Date   

Re: [PATCH] USB: add SPDX identifiers to all files in drivers/usb/

Oliver Fendt
 

Hi,

great to see this direction of development.
This will are least clarify all the files which carry nothing expect the Marko
MODUL_LICENSE("GPL");
Because one of the interesting questions is "is this a legally binding expression of licensing?"

Ciao
Oliver

-----Ursprüngliche Nachricht-----
Von: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] Im Auftrag von Philippe Ombredanne
Gesendet: Donnerstag, 19. Oktober 2017 20:28
An: SPDX-legal; spdx-tech@lists.spdx.org; SPDX-general
Betreff: Fwd: [PATCH] USB: add SPDX identifiers to all files in drivers/usb/

FYI:
In case you missed it: SPDX identifiers have landed in kernel land...
Read the whole thread at https://patchwork.kernel.org/patch/10016189/
And as a side effect, some new patches elsewhere are coming in with SPDX identifiers right in!
--
Cordially
Philippe Ombredanne

---------- Forwarded message ----------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, Oct 19, 2017 at 10:38 AM
Subject: [PATCH] USB: add SPDX identifiers to all files in drivers/usb/
To: linux-usb@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>, Kate Stewart <kstewart@linuxfoundation.org>, Philippe Ombredanne <pombredanne@nexb.com>

It's good to have SPDX identifiers in all files to make it easier to audit the kernel tree for correct licenses. This patch adds these identifiers to all files in drivers/usb/ based on a script and data from Thomas Gleixner, Philippe Ombredanne, and Kate Stewart.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Unless someone really complains, I'm going to add this to my tree for 4.15-rc1.


diff --git a/drivers/usb/Makefile b/drivers/usb/Makefile index 9650b351c26c..cb8d902b801d 100644
--- a/drivers/usb/Makefile
+++ b/drivers/usb/Makefile
@@ -1,6 +1,7 @@
#
# Makefile for the kernel USB device drivers.
#
+# SPDX-License-Identifier: GPL-2.0

# Object files in subdirectories

[....] long diff of 600 files removed for brevity...
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


[PATCH] USB: add SPDX identifiers to all files in drivers/usb/

Philippe Ombredanne
 

FYI:
In case you missed it: SPDX identifiers have landed in kernel land...
Read the whole thread at https://patchwork.kernel.org/patch/10016189/
And as a side effect, some new patches elsewhere are coming in with
SPDX identifiers right in!
--
Cordially
Philippe Ombredanne

---------- Forwarded message ----------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, Oct 19, 2017 at 10:38 AM
Subject: [PATCH] USB: add SPDX identifiers to all files in drivers/usb/
To: linux-usb@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Thomas Gleixner
<tglx@linutronix.de>, Kate Stewart <kstewart@linuxfoundation.org>,
Philippe Ombredanne <pombredanne@nexb.com>

It's good to have SPDX identifiers in all files to make it easier to
audit the kernel tree for correct licenses. This patch adds these
identifiers to all files in drivers/usb/ based on a script and data from
Thomas Gleixner, Philippe Ombredanne, and Kate Stewart.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Unless someone really complains, I'm going to add this to my tree for
4.15-rc1.


diff --git a/drivers/usb/Makefile b/drivers/usb/Makefile
index 9650b351c26c..cb8d902b801d 100644
--- a/drivers/usb/Makefile
+++ b/drivers/usb/Makefile
@@ -1,6 +1,7 @@
#
# Makefile for the kernel USB device drivers.
#
+# SPDX-License-Identifier: GPL-2.0

# Object files in subdirectories

[....] long diff of 600 files removed for brevity...


Oct SPDX General Meeting Minutes

Philip Odence
 

Here you go:

https://wiki.spdx.org/view/General_Meeting/Minutes/2017-10-05 

 

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 

 

General Meeting/Minutes/2017-10-05

General Meeting‎ | Minutes

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of Sept meeting approved 

 

Contents

 [hide

Guest Presentation - Alexander Lisianoi[edit]

  • Background
    • Working on masters in Technical University of Vienna
  • Project
    • Turning Python Code into Javascript
      • Pooling PY and License expression
      • Libraries that are self contained
      • Initially looked easy
    • Results
      • It works!
    • How it went
      • Long list of tools available, so choosing a tool is the first step
        • Brython, Batavia, Transcript
        • Brython can read in pure Python
        • Bytavia uses Python byte code
        • Transcript actually translates to javacode, so he picked that one
          • Downside is that it doesn’t handle every Python capability
      • Encountered a lot of bizarre results
        • And complained a fair amount
        • Tricky to know what goes wrong; have to debug both in parallel
        • Errors can be subtle
        • How things are compared differs between languages
    • The resulting tool
      • You can parse, but it can be broken
    • Value of the work
      • Javascript is very commonly used for front ends these days
      • You don’t want to have to support two technologies for front and back end
      • This allows leveraging the backend scripts for building front end
      • Valuable to tool developers using JS and to development communities
      • As a side-effect of the work, we Alexander helped 

Tech Team Report - Kate/Gary[edit]

  • Spec
    • All on GItHub now
  • Last few meetings have been focused on
    • FSF proposal
      • Supporting legal team on expanding license expression language
    • Testing work from Jack
      • Tool testing cases
        • Scanners for locating license language
        • License language matchers (using matching guidelines)
      • Also testing license list generator
        • Which requires test cases as well
      • Looking at creating a repo for all test cases
        • Two tool types 
        • License list gen
      • Will be community based so folks can contribute cases
  • Preview
    • Looks like there will be a new tool contribution from an LF member
    • A tool to create a summary 
      • Input SPDX tag value; output easy to read/intrerpret format
  • LinuxCon Europe
    • There will be a meeting for those creating tools
    • New testing work with be on the agenda

 

Legal Team Report - Jilayne/Paul[edit]

  • FSF Proposal 
    • For how the GPL version is represented
    • Questions about new operators, default
    • Generated a large meeting with tech folks
      • Lively discussion
      • Did not reach resolution
    • FSF has come back with another proposal
      • Technical challenges
      • Difference of opinion, particularly for case where
      • Part of the issue is that FSF is focused on just the identifiers vs. how we use with SPDX
        • License does not specify “or later” or “only”
        • How do we represent without representing legal judgment
        • Fundamentally there are different opinions on what it means when there is no specification
        • Very important to FSF (including Richard Stallman)

Outreach Team Report - Jack[edit]

  • Mostly license test file work as described above

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Alexander Lisianoi, Technical University of Vienna
  • Matthew Crawford, ARM
  • Matija Suklje, FSFE
  • Steve Winslow, Linux Foundation
  • Mike Dolan, Linux Foundation
  • Jack Manbeck, TI
  • Michael Herzog- nexB
  • Gary O’Neall, SourceAuditor
  • Paul Madick, Dimension Data

 


Reminder about Thursday SPDX General Meeting (with special guest!)

Philip Odence
 

Please join us for a special presentation by Alexander Lisianoi another SPDX 2017 Google Summer of Code student participant. He is a software engineer working towards his Masters at Technical University of Vienna, Austria. His project for us was called "Online Validation Tools.” He will describe how took two libraries (boolean.py and license-expression) and converted them from Python to Javascript with a tool called Transcryp.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Oct 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-09-07 

 

Guest Presentation – Alexander

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 


Re: Package, mandatory?

Gary O'Neall
 

Hi Jonas,

However, the cardinality is given as "Optional, one or many." I'm not
sure exactly how to interpret this, as I noticed the spdx-tools fails
when converting from tag format to RDF if I don't have a Package
specified.
I would call this a bug in the SPDX tools. If you could log an issue in the
git repo and upload a tag/value file which reproduces the error, I'll take a
look at it (https://github.com/spdx/tools/issues).

Thanks for reporting the issues.

Gary


Re: Package, mandatory?

Kate Stewart
 

Hi Jonas

On Tue, Sep 26, 2017 at 7:11 AM, Jonas Oberg <jonas@...> wrote:
Hi everyone,

as you know, the FSFE is working on a project, REUSE, which has as one of
its recommendations to produce a SPDX conformant bill of materials, if one
can be generated automatically.

As part of this project, I'm putting together a few template/example
repositories which does exactly this. I will definitely make a lot of
assumptions in generating the SPDX file, and it won't scale well beyond
the example, but it's still an interesting practice.

In this, I've discovered what feels like an inconsistency in the
specification, or its implementation.

I would like to bring your attention to version 2.1, section 3[^1] which
deals with the package information. The description is given as

  "One instance of the Package Information is required per package being described."

However, the cardinality is given as "Optional, one or many." I'm not sure
exactly how to interpret this, as I noticed the spdx-tools fails when
converting from tag format to RDF if I don't have a Package specified.

Prior to 2.0,  the expectation was that there would only be a single package
with a set of files in each SPDX document.    

When we introduced relationships/identifiers, in 2.0, we were able to extend the specification 
to handle multiple packages could be present in the same SPDX document (cardinality (Many)).   
Similarily it was recognized that an SPDX document could be just a grouping of files 
(ie. a set of binary files and an artificial package to encompass them all was not needed). (hence
Optional).    I can see though that we should have been clearer. 

The tools should be able to handle the translation,  so yes,  go ahead and log a bug there too.
 

If I know where the bug is (specification, me, spdx-tools), I can file a
more appropriate bug report or fix my own code :-)

Bug in the spdx-tools,   improvement in wording needed in the specification - so
please go ahead and log issues against both. 

Thanks, Kate
 


[^1]: https://spdx.org/spdx-specification-21-web-version#h.4i7ojhp


Best regards,

--
Jonas Öberg
Executive Director

FSFE e.V. - keeping the power of technology in your hands. Your
support enables our work, please join us today http://fsfe.org/join
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Package, mandatory?

Jonas Oberg
 

Hi everyone,

as you know, the FSFE is working on a project, REUSE, which has as one of
its recommendations to produce a SPDX conformant bill of materials, if one
can be generated automatically.

As part of this project, I'm putting together a few template/example
repositories which does exactly this. I will definitely make a lot of
assumptions in generating the SPDX file, and it won't scale well beyond
the example, but it's still an interesting practice.

In this, I've discovered what feels like an inconsistency in the
specification, or its implementation.

I would like to bring your attention to version 2.1, section 3[^1] which
deals with the package information. The description is given as

"One instance of the Package Information is required per package being described."

However, the cardinality is given as "Optional, one or many." I'm not sure
exactly how to interpret this, as I noticed the spdx-tools fails when
converting from tag format to RDF if I don't have a Package specified.

If I know where the bug is (specification, me, spdx-tools), I can file a
more appropriate bug report or fix my own code :-)


[^1]: https://spdx.org/spdx-specification-21-web-version#h.4i7ojhp


Best regards,

--
Jonas Öberg
Executive Director

FSFE e.V. - keeping the power of technology in your hands. Your
support enables our work, please join us today http://fsfe.org/join


SPDX Sept General Meeting Minutes

Philip Odence
 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2017-09-07 

 

General Meeting/Minutes/2017-09-07

General Meeting‎ | Minutes

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of July meeting approved 

 

Contents

 [hide

Guest Presentation - Krys Nuvadga[edit]

  • Studying sw engineering in Cameroon
  • GSoC project: License grader tool.
    • Command line tool that would compare and SPDX doc to Source files
    • To determine the coverage of the info in the SPDX document
  • Use cases
    • Scan and pass SPDX doc to get license information in a format to perform calculations
    • Get a source file validator to determine if a particular file was covered
      • Factors considered to determine if something was source file
        • LoC
        • Characters
  • Started with a simple case to get running
  • Incremental approach 
    • Developed module by module
      • Used Python
      • Scanner 
      • Source code analysis passing results as XML
      • Results comparison
      • Grading for each package
  • Features
    • Scanning
    • Computation on source package
  • Status
    • Working
    • Still WIP
    • Refining
    • Addressing performance issues
  • Questions
    • why to use
      • To determine how complete the file license information is
    • Will the user get a list of fils without info?
      • Yes

 

Tech Team Report - Kate/Gary[edit]

  • Spec
    • All on GItHub now
      • migrated Google doc discussions
    • 2.1.1 version fixing typos
    • 2.2 
      • slated for late in the year
      • will include new features
      • feature set still open, please contribute
    • Kate speaking next week at the Open Source Summit talking about testing scanning tools
  • Tooling
    • Completing GSoC
      • All students passed
      • All up on GitHub
      • Very successful

 

Legal Team Report - Jilayne/Paul[edit]

  • XML Conversion slightly stalled
  • “ONLY” issue has required focus
    • Brought up some inconsistencies
    • Lots of discussion on tech and legal calls and joint ones
      • Jilayne summarized in wiki
    • Proposal
      • Add ONLY operator
      • Remove “only” from current names
        • will necessarily cause some backward compatibility issue

 

Outreach Team Report - Jack[edit]

  • Working on tool to generate test files for scanners
    • working fine
    • cleaning up documentation
    • will create a test file and will upload it
      • needs a name
      • to be resolved in call today

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Krys Nuvadga, University of Buea, Cameroon
  • Gary O’Neall, SourceAuditor
  • Paul Madick, Dimension Data
  • Jack Manbeck, TI
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Matija Suklje, FSFE
  • Rashmi Chitrakar, Qualcomm
  • Bradlee Edmondson, Harvard
  • Thomas Steenbergen, HERE

 

 


Re: SPDX recommendations from other communities! :-D

Kate Stewart
 



On Wed, Sep 6, 2017 at 7:51 AM, Neal Gompa <ngompa13@...> wrote:

I'd like to point out that this recommendation is contingent on being
able to automatically scan and generate it. No one is suggesting
manual inventory of code to generate SPDX document.

Hi Neal,
    We agree, some tooling is needed to generate the signing of the 
files that is needed in an SPDX document for an accurate manifest. 
Both FOSSology and ScanCode are open source projects that 
scan source projects and generate SPDX documents.   Windriver
also provides a service to do so too. 

Kate


Re: SPDX recommendations from other communities! :-D

Philip Odence
 

Sorry, all, didn’t mean to cc the list. But you might find my blog amusing as well.

 

From: <spdx-bounces@...> on behalf of Philip Odence <podence@...>
Date: Wednesday, September 6, 2017 at 6:13 AM
To: Kate Stewart <kstewart@...>, SPDX-general <spdx@...>
Subject: Re: SPDX recommendations from other communities! :-D

 

Wow, Kate, great stuff! Thanks for sharing. I’ll talk to Jack about putting reference on the website.

 

In the meantime, for your amusement: http://blog.blackducksoftware.com/open-source-licenses-interesting

 

From: <spdx-bounces@...> on behalf of Kate Stewart <kstewart@...>
Date: Wednesday, September 6, 2017 at 5:47 AM
To: SPDX-general <spdx@...>
Subject: SPDX recommendations from other communities! :-D

 

Hi,

     Just thought some of you might be interested in 

some recent announcements with SPDX showing up

in them. 

 

FSFE just launched a new site today recommending

use of SPDX license identifiers in the source files,

and generating a manifest from an SPDX document.  :-)

 

Also there are a similar set of recommendations by the 

Commons Conservancy which also recommend use of the

tags, and generation of SPDX documents: 

 

Best regards,

Kate

 


Re: SPDX recommendations from other communities! :-D

Philip Odence
 

Wow, Kate, great stuff! Thanks for sharing. I’ll talk to Jack about putting reference on the website.

 

In the meantime, for your amusement: http://blog.blackducksoftware.com/open-source-licenses-interesting

 

From: <spdx-bounces@...> on behalf of Kate Stewart <kstewart@...>
Date: Wednesday, September 6, 2017 at 5:47 AM
To: SPDX-general <spdx@...>
Subject: SPDX recommendations from other communities! :-D

 

Hi,

     Just thought some of you might be interested in 

some recent announcements with SPDX showing up

in them. 

 

FSFE just launched a new site today recommending

use of SPDX license identifiers in the source files,

and generating a manifest from an SPDX document.  :-)

 

Also there are a similar set of recommendations by the 

Commons Conservancy which also recommend use of the

tags, and generation of SPDX documents: 

 

Best regards,

Kate

 


Re: SPDX recommendations from other communities! :-D

Neal Gompa
 

On Wed, Sep 6, 2017 at 8:47 AM, Kate Stewart
<kstewart@linuxfoundation.org> wrote:
Hi,
Just thought some of you might be interested in
some recent announcements with SPDX showing up
in them.

FSFE just launched a new site today recommending
use of SPDX license identifiers in the source files,
and generating a manifest from an SPDX document. :-)
see: https://reuse.software/

Also there are a similar set of recommendations by the
Commons Conservancy which also recommend use of the
tags, and generation of SPDX documents:
https://commonsconservancy.org/faq/licenseinfo/
I'd like to point out that this recommendation is contingent on being
able to automatically scan and generate it. No one is suggesting
manual inventory of code to generate SPDX document.


--
真実はいつも一つ!/ Always, there's only one truth!


SPDX recommendations from other communities! :-D

Kate Stewart
 

Hi,
     Just thought some of you might be interested in 
some recent announcements with SPDX showing up
in them. 

FSFE just launched a new site today recommending
use of SPDX license identifiers in the source files,
and generating a manifest from an SPDX document.  :-)

Also there are a similar set of recommendations by the 
Commons Conservancy which also recommend use of the
tags, and generation of SPDX documents: 

Best regards,
Kate


Thursday SPDX General Meeting Reminder

Philip Odence
 

Please join us for a special presentation by Krys Nuvadga an SPDX 2017 Google Summer of Code student participant. He is a student of the University of Buea, Cameroon.

 

Krys is working on the License Coverage Grader tool.  This tool takes an SPDX document and pointer to the original source files, and determine a "grade" to quantify how complete the licensing information is at the file level for the code represented by the SPDX document.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Sept 7, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval:  https://wiki.spdx.org/view/General_Meeting/Minutes/2017-08-03

 

 

Guest Presentation – Krys

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 

 

 

 

 

 


"License Clearance in Software Product Governance"

Kate Stewart
 

Just spotted a very nice reference to SPDX in Dirk Riehle's paper, and thought those on the list might find the paper interesting as well. 

http://dirkriehle.com/publications/2017-2/license-clearance-in-software-product-governance/

The first step is to have a standard format for a bill of materials that expresses what is included in a component. For this, the Linux Foundation has sponsored the creation of the Software Package Data Exchange (SPDX) standard [27] and tools for processing the standard [19].
SPDX is rapidly evolving. SPDX compliant documents provide information about what is contained within a software package, including the license information of a contained component, who created the component, its version, etc.


Kate 


SPDX Aug General Meeting Minutes

Philip Odence
 

Here are the minutes

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2017-08-03

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 

General Meeting/Minutes/2017-08-03

General Meeting‎ | Minutes

  • Attendance: 10
  • Lead by Phil Odence
  • Minutes of July meeting approved 

 

Contents

 [hide

Guest Presentation - Rohit[edit]

  • Studying computer science in India
    • Working with SPDX for a number of months
    • Great experience in learning about how open source works
    • And, was surprised to learn about license issues
  • Project- On line SPDX tools
    • move existing tools to web interfaces
    • started with simple UI
      • and, of course, used open source
      • java and python
      • needed a java VM
      • finally found a project that worked for him
  • Three tools
    • Validation tool
    • Converter tool
    • Comparison tool
  • Vailidation Tool
    • Very simple UI
    • Basically just upload a file
    • Returns result of SPDX compatibility errors
    • Works for both tag value and RDF
  • Comparison Tool
    • takes two file inputs (for comparison)
    • after files uploaded, they go through validation
    • If so, they are compared
    • output is Excel sheet, saved on the server, user gets download link
  • Conversion Tool
    • conversions between format types
    • user selects type of conversion
    • returns required format
      • similar to spreadsheet, stored on server with download link
  • Next steps
    • creating API so other applications can call
    • benefit is that java tool prereqs don’t need to be called
  • Rohit went through a very short demo but will set up a more detailed one with the Tech Team

 

Tech Team Report - Kate/Gary[edit]

  • Spec
    • Got through all of the topics in the Google Doc
    • Making good progress
  • 2.2 v 3.0 discussion
    • Still open to input on burning use cases that aren’t covered
    • Please feel free to provide input 
  • Tooling
    • most of the focus has been on GSoC
      • everyone is making great progress 
      • evaluation last week and everyone passed!
    • Progress on Python libraries
    • Helping legal team with tooling

 

Legal Team Report - Jilayne/Paul[edit]

  • Uptick in activity on XML review
    • Brad and Alexios have been great
    • This has been a longstanding need, so great to see progress
  • Discussion about Linus’ note on Linux and GPL
    • Will be added to license list
  • On the plate now: Lots of chatter on email list about implications of adding “+” operator
    • background
      • used to have two different licenses to handle “only” and “or later”
      • now using an operator
      • left “GPL only”
    • It’s created some problems
      • current meaning of GPL-2
      • problems with standard header
    • reached a conclusion about how to handle going forward
    • Best option
      • deprecate plus operator
      • go back to two different licenses
        • doesn’t really apply to other licenses anyway
        • we believe, but still open for discussion
    • big topic on legal call today
  • License comparison tool, web-based
  • API thought from Phil
    • Assuming we publish APIs for hosted tools, we will need to specify terms of use.

 

Outreach Team Report - Jack[edit]

  • Jack unavailable. His email input:
    • Update from my side is that we are still working on fleshing out and documenting the program tools that can scan licenses and generate/read spdx documents.
    • Kate- Also talking about how to come up with a test suite for tools to make sure tools correctly read/generate SPDX

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Rohit Lodha, Google Summer of Code
  • Gary O’Neall, SourceAuditor
  • Uday Shankar, Black Duck
  • Alexios Zavras, Intel
  • Matija Suklje, FSFE
  • Kate Stewart, Linux Foundation
  • Bradlee Edmondson, Harvard
  • Jilayne Lovejoy, ARM
  • Michael Herzog- nexB

 

 


Reminder about SPDX General Meeting on Thursday with guest presenter.

Philip Odence
 

Please join us for a special presentation by Rohit Lodha, another of our Google Summer of Code particpants. I’ll introduce Rohit and his project (on which he will upate us) in his own words:

I a third year student pursuing B.E Computer Science at Birla Institute of Technology and Science, Pilani, India (BITS Pilani). I love developing websites and have a huge interest in Python. 
During the summer, I worked on building Online Validation Tool. The aim of the project is to make an easy all-in-one portal to upload, parse, validate, compare, convert and search SPDX license list and documents using SPDX Java tools. It involves use of Java-Python bridge to use SPDX java tool for its various method.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval https://wiki.spdx.org/view/General_Meeting/Minutes/2017-07-06

 

 

Guest Presentation – Rohit

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 

 


Re: MarkDown conversion of specification live on SPDX GitHub

Matija Šuklje
 

Die 12. 07. 17 et hora 15.25.22 scripsis:
@all: Got asked this a couple times – Why Gitbook and not an alternative
like Pandoc?
[…]
@Matjia: I should have been clearer in the limitation wording. Should have
change “Simplified lay-out as MarkDown” to “Simplified lay-out as MarkDown
and GitBook“
That makes a lot of sense. And again, huge kudos for all the time you invested
in this migration and above all with gathering more contributions in mind.

If none of the ToC plugins work, we could try to modify one, or as a last
resort, simply make the chapters hierarchy flat. What do you think?


cheers,
Matija
--
gsm: tel:+386.41.849.552
www: http://matija.suklje.name
xmpp: matija.suklje@gabbler.org
sip: sip:matija_suklje@ippi.fr


Re: MarkDown conversion of specification live on SPDX GitHub

W. Trevor King
 

On Wed, Jul 12, 2017 at 03:25:22PM +0000, Steenbergen, Thomas wrote:
@Jack @Trevor: Yes, it’s possible to build multiple versions on the
gh-pages branch but uncommon way of working and think this may
confuse users. Topic was discussed in yesterday’s technical meeting
current agreement was to have official releases on spdx.org. I am
thinking to extend current Gulp build script with 2 new tasks 1) a
task to automate deployment of an official release to spdx.org 2) a
task to deploy any new release tag to GitHub
Releases<https://github.com/spdx/spdx-spec/releases>;
This works. And for folks who want to pass references around and who
do not need the GitBook additions, you can use GitHub's source browser
and it's default Markdown rendering. For example, [1,2].

Cheers,
Trevor

[1]: https://github.com/spdx/spdx-spec/blob/231b27009182d92d6ec06582c71ad307d10dc0a6/chapters/appendix-IV-SPDX-license-expressions.md#3-exception-with-operator
[2]: https://github.com/spdx/spdx-spec/blame/231b27009182d92d6ec06582c71ad307d10dc0a6/chapters/appendix-IV-SPDX-license-expressions.md#L90

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


Re: MarkDown conversion of specification live on SPDX GitHub

Thomas Steenbergen
 

Hi,

 

Sorry did not find the time to reply to this thread earlier…

 

@all: Got asked this a couple times – Why Gitbook and not an alternative like Pandoc? My choice in GitBook was driven since I wanted to reduce the threshold for contributions. GitBook offered a defined format + structure, nice HTML output and a nice all-in-one solution including a WYSIWYG editor with GitHub upload (limited Git knowledge required). Could build this with PanDoc as well, have done so before but would have been more work and harder for others to maintain.

 

@Matjia: I should have been clearer in the limitation wording. Should have change “Simplified lay-out as MarkDown” to “Simplified lay-out as MarkDown and GitBook“

ToC simplification is because GitBook by default does not allow anchors in its ToC. I have tested several of the ToC plugins you link to but ones I tried either only worked in HTML or had issues. Will complete testing ToC plugins and ten pick one.

 

As part of fixing broken links I also inserting HTML anchors in MarkDown, hope I find the time to finish this change with next few days and push it to GitHub. My plan is to submit some pull requests to GitBook 4.x to fix some of the limitations I found.

 

@Jack @Trevor: Yes, it’s possible to build multiple versions on the gh-pages branch but uncommon way of working and think this may confuse users.  Topic was discussed in yesterday’s technical meeting current agreement was to have official releases on spdx.org. I am thinking to extend current Gulp build script with 2 new tasks 1) a task to automate deployment of an official release to spdx.org 2) a task to deploy any new release tag to GitHub Releases

 

Regards,

 

Thomas Steenbergen

Principal Engineer Open Source Governance and Policy

 

HERE Deutschland GmbH, Place of Business: Invalidenstraße 116, 10115 Berlin, Germany – Commercial Register: Amtsgericht Charlottenburg, HRB 106443B - USt-IdNr.: DE 812 845 193 - Managing Directors: Michael Bültmann, Robertus A.J. Houben

 

From: <spdx-bounces@...> on behalf of Brad Edmondson <brad.edmondson@...>
Reply-To: "brad.edmondson@..." <brad.edmondson@...>
Date: Monday 10 July 2017 at 22:54
To: "W. Trevor King" <wking@...>
Cc: "opensource@..." <opensource@...>, "spdx@..." <spdx@...>
Subject: Re: MarkDown conversion of specification live on SPDX GitHub

 

+1 for continuous build (I think that's what gulp is), and it gives you linkable tags for free. Very nice.


--

Brad Edmondson, Esq.
512-673-8782 | brad.edmondson@...

 

On Mon, Jul 10, 2017 at 1:41 PM, W. Trevor King <wking@...> wrote:

On Thu, Jul 06, 2017 at 02:38:24PM +0000, Manbeck, Jack via Spdx wrote:
> I want to link to the HTML spec from the website. Is it possible to
> label the 2.1 version so only that shows up on a link?

Once appoach to that would be having gulp build master and and all
tags (that have Markdown content), instead of just building master.
For example:

  https://spdx.github.io/spdx-spec/

would be the master build,

  https://spdx.github.io/spdx-spec/2.1.1-rc1/

would be a build of the 2.1.1-rc1 tag if/when that tag is made,

  https://spdx.github.io/spdx-spec/2.1.1/

would be abuild of the 2.1.1 release if/when that tag is made, etc.
I'm happy to help with tooling for this if it sounds useful.

Cheers,
Trevor

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

 

241 - 260 of 1373