Re: Clarification on purpose and participation


Karim Ratib <karim.ratib@...>
 

Kim and Daniel,

Thanks for your informative replies. My main interest at this point is
to generate an SPDX from a running Drupal installation, not a source
code repository, if at all feasible - I'll check how Ninka can help
there.

In general, my motivation for exploring the software inventory domain
is not legal as much as it is economically oriented: knowing which
open source packages are used in a project is the first step in
budgeting some resources (money, effort) to go towards those packages'
communities. Being an open source producer/consumer myself, I wish
this was an established practice.

Best,
Karim

On Sat, Sep 3, 2011 at 12:48 PM, D M German <dmg@...> wrote:
 Kim Weins twisted the bytes to say:

 Kim> Their are several commercial tools that do this, but we also feel that open
 Kim> source tools will be critical.  Today there are a couple of OSS tools that
 Kim> can help find and identify open source licenses.  One is FOSSology (created
 Kim> and maintained by HP) which is available at fossology.org.  They are also
 Kim> hosting it at OSU's Open Source Lab.  Another is ninka (
 Kim> http://ninka.turingmachine.org/) which was created by Daniel German.  I've
 Kim> cc'd Daniel -- since you may want to talk to him about some of his
 Kim> experience doing this.  I don't believe FOSSology or Ninka will generate an
 Kim> SPDX file (yet).  We also have some free OSS tools on the spdx.org site that
 Kim> can help you convert a software bill of materials from spreadsheet form into
 Kim> SPDX format.  However that assumes you already have the info about what open
 Kim> source licenses are included.

I wrote some scripts that will actually do a decent job of generating an
SPDX document. The only (challenge|problem) is that Ninka does not recognized
many of the SPDX licenses. here is an example, using Linux as the Guinea pig:

http://turingmachine.org/~dmg/temp/linux-3.0.2.spdx.v0.1

Notice that this is not a true SPDX compliant document:

- It is licensed under the Creative Commons.
- It has some extra tags that I find useful.
- It does not contain a verification code.

--dmg

--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .

Join spdx@lists.spdx.org to automatically receive all group messages.