subgroup held a face-to-face meeting to discuss SPDX light.
(Members belong to the automotive, consumer electronics and IT industries.)
The outcome is here:
https://github.com/OpenChain-Project/Japan-WG-General/blob/master/License-Info-Exchange/Doc-at-Meeting/Candidate-of-SDPX-light.md

You can see which items in SPDX are being discussed.

---
Hiro Fukuchi (Hiroyuki.Fukuchi@...)
Sony

-----Original Message-----
From: Fukuchi, Hiroyuki (Sony)
Sent: Friday, January 11, 2019 9:27 AM
To: Shane Coughlan <coughlan@...>; Jeff McAffer
<Jeff.McAffer@...>
Cc: OpenChain <openchain@...>;
openchain-japan-wg@...
Subject: RE: [OpenChain] Knowledge Sharing: Reference guideline for
exchanging license information in the supply chain

Hi Jeff-san,

• Is there more detail somewhere on SPDX light?
Now Japan WG is considering the "SPDX light".

The current format under discussion is shared at GitHub:
(An Example of Minimum License Information List (Automotive))
https://github.com/OpenChain-Project/Japan-WG-General/blob/master/Licens
e-Info-Exchange/Doc-at-Meeting/License-Info-list-automotive.md

We will prepare a brief explanation, a sample data and a procedure to produce it.


The concept is:
The target user of "SPDX light" is a supplier who do not have enough knowledge
about SPDX and OSS compliance.
It is easy to use without tool, but having minimum set for compliance and
SPDX-affinity.


---
Hiro Fukuchi (Hiroyuki.Fukuchi@...) Sony

-----Original Message-----
From: openchain-bounces@...
<openchain-bounces@...> On Behalf Of Shane
Coughlan
Sent: Thursday, January 10, 2019 3:56 PM
To: Jeff McAffer <Jeff.McAffer@...>
Cc: OpenChain <openchain@...>;
openchain-japan-wg@...
Subject: Re: [OpenChain] Knowledge Sharing: Reference guideline for
exchanging license information in the supply chain

Hi Jeff!

Great question. The OpenChain Japan WG has adjacent material on
SDPX/FOSSology:
https://www.openchainproject.org/news/2019/01/09/knowledge-sharing-how
- to-use-spdx-and-fossology-from-the-openchain-japan-work-group
(Just announced a couple of minutes ago)

About ClearlyDefined, absolutely. All community projects should align
closely for cross-use and interoperability. Let me hook you up to the
Japan WG (in CC) so you can chat direct about how the reference materials can
be expended.

Regards

Shane

On Jan 10, 2019, at 15:49, Jeff McAffer <Jeff.McAffer@...> wrote:

Looks good Shane. Two questions:
• Is there more detail somewhere on SPDX light?
• Would it make sense for ClearlyDefined to be a Community source
of
license and copyright info?

Jeff


From: openchain-bounces@...
<openchain-bounces@...> On Behalf Of Shane
Coughlan
Sent: Wednesday, January 9, 2019 10:34 PM
To: OpenChain <openchain@...>
Subject: [OpenChain] Knowledge Sharing: Reference guideline for
exchanging
license information in the supply chain

<image001.jpg>
The OpenChain Project Japan Work Group is creating a reference
guideline for
exchanging license information in the supply chain. The basic concept
is that all the entities, suppliers, integrators and OSS communities
exchange license information by SPDX (Software Package Data Exchange),
an open standard for communicating software bill of material information.

Learn More:
• Japan work group:
https://github.com/OpenChain-Project/Japan-WG-General
• SPDX: https://spdx.org/
• REUSE initiative: https://reuse.software/

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan
--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan

Join spdx@lists.spdx.org to automatically receive all group messages.