Date   
Thursday SPDX General Meeting Reminder

Phil Odence
 

I will not be available for this month’s meeting, but the show must go on.

Phil

 

GENERAL MEETING

 

Meeting Time: Thurs, Nov, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:   https://wiki.spdx.org/view/General_Meeting/Minutes/2019-10-03

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack not available

 

Any Cross Functional Issues –All

 

 

Seeking public comments for the OpenChain specification ISO format version 2.1

Mark Gisi
 

We are seeking public comments for the next version of OpenChain specification which will conclude on December 10th.

 

For those new to the specification  - The OpenChain project has developed  a specification that defines a core set of requirements that a trusted open source compliance program is expected to satisfy.   To obtain a better understanding of the goals and the context in which the specification was developed before providing feedback, you can review the following FAQ list.

 

The big change over the current 2.0 version was reformatting the document layout into one acceptable for ISO submission and adoption.  Other than very minor clarification edits, the content has largely remained unchanged. If a company is conformant with version 2.0 - they would remain conformant with 2.1.

 

The current draft is available at:

   https://wiki.linuxfoundation.org/_media/openchain/openchainspec-2.1.draft.pdf

 

Past readers of the spec might find the marked up version useful:

   https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.1.draft.MarkUp.pdf    

 

You can send feedback via:

·        the Mailing list: the list;

·        the issues wiki: issues list; or

·        replying to me directly if you wish to remain anonymous (mark.gisi@...)

 

best,

Mark

 

Mark Gisi | Wind River | Director, IP & Open Source

Tel (510) 749-2016 | Fax (510) 749-4552

 

SPDX General Meeting 2019 - Moving Nov Meeting

Phil Odence
 

The Nov General Meeting is moving out a week due to conflicts for most of the Core team.

I also have a conflict on the 14th, so someone else will chair in my stead.

Phil  


*****


I’m extending this recurring meeting to run through 2019. Please accept so it is updated on your calendar, however no need to send a response to me.



New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:
https://www.uberconference.com/room/spdxteam



MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions


Re: Thursday SPDX General Meeting Reminder

J Lovejoy
 

Hi Vladimir,

We don't record the general meetings, but there are minutes, which are logged here:

https://wiki.spdx.org/view/General_Meeting/Minutes

Thanks,
Jilayne
SPDX legal team co-lead

On 10/1/19 8:42 AM, Vladimir Sitnikov wrote:
Are the recordings available somewhere?

I happen to be somewhat interested in SPDX (especially the licensing part of the spec), however, the meeting time does not always work for me.

Vladimir


SPDX Oct General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-10-03

 

General Meeting/Minutes/2019-10-03

< General Meeting‎ | Minutes

·         Attendance: 10

·         Lead by Kate Stewart

·         Minutes of Sept. meeting approved 

 

Contents

 [hide

·         1 Legal Team – Steve

·         2 Tech Team Report - Kate

·         3 Outreach Team Report - Jack

·         4 Cross Functional

·         5 Attendees

Legal Team – Steve

·         Working on the next release – 3.7

·         Looking for volunteers to put together the XML and test files

·         Targeting next week

·         Small release

·         Trend – licenses that don’t strictly follow the open source definition (e.g. source available but some proprietary restrictions)

·         Discussion on whether these should be included and update the license inclusion principles – more information available at https://github.com/spdx/license-list-XML/issues/925

·         Looking to make a decision early in the 3.8 release

Tech Team Report - Kate

·         SPDX Lite

·         Changes are added as a pull request and will likely be accepted soon

·         Security fields to be added in 2.2

·         Working with Uday on a Google Doc which will be turned into a pull request

·         Coordinating with Todo group and others

·         Looking at adjusting the minimum required fields to allow for security use cases without all the licensing

·         General support for reducing the number of mandatory fields

·         Steve will bring to the legal team the discussion on removing the of the mandatory legal related fields

·         GSoC – completed, all students passed

·         SPDX Tool updates which include the GSoC contributions are all checked in

·         Plan to update the spdxtools website within the next 2 weeks

·         Amazon will start using the namespace features soon

·         Request to add specification for the namespace

·         Mark agreed and will create a pull request

·         The license ID web page can also be updated

Outreach Team Report - Jack

·         Survey

·         Working on summarizing the survey results

Cross Functional

·         Several compliance and SPDX related talks planned for the Open Source Summit Europe in Lyon at the end of the month

Attendees

·         Steve Winslow, LF

·         Gary O’Neall, SourceAuditor

·         Jack Manbeck, TI

·         Mark Atwood, Amazon

·         Paul Madick, Dimension Data

·         Nisha Kumar, VMWare

·         Rose Judge, VMWare

·         Matija Šuklje

·         William Bartholomew, Github

·         Dave McLoghlin, Rogue Wave

 

Re: Thursday SPDX General Meeting Reminder

Vladimir Sitnikov
 

Are the recordings available somewhere?

I happen to be somewhat interested in SPDX (especially the licensing part of the spec), however, the meeting time does not always work for me.

Vladimir

Thursday SPDX General Meeting Reminder

Phil Odence
 

We are still trying to line up a presentation from one of the GSoC students who has not yet presented; that’s up in the air.

 

I will not be able to join so one of the other Core Team members will host.

 

Best regards,

Phil

 

GENERAL MEETING

 

Meeting Time: Thurs, Oct 3, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:   https://wiki.spdx.org/view/General_Meeting/Minutes/2019-09-05

  

 

Possible GSoC Presentations

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

Re: In favour of what are §4.9–4.11 deprecated?

Matija ?uklje
 

On nedelja, 28. julij 2019 22:15:26 CEST, Gary O'Neall wrote:
[G.O.] The idea is that there would be a package definition. It could be in a separate SPDX document, or more likely, as a separate SPDX package definition within the same SPDX document. The originating package definition could have the FilesAnalyzed set to false which allows for a rather small number of required fields. The origin could then be indicated by a relationship between the file and the package.
I see. Is there already any tooling available to make this actually usable in practice? Sw360, DejaCode?


cheers,
Matija

P.S. Sorry about the late reply, I had a lot going on in the past few weeks/months.
--
gsm: tel:+386.41.849.552
www: https://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...

Re: SPDX Survey Results

Ian Kelling
 

Shane Coughlan <@shane_coughlan> writes:

Hello all!

33 responses to our survey!
https://docs.google.com/forms/d/1uhYUlCwQ59ZveqSsGC_0h1OxRLYRb1OZprfRHVNYfys/edit#responses

Looking good.

Shall we start sharing on social media? If we all take a show, and include a link to the survey, I think we can get some more useful data.

Regards

Shane
Hello all!

33 responses to our survey!
https://docs.google.com/forms/d/1uhYUlCwQ59ZveqSsGC_0h1OxRLYRb1OZprfRHVNYfys/edit#responses

Looking good.

Shall we start sharing on social media? If we all take a show, and include a link to the survey, I think we can get some more useful data.

Regards

Shane
Surveys are great, but there's one important problem with this one. In
order to fill out your survey even read the complete questions, it
requires downloading and running the google docs proprietary software in
a browser which excludes people like myself who choose to avoid running
proprietary software whenever possible.

Background information about proprietary software in your browser:
https://www.gnu.org/philosophy/javascript-trap.en.html.

There are many reasons why it seems wrong to require people to run
nonfree software to contribute, I hope its fairly obvious, I can list
some if it isn't.

--
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7 DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org

Re: Adding a new opendata-focus license?

J Lovejoy
 

Hi Bastien,

The process for requesting a new license be added to the SPDX License List is documented here: https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md (and happy to get your feedback on the documentation of the process!)

By the way - It looks like you sent this to the general mailing list, not the legal mailing list, as this got caught up in our filter. I have released it (obviously), but you might want to make sure you are actually on the legal mailing list here: https://lists.spdx.org/g/spdx-legal (and I’m replying to both lists, but bcc the general list, as we try to keep specific topics to the specific lists)

Thanks!

Jilayne
SPDX legal team co-lead

On Sep 4, 2019, at 2:57 AM, Bastien <bastien.guerry@...> wrote:

Dear all,

I'm working for Etalab, the mission for promoting and coordinating
Open Data publications in the french public sector.

The most commonly used license for french open data is the "Open
License", published and maintained by Etalab.  Roughly speaking, it is
equivalent to a CC-by 4.0.  You can read it here:

https://www.etalab.gouv.fr/wp-content/uploads/2018/11/open-licence.pdf

What is the process to ask and get a SPDX identifier for this license?

I am sorry if the question has been raised before, I have been on this
list since a few months only.

Thanks in advance for any answer!

Cheers,

--
Bastien Guerry




Adding a new opendata-focus license?

Bastien
 

Dear all,

I'm working for Etalab, the mission for promoting and coordinating
Open Data publications in the french public sector.

The most commonly used license for french open data is the "Open
License", published and maintained by Etalab. Roughly speaking, it is
equivalent to a CC-by 4.0. You can read it here:

https://www.etalab.gouv.fr/wp-content/uploads/2018/11/open-licence.pdf

What is the process to ask and get a SPDX identifier for this license?

I am sorry if the question has been raised before, I have been on this
list since a few months only.

Thanks in advance for any answer!

Cheers,

--
Bastien Guerry

SPDX General Meeting 2019 (updated conference link)

Phil Odence
 

Uberconference changed their platform; I’ve updated the link below.

Please accept this recurring meeting.

Thanks,

Phil


*****


I’m extending this recurring meeting to run through 2019. Please accept so it is updated on your calendar, however no need to send a response to me.



New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:
https://www.uberconference.com/room/spdxteam



MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions


SPDX Sept General Meeting Minutes

Phil Odence
 

General Meeting/Minutes/2019-09-05

< General Meeting‎ | Minutes

·         Attendance: 17

·         Lead by Phil Odence

·         Minutes of Aug meeting approved 

 

Contents

 [hide

·         1 Special Presentations - Hiro Fukuchi, Sony

·         2 Tech Team Report - Gary

·         3 Legal Team Report - Jilayne/Paul/Steve

·         4 Outreach Team Report - Jack

·         5 Cross Functional -

·         6 Attendees

Special Presentations - Hiro Fukuchi, Sony[edit]

·         SPDX- Lite

·         Open Chain Japan Work Group

·         Member companies- Toyota, Denso, Panasonic, Pioneer, Sony, Fujitsu, Olympus, Renesas

·         Common Problem- Can’t get OSS information from suppliers (HW vendors, ODMs, SOC, partners…in Asia (China/Taiwan) and Japan

·         They don’t have complete information

·         Don’t have the tools to generate and evaluate

·         SPDX Lite is part of guidelines

·         Fits in at a fairly high level of maturity

·         OpenChain - “Making Process”

·         SPDX (and OSS tooling) - “Improving Process”

·         Most suppliers are at low levels of maturity

·         Looking not to fork, but to expand usage of SPDX Lite

·         Lite Description

·         Subset of SPDX

·         Minimum requirement

·         Can be manually generated

·         Proved in actual business use

·         Scenarios

·         1 Unskilled suppliers

·         Useful at a lower level of maturity than SPDX requires

·         2 Non-engineering Staff

·         More understandable by Legal and Procurement staff.

·         Skilled suppliers would still use full SPDX

·         OpenChain compliant suppliers would be sophisticated enough

·         Question: Is SPDX Lite fully SPDX compliant

·         Yes, all mandatory fields are included in SPDX Lite plus some of the optional fields may be included.

Tech Team Report - Gary[edit]

·         Spec

·         Being worked in a GitHub repo

·         Set up for pull requests for 2.2

·         Anyone who has ideas or proposed changes, please submit as a pull request

·         One in place is SPDX Lite

·         Proposal is as an Appendix

·         Thought is a profile for a specific use case

·         Could be first of a number of profiles

·         Tools

·         Successful conclusion to GSoC

·         All passed

·         A number of new libraries including Python, Golang

·         Mentors and students were great

·         Record number of projects

·         Challenge now is integrating and putting into production

·         All legal team tools have been submitted as pull requests

·         Should be up and running in a month or so.

Legal Team Report - Jilayne/Paul/Steve[edit]

·         Legal Team License Submittal Demo (GSoC)

·         Video and minutes available

·         Need to update contribution instructions

·         Team call today

·         License List

·         3.7 release at end of month

·         Fewer licenses in release that some recents

·         Recent discussions have been more high level on principles than specific licenses

 

Outreach Team Report - Jack[edit]

·         Survey

·         Has been out for a few months

·         37 responses so far

·         Will make one more pass

·         Looking at presenting at Gen Meeting in Nov

·         Philipe has been talking to the Python community about using SPDX License IDs and expressions in Python package manifest

·         Could be a model for other communities

·         …some of which have been using formally or informally

·         Potentially high leverage

·         RUST and Go are using sporadically

Cross Functional -[edit]

·         None

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Steve Winslow, LF

·         Gary O’Neall, SourceAuditor

·         Jack Manbeck, TI

·         Nicolas Toussaint, Orange

·         Mark Atwood, Amazon

·         Jilayne Lovejoy, Canonical

·         Hiro Fukuchi, Sony

·         Shinsuke Kato, Panasonic

·         Philippe Ombrédanne- nexB

·         Michael Herzog, NexB

·         Patrice-Emmanuel Schmitz, Trasys International, European Commission

·         Richard Fontana, Red Hat

·         Mark Baushke, Juniper

·         Paul Madick, Dimension Data

·         Nisha Kumar, VMWare

·         David Marr, Qualcomm

 

Re: Thursday SPDX General Meeting Reminder...with interesting guest presentations.

Hiro Fukuchi
 

Hi all,

 

Thank you for the meeting.

I would like to send my slides.

 

 

---

Hiro Fukuchi (Hiroyuki.Fukuchi@...)

Sony

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence
Sent: Wednesday, September 4, 2019 10:15 PM
To: spdx@...
Cc: Fukuchi, Hiroyuki (Sony) <Hiroyuki.Fukuchi@...>
Subject: [spdx] Thursday SPDX General Meeting Reminder...with interesting guest presentations.

 

“SPDX Lite”- Hiroyuki Fukuchi from Sony will present a proposal from the OpenChain Japan Workgroup on a slimmed down version of an SPDX doc. Big thanks to Fukuchi-san for joining us at this hour which is not very convenient for him.

 

We may also have another GSoC presentation; still working on that.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Sept 5, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:   https://wiki.spdx.org/view/General_Meeting/Minutes/2019-08-01

  

 

GSoC Presentations

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

Re: meeting now

J Lovejoy
 

https://www.uberconference.com/room/spdxteam works without login - FYI for anyone still trying to get in!

On Sep 5, 2019, at 9:05 AM, J Lovejoy <opensource@...> wrote:

Hi,

Is anyone else having trouble getting into Uberconference?  It seems to want a login now, which has never been the case before…

Jilayne



meeting now

J Lovejoy
 

Hi,

Is anyone else having trouble getting into Uberconference? It seems to want a login now, which has never been the case before…

Jilayne

Thursday SPDX General Meeting Reminder...with interesting guest presentations.

Phil Odence
 

“SPDX Lite”- Hiroyuki Fukuchi from Sony will present a proposal from the OpenChain Japan Workgroup on a slimmed down version of an SPDX doc. Big thanks to Fukuchi-san for joining us at this hour which is not very convenient for him.

 

We may also have another GSoC presentation; still working on that.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Sept 5, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:   https://wiki.spdx.org/view/General_Meeting/Minutes/2019-08-01

  

 

GSoC Presentations

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

Re: SPDX Survey Results

Shane Coughlan
 

Exactly! :)

On 4 Sep 2019, at 08:47, J Lovejoy <opensource@...> wrote:

Very cool, Shane!

When you say sharing, do you mean to share the results so far, but also a link to the survey to collect more results? (I think another push might get some more folks to fill it out, if we all spread the word.)

Jilayne

On Sep 3, 2019, at 4:37 PM, Shane Coughlan <@shane_coughlan> wrote:

Hello all!

33 responses to our survey!
https://docs.google.com/forms/d/1uhYUlCwQ59ZveqSsGC_0h1OxRLYRb1OZprfRHVNYfys/edit#responses

Looking good.

Shall we start sharing on social media? If we all take a show, and include a link to the survey, I think we can get some more useful data.

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: @shane_coughlan
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan


Re: SPDX Survey Results

J Lovejoy
 

Very cool, Shane!

When you say sharing, do you mean to share the results so far, but also a link to the survey to collect more results? (I think another push might get some more folks to fill it out, if we all spread the word.)

Jilayne

On Sep 3, 2019, at 4:37 PM, Shane Coughlan <@shane_coughlan> wrote:

Hello all!

33 responses to our survey!
https://docs.google.com/forms/d/1uhYUlCwQ59ZveqSsGC_0h1OxRLYRb1OZprfRHVNYfys/edit#responses

Looking good.

Shall we start sharing on social media? If we all take a show, and include a link to the survey, I think we can get some more useful data.

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: @shane_coughlan
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan



Re: SPDX Survey Results

Gary O'Neall
 

Great information - very insightful.

Thanks Shane!

+1 on sharing on social media.

Gary

-----Original Message-----
From: spdx@... <spdx@...> On Behalf Of Shane
Coughlan
Sent: Tuesday, September 3, 2019 3:38 PM
To: spdx@...
Subject: [spdx] SPDX Survey Results

Hello all!

33 responses to our survey!
https://docs.google.com/forms/d/1uhYUlCwQ59ZveqSsGC_0h1OxRLYRb1OZprf
RHVNYfys/edit#responses

Looking good.

Shall we start sharing on social media? If we all take a show, and include
a link
to the survey, I think we can get some more useful data.

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: @shane_coughlan
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan