Date   

SPDX Reminder about Thursday General Meeting with special guest star!

Philip Odence
 

Special “guest" speaker this month is Camille Moulin, from Inno3, a French open source consultancy. 
Camille will go through an abbreviated version of a talk he did at FOSDEM about SPDX and dependency managers:
Handling of licensing information in dependency managers (NPM, Composer et alii): how they can benefit from SPDX licence list and license expressions, and how they can be used as a simple application case to project SPDX licence expression future evolutions. 
Please let me know if you would be willing to give a 10 minute presentation in a future call on your organization’s use of SPDX or some other SPDX-related topic.


GENERAL MEETING

Meeting Time: Thurs, March 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed


Administrative Agenda
Attendance


Special Presentation – Camille 


Technical Team Report – Kate 


Legal Team Report – Jilayne


Business Team Report – Jack


Cross Functional Issues - Phil



L. Philip Odence
VP/General Manager, Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 211, Burlington MA 01803
Phone: 781.425.4479, Mobile: 781.258.9502
Skype: philip.odence


Feb SPDX General Meeting Minutes

Philip Odence
 


General Meeting/Minutes/2016-02-04

  • Attendance: 11
  • Lead by Kirsten Newcomer
  • Minutes of previous meeting were not reviewed

Special Presentation - Jack Manbeck[edit]

  • Jack spoke about Texas Instrument’s (TI) process for generating and content of the manifest (attribution) file. Below are my notes from the presentation. Jack, please send corrections as needed!!
  • Jack shared an example file in HTML format. There is a section for licenses and TI is considering replacing this section with an SPDX document showing file-level data. 
  • TI considered using the yocto integration to generate SPDX files, but the output was too big. They decided to scale back and start with the project and a more narrow scope.
  • The goal is for any engineer to be able to generate an SPDX document. Which means tooling that is easy to use and integrated with multiple build tools and / or CI tools. It also needs to run on multiple platforms. 
  • There are a series of steps in the TI process
    • Grab OSS and evaluate for use. It doesn’t make sense to generate SPDX at this time although you need some of that info to evaluate the open source. But things that SPDX requires change too quickly, such as location of the file, checksum (bug fixes to file).
    • So, it makes more sense to generate the SPDX file when you’re ready to ship
    • Then you have to edit the doc; it’s not usable as is, in part due to incomplete copyright strings, or possibly extracted license text
    • If files need to be edited, or the code needs to be re-built, the SPDX file needs to be re-generated and then re-edited. So, a tool that retains and re-applies previous edits that still apply is very much needed.
    • Would like to share / re-use generated SPDX docs, but the best way to share isn’t clear.
    • TI is looking at SPDX 2.0 and considering whether relationships between generated SPDX docs can help
    • Don’t want to have to use multiple tools for compliance and SPDX
    • Consider SPDX to be a good supplement to their manifest file but doesn’t replace it.
    • They still need to vet the process and polish
    • Jack mentioned a copyright snippet example where the output was not good enough. They’re evaluating different tools to use. They like the SPDX tools from UNO. 
    • They’d like, in some cases, to provide file by file list which could be done through a link to SPDX doc. 
    • They’re looking at Fossology and SPDX plugin. Also mentioned that it would be nice to get an idea of license spread at the beginning. 
  • Matt mentioned additional tools built by UNO, including DoSocks (spelling?) and Gary’s maven plugin which generates SPDX docs based on maven POM content. 
  • Kate mentioned Fossology 3.0 and Deb sources as well as FOSDEM and notion of a shared database of SPDX documents. 
  • Matt said that the UNO tools don’t store SPDX docs but instead store the data so the docs can be generated when required. Jack sees this as the right approach.
  • TI’s plan is to first build a repeatable process and then they can do more to enhance it. The checksum in SPDX documents is a challenge because files change right up to the last minute. 
  • Dave Marr commented that the model he’s interested in is having SPDX perpetuate through a development cycle with minimum impact on the team. Would like to be able to check code in with meta-data so that the meta-data travels with the file. 
  • Gary said that he’s seen this approach both work and not work. Tried an integration with IDEs but there was too much change for it to work. Says the Maven plugin seems to be pretty effective in maintaining the meta-data and the integration recalculates the checksum. Solution does assume that the data in the POM is correct. POMs are stored in the repository and the SPDX is generated at build time. Developers are used to editing POM files. 
  • Jack commented that in a structured environment that works, but TI needs a solution that works across multiple environments. 
  • Dave commented that training for engineering is needed — when you add or subtract content, here’s what you need to do. 
  • Jilayne would like engineering training for lawyers, with graphs, not just text. 
  • Everyone thought this would be a good overall topic for Collab Summit. 


Tech Team Report - Kate/Gary[edit]

  • Team is continuing discussions on External References. The work is close to being ready for a broader review. 
  • Joint tech / legal call on license markup planned for 2/9.
  • Discussions happening with Richard Fontana at OSI

Outreach Team Report - Jack/Kate[edit]

  • Planning for Collab Summit: 1/2 day Tech team and 1/2 day Legal, with SPDX “Office Hours” for folks to bring questions, issues. 
  • Good mentions of SPDX @ FOSDEM
  • LF says new website is close to being staged for review; Jack hopes it will be up for Collab Summit
  • Planning webinars in first quarter. Pierre has volunteered and the first will be on the license list. 

Legal Team Report - Jilayne/Paul[edit]

  • Working on proposal for license matching
  • Working on tighter communication with OSI


Cross Functional Topics - Kate[edit]


Attendees[edit]

  • Kirsten Newcomer, Black Duck
  • Gary O’Neall, SourceAuditor 
  • Scott Sterling, Palamida
  • Kate Stewart, Linux Foundation
  • Pierre LaPointe, nexB 
  • Jilayne Lovejoy, ARM
  • Kirsten Newcomer, Black Duck
  • Jack Manbeck, TI
  • Dave Marr, Qualcomm
  • Eric Weddington
  • Hassib Khanafer, Protecode
  • Matt Germonprez, UNO


Re: Tutorials, sample RDF files

Manbeck, Jack
 

Marvin,

Thanks for the feedback on the tutorials. It's a good idea. We have started a wiki page where we are doing something similar. Ill add this as an example as well.

Wiki link: http://wiki.spdx.org/view/Technical_Team/Best_Practices

Scroll down to the examples. I think its likely we will pull them out to their own page.

Jack



-----O a wiki priginal Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Marvin Humphrey
Sent: Monday, February 08, 2016 6:53 PM
To: Gary O'Neall
Cc: spdx@...
Subject: Re: Tutorials, sample RDF files

Thanks, everyone, for the quick responses! I've successfully built and run the tools from Github, and I found the sample RDF files within the repo.

On Mon, Feb 8, 2016 at 1:53 PM, Gary O'Neall <gary@...> wrote:

Just following up on Bill's email, I would be happy to provide you any
information/background on using SPDX/RDF for Apache.
Here's a bit more context: On my own initiative, I'm exploring SPDF as a general solution for documenting dependency licensing for Apache projects.
See this thread I started yesterday on the Apache legal-discuss list:

http://markmail.org/message/6435qziggbjyvy6u

I've also written a Maven plugin that generates SPDX/RDF files at
https://github.com/goneall/spdx-maven-plugin that may provide another
example application.
This plugin would surely be very useful for any Maven-driven Java project, but for my purposes, it cannot be counted on as available -- in fact the pilot project is likely to be a C project. (There are a lot of Java projects at Apache, but the Foundation is actually technology-neutral.) It is not important to deliver anything concrete in the near term -- instead, the goal is to understand how much effort it would for *any* Apache project to generate SPDX data. The worst case is particularly important -- no Maven plugin, minimal XML expertise, etc.

Let me know what other information I can help with.
What I envision as most helpful would be a tutorial which shows how to craft SPDX data manually for progressively more complex scenarios.

* Start off with a single "hello world" source file.
* Add several more source files under the same license.
* Add a bundled dependency under the same license but with a different
copyright holder.
* Add a bundled dependency under a different license.
* Add a seperately-downloaded dependency under a different license.
* Generate a binary distribution.

And so on. There are naturally many corner cases to deal with (which I'm sure comes as no surprise to you all), and I don't expect that such documentation exists because my use case is esoteric -- but I hope that communicates where I'm headed with this.

Marvin Humphrey
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Tutorials, sample RDF files

Marvin Humphrey <marvin@...>
 

Thanks, everyone, for the quick responses! I've successfully built and run
the tools from Github, and I found the sample RDF files within the repo.

On Mon, Feb 8, 2016 at 1:53 PM, Gary O'Neall <gary@...> wrote:

Just following up on Bill's email, I would be happy to provide you any
information/background on using SPDX/RDF for Apache.
Here's a bit more context: On my own initiative, I'm exploring SPDF as a
general solution for documenting dependency licensing for Apache projects.
See this thread I started yesterday on the Apache legal-discuss list:

http://markmail.org/message/6435qziggbjyvy6u

I've also written a Maven plugin that generates SPDX/RDF files at
https://github.com/goneall/spdx-maven-plugin that may provide another
example application.
This plugin would surely be very useful for any Maven-driven Java project, but
for my purposes, it cannot be counted on as available -- in fact the pilot
project is likely to be a C project. (There are a lot of Java projects at
Apache, but the Foundation is actually technology-neutral.) It is not
important to deliver anything concrete in the near term -- instead, the goal
is to understand how much effort it would for *any* Apache project to generate
SPDX data. The worst case is particularly important -- no Maven plugin,
minimal XML expertise, etc.

Let me know what other information I can help with.
What I envision as most helpful would be a tutorial which shows how to craft
SPDX data manually for progressively more complex scenarios.

* Start off with a single "hello world" source file.
* Add several more source files under the same license.
* Add a bundled dependency under the same license but with a different
copyright holder.
* Add a bundled dependency under a different license.
* Add a seperately-downloaded dependency under a different license.
* Generate a binary distribution.

And so on. There are naturally many corner cases to deal with (which I'm sure
comes as no surprise to you all), and I don't expect that such documentation
exists because my use case is esoteric -- but I hope that communicates where
I'm headed with this.

Marvin Humphrey


Re: Tutorials, sample RDF files

Gary O'Neall
 

Hi Marvin,

Just following up on Bill's email, I would be happy to provide you any
information/background on using SPDX/RDF for Apache.

I've also written a Maven plugin that generates SPDX/RDF files at
https://github.com/goneall/spdx-maven-plugin that may provide another
example application.

The RDF terms are defined at http://spdx.org/rdf/terms/.

Let me know what other information I can help with.

Best regards,
Gary

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Bill Schineller
Sent: Monday, February 8, 2016 12:04 PM
To: Marvin Humphrey; spdx@...
Subject: Re: Tutorials, sample RDF files

Hi Marvin,
Welcome to the list and thanks for your interest!

Is this you?

https://www.openhub.net/people?query=Marvin%20Humphrey



Regarding samples and tools, our spdx-tools repo is mirrored here:
https://github.com/spdx/tools


Primary developer for those tools is Gary O'Neall, with some
contributions from others.

Have a look, and I'm certain that Gary and some hands-on tech team
contributors would be happy to guide you through their use.

- Bill



Bill Schineller
VP Engineering - KnowledgeBase
Black Duck Software
781-425-4405
508-308-5921 (cell)
bschineller@...








On 2/8/16, 2:49 PM, "spdx-bounces@... on behalf of Marvin
Humphrey" <spdx-bounces@... on behalf of
marvin@...> wrote:

Greetings,

I'm an active contributor at the Apache Software Foundation with
regards to release policy and licensing. I'd like to explore the
possibility of having an Apache project supply SPDX data in a release.

I'm imagining that we would supply SPDX data as an RDF file, because
our official releases are 100% source. I also imagine that we would
want to either hand-craft those files or generate them using open
source tools.

Can you point me to some sample RDF files, tutorials, or documentation
explaining how I would go about that? It's been surprisingly
difficult
to track down such materials.

Best,

Marvin Humphrey
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Tutorials, sample RDF files

Yev Bronshteyn
 

I believe Gary mentioned said generator has a dependency on external packages in order for its output to be legal.

On 2/8/16, 3:33 PM, "spdx-bounces@... on behalf of Manbeck, Jack" <spdx-bounces@... on behalf of j-manbeck2@...> wrote:

I believe Gary has been working on a Maven plug in generator for SPDX as well if that would be useful.

Jack


-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bill Schineller
Sent: Monday, February 08, 2016 3:04 PM
To: Marvin Humphrey; spdx@...
Subject: Re: Tutorials, sample RDF files

Hi Marvin,
Welcome to the list and thanks for your interest!

Is this you?

https://www.openhub.net/people?query=Marvin%20Humphrey



Regarding samples and tools, our spdx-tools repo is mirrored here:
https://github.com/spdx/tools


Primary developer for those tools is Gary O'Neall, with some contributions from others.

Have a look, and I'm certain that Gary and some hands-on tech team contributors would be happy to guide you through their use.

- Bill



Bill Schineller
VP Engineering - KnowledgeBase
Black Duck Software
781-425-4405
508-308-5921 (cell)
bschineller@...








On 2/8/16, 2:49 PM, "spdx-bounces@... on behalf of Marvin Humphrey" <spdx-bounces@... on behalf of marvin@...> wrote:

Greetings,

I'm an active contributor at the Apache Software Foundation with
regards to release policy and licensing. I'd like to explore the
possibility of having an Apache project supply SPDX data in a release.

I'm imagining that we would supply SPDX data as an RDF file, because
our official releases are 100% source. I also imagine that we would
want to either hand-craft those files or generate them using open source tools.

Can you point me to some sample RDF files, tutorials, or documentation
explaining how I would go about that? It's been surprisingly difficult
to track down such materials.

Best,

Marvin Humphrey
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Tutorials, sample RDF files

Manbeck, Jack
 

I believe Gary has been working on a Maven plug in generator for SPDX as well if that would be useful.

Jack

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bill Schineller
Sent: Monday, February 08, 2016 3:04 PM
To: Marvin Humphrey; spdx@...
Subject: Re: Tutorials, sample RDF files

Hi Marvin,
Welcome to the list and thanks for your interest!

Is this you?

https://www.openhub.net/people?query=Marvin%20Humphrey



Regarding samples and tools, our spdx-tools repo is mirrored here:
https://github.com/spdx/tools


Primary developer for those tools is Gary O'Neall, with some contributions from others.

Have a look, and I'm certain that Gary and some hands-on tech team contributors would be happy to guide you through their use.

- Bill



Bill Schineller
VP Engineering - KnowledgeBase
Black Duck Software
781-425-4405
508-308-5921 (cell)
bschineller@...








On 2/8/16, 2:49 PM, "spdx-bounces@... on behalf of Marvin Humphrey" <spdx-bounces@... on behalf of marvin@...> wrote:

Greetings,

I'm an active contributor at the Apache Software Foundation with
regards to release policy and licensing. I'd like to explore the
possibility of having an Apache project supply SPDX data in a release.

I'm imagining that we would supply SPDX data as an RDF file, because
our official releases are 100% source. I also imagine that we would
want to either hand-craft those files or generate them using open source tools.

Can you point me to some sample RDF files, tutorials, or documentation
explaining how I would go about that? It's been surprisingly difficult
to track down such materials.

Best,

Marvin Humphrey
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Tutorials, sample RDF files

Bill Schineller
 

Hi Marvin,
Welcome to the list and thanks for your interest!

Is this you?

https://www.openhub.net/people?query=Marvin%20Humphrey



Regarding samples and tools, our spdx-tools repo is mirrored here:
https://github.com/spdx/tools


Primary developer for those tools is Gary O'Neall, with some contributions from others.

Have a look, and I'm certain that Gary and some hands-on tech team contributors would be happy to guide you through their use.

- Bill



Bill Schineller
VP Engineering - KnowledgeBase
Black Duck Software
781-425-4405
508-308-5921 (cell)
bschineller@...

On 2/8/16, 2:49 PM, "spdx-bounces@... on behalf of Marvin Humphrey" <spdx-bounces@... on behalf of marvin@...> wrote:

Greetings,

I'm an active contributor at the Apache Software Foundation with regards to
release policy and licensing. I'd like to explore the possibility of having
an Apache project supply SPDX data in a release.

I'm imagining that we would supply SPDX data as an RDF file, because our
official releases are 100% source. I also imagine that we would want to
either hand-craft those files or generate them using open source tools.

Can you point me to some sample RDF files, tutorials, or documentation
explaining how I would go about that? It's been surprisingly difficult to
track down such materials.

Best,

Marvin Humphrey
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Tutorials, sample RDF files

Marvin Humphrey <marvin@...>
 

Greetings,

I'm an active contributor at the Apache Software Foundation with regards to
release policy and licensing. I'd like to explore the possibility of having
an Apache project supply SPDX data in a release.

I'm imagining that we would supply SPDX data as an RDF file, because our
official releases are 100% source. I also imagine that we would want to
either hand-craft those files or generate them using open source tools.

Can you point me to some sample RDF files, tutorials, or documentation
explaining how I would go about that? It's been surprisingly difficult to
track down such materials.

Best,

Marvin Humphrey


Files for call today

Manbeck, Jack
 

Copyright snippet from spdx document:

 

FileCopyrightText: <text>copyright (c) 1999

* boris fomitchev

*

* this material is provided "as is", with absolutely no warranty expressedcopyright (c) 1999

* silicon graphics computer systems, inc.</text>

 

 

Jack

 


Re: Thursday SPDX General Meeting Reminder

Manbeck, Jack
 

I’ll use the uber conference for a little show and tell. Nothing spectacular.

 

Best Regards,

 

Jack Manbeck

 

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Wednesday, February 03, 2016 7:50 AM
To: spdx@...
Subject: Thursday SPDX General Meeting Reminder

 

There were some issues with meeting invitations. You should have a meeting in your calendar with the new dial in info, also included below

 

I have a conflict and will not be able to attend this session. Kirsten will host and take notes on my behalf. Big thanks, Kirsten!

 

Special “guest" speaker this month is our own Jack Manbeck. He will be talking about TI’s use of and plans for SPDX.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Jan 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

 

Administrative Agenda

Attendance

 

 

Technical Team Report – Kate 

 

 

Legal Team Report – Jilayne

 

 

Business Team Report – Jack

 

 

Cross Functional Issues - Kirsten

 


Thursday SPDX General Meeting Reminder

Philip Odence
 

There were some issues with meeting invitations. You should have a meeting in your calendar with the new dial in info, also included below

I have a conflict and will not be able to attend this session. Kirsten will host and take notes on my behalf. Big thanks, Kirsten!

Special “guest" speaker this month is our own Jack Manbeck. He will be talking about TI’s use of and plans for SPDX.


GENERAL MEETING

Meeting Time: Thurs, Jan 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed

 
Administrative Agenda
Attendance


Technical Team Report – Kate 


Legal Team Report – Jilayne


Business Team Report – Jack


Cross Functional Issues - Kirsten


SPDX General Meeting

Philip Odence
 

I am updating the bridge info. Tried this once before but I think I only modified the January instance. Apologies.

Please accept so this recurring meeting is on your calendar, however no need to respond.


Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed

MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions


SPDX January General Meeting Minutes

Philip Odence
 




General Meeting/Minutes/2016-1-07

  • Attendance: 9
  • Lead by Phil Odence
  • Minutes of Dec meeting approved


Tech Team Report - Kate/Gary[edit]

  • Good progress on spec
    • Settled on approaches for both
      • Snippets
      • External References
    • Jilayne assured consistency None/Assertion
  • Now working on
    • Making sure that external identifiers support security
  • Joint call upcoming with Legal Team on template language
    • Have pushed a couple of issues/ to Legal Team
  • Re-examining native from of spec under dev
    • Notion is to make it better accessible in Git Hub
    • Plan for full walk through at Collab Summit
  • Tools
    • Did maintenance release over the last week or so
    • Addressed reported bugs
    • Some other bug fixes
    • Gary will go back to the bug reporter to see if they might speak at a future General Meeting.


Outreach Team Report - Phil (Jack supplied notes in absentia)[edit]

  • Haven’t had our first meeting of the year, that will be next week.
  • I also haven’t heard from the LF yet on the new website. Im going to ping them this week to see where they are.
    • Talked to Craig.
      • Working on some technical issues with generated license list 
      • Next week we should be able to review and update
  • Were still hammering out an outreach plan on the wiki. Id like to to be done with it by the end of January and then we can share plans.


Legal Team Report - Jilayne[edit]

  • License List 2.3 is now live
    • 3 new licenses
    • 1 new exception
    • Now starting to see markup on some of the headers; rest are in process
  • Call today
    • Continuing to look at markup
      • Form 
      • Maintenance Process


Cross Functional Topics - Phil[edit]


Attendees[edit]

  • Phil Odence, Black Duck
  • Gary O’Neill, SourceAuditor 
  • Scott Sterling, Palamida
  • Yev Bronshteyn, Black Duck
  • Kate Stewart, Linux Foundation
  • Pierre LaPointe, nexB 
  • Jilayne Lovejoy, ARM
  • Kirsten Newcomer, Black Duck
  • Mark Gisi, Wind River


SPDX License List v2.3 released

J Lovejoy
 

And available in the usual places:
- “human-friendly” web pages: http://spdx.org/licenses/
- master files available here: http://git.spdx.org/?p=license-list.git;a=summary (use 2.3 tag)
- info on different ways to access the SPDX License List available here: http://wiki.spdx.org/images/SPDX-TR-2014-2.v1.0.pdf

Changes for v2.3:
- 3 new licenses; 1 new exception
- matching markup added to many standard headers (still more work to be done here)
- various minor formatting improvements/fixes

Jilayne Lovejoy
SPDX Legal Team co-lead
opensource@...



SPDX General Meeting

Philip Odence
 

Please accept so this recurring meeting is on your calendar, however no need to respond.

Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed

MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions


Thursday SPDX General Meeting Reminder - IMPORTANT- NOTE NEW BRIDGE INFO

Philip Odence
 

As per the capital letters, be sure to note the new dial-in numbers below. I will re-issue the calendar invite with this included.

No special presentation this week, so I expect the meeting to be about 30 minutes.

GENERAL MEETING

Meeting Time: Thurs, Jan 7, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed

 
Administrative Agenda
Attendance


Technical Team Report – Kate 


Legal Team Report – Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil


SPDX Dec General Meeting Minutes

Philip Odence
 



General Meeting/Minutes/2015-12-03

  • Attendance: 7
  • Lead by Phil Odence
  • Minutes of Nov meeting approved

Tech Team Report - Gary[edit]

  • Only 2 tech meetings due to Thanksgiving
  • Code Snippets
    • Candidate proposal in GoogleDocs for Review
    • Background
      • A bit controversial due to legit concern that it adds a lot of effort
      • Identification at the line level requires substantial extra work
    • So, snippets are optional
    • Decision driven by important use case- Java script files
      • As they tend to bundle together a number of downloadable chunks in one file
    • For many other use cases, it may not be used much
    • Implementation
      • Just added snippet level similar to Package and File
        • Additionally adds byte range
        • Snippets relate to files analogously to how files relate to packages
  • External ID discussion is back on the table with snippet work starting to wind down
  • Tools
    • A lot of good community contribution
      • individuals from a variety of organizations- Linux, other open source (eg NPM community), some users (e.g. Black Duck)
    • Should be releasing a new rev of the SPDX tools in the next few weeks
    • Question: relation to Stefano’s work with Debian tooling described at LinuxCon Europe
      • Enabling Debian copyright files to auto-gen SPDX files
      • Gary will discuss with Kate


Legal Team Report - Jilayne/Paul[edit]

    • Went over the list of license and exceptions list
    • Added 2 or 3 licenses and some exceptions
    • Entertaining new proposal for mark up format
      • involved Tech Team as well
      • needs to be resurrected


Outreach Team Report - Jack[edit]

  • New Website
    • Work was put on hold by LF for some higher priority work
    • Should have something staged before the end of the year
    • Front page will be a big improvement
    • Early 2016 launch is targeted, but we will need to evaluate with 
  • Working on outreach plan
    • targeting groups and conferences

Cross Functional Topics - Phil[edit]

  • Always interested in guest speakers for upcoming meetings
    • Please come to Phil with ideas about organizations who are willing to do short/informal presentations on what they are doing with SPDX

Attendees[edit]

  • Phil Odence, Black Duck
  • Gary O’Neill, SourceAuditor 
  • Jack Manbeck, TI
  • Dave Marr, Qualcomm
  • Dave McLaughlin, Rogue Wave
  • Jilayne Lovejoy, ARM
  • Paul Madick, Dimension Data


SPDX General Meeting this Thursday

Philip Odence
 

No special presentation this week, so I expect the meeting to be about 30 minutes.

GENERAL MEETING

Meeting Time: Thurs, Dec 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance


Technical Team Report – Gary 


Legal Team Report – Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil


SPDX November General Meeting Minutes

Philip Odence
 

Thanks again, to Oliver.




General Meeting/Minutes/2015-11-05

  • Attendance: 12
  • Lead by Phil Odence
  • Minutes of Oct meeting approved/

Siemens - Oliver Fendt[edit]

  • Open Source Group 
    • Deals with compliance issues
    • Made up of members from all parts of the company
    • Has been going for 2.5 years
    • Recognized SPDX early in their existence
      • Took a close look
      • First interest was in the license list
        • Requested some license for list; some successful, some not
        • Participated in discussion about how to handle license exceptions
    • SPDX 2.0 was coming on line
      • Voted internally to adopt SPDX
      • And to start requiring SPDX docs from their suppliers
    • Got involved with FOSSology
      • Implemented initial SPDX 2.0 in FOSSology
        • Just RDF, not yet Tag Value
    • Became aware of process of development of standard
        • Concerned about the direction, specifically snippet discussion
        • Concerns that it contradicts vision/mission
        • Minimizing costs across the supply chain
        • Concerned that granularity of snippets and that it’s hard to say, unless you are the developer
        • So, worries about usability
        • And that it adds interpretation, for example, Black Duck Protex requires the human to interpret
        • Also, since there is no open source tool that does snippets, adoption may be limited
      • Would be interested in adding other sorts of information like ECC info
    • They are currently using the latest/greatest FOSSology and encouraging suppliers to do same
    • Starting to see projects using SPDX short IDs in files
    • Suppliers normally don’t deliver source code; Siemens requires that they assert that the comply w/copyrights
      • So they typically don’t scan source.
      • They use FOSSo
      • And they encourage SPDX to supply the info


Tech Team Report - Kate/Gary[edit]

  • Busy refining external identifiers proposal
    • Aim was a single field 
    • Thought is to break into multiple fields, source of identifier and the domain
    • Wrestling with the difference between security IDs (NVD/CPE) and repos (e.g. Debian)
  • Also, recently revisited snippets proposal
    • Now is a good time to weigh in.
  • Tools
    • Active; Sebastian Schubert has been a big contributor recently
      • Mostly fixes
      • 2.1 will add some work
      • UNO repos also very active


Legal Team Report - Jilayne[edit]

  • Cross functional work with tech team on templates and matching
    • recent joint call, apologies for 10 person limit on call; will address
    • Looking to change maintenance process
    • Lots of good discussion about implementing matching guidelines
    • plan is for another joint call in early December


Biz Team Report - Jack[edit]

  • Working with LF on a new look feel for website
    • In parallel, changing some of the navigation.
    • Looks like it’s been delayed, so probably 2-3 weeks before rollout
    • Some progress already; looking good so far
  • In process of changing name of team to Outreach Team
    • Will roll out with new website
  • Eclipse Foundation
    • Might be interesting group to speak with about SPDX

Cross Functional Topics - Phil[edit]

  • See Jack’s brief blog on SPDX.org pointing must read blog by Eric Raymond on SPDX


Attendees[edit]

  • Phil Odence, Black Duck
  • Oliver Fendt, Siemens
  • Tarek Jomaa. ARM
  • Gary O’Neill, SourceAuditor 
  • Jilayne Lovejoy, ARM
  • Jack Manbeck, TI
  • Richard Christie, ARM
  • Pierre LaPointe, nexB 
  • Sami Atabani, ARM
  • Kate Stewart, Linux Foundation
  • Michael Herzog- nexB
  • Scott Sterling, Palamida

561 - 580 of 1591