Date   

Migration to Groups.io Completed

Johnson Nguyen
 

Greetings SPDX community!

We are writing to let you know that the migration of your mailing list services to Groups.io is complete. Please be sure to visit lists.spdx.org to overview your current lists and settings. If you’d like to learn more about using Groups.io , please reference their help documentation. If you need assistance with Groups.io, please email helpdesk@... for The Linux Foundation’s helpdesk.


REMINDER: New mailing list migration for SPDX tomorrow June 13

Manbeck, Jack
 

All,

 

Hopefully you have seen the email from the Linux Foundation on the our mailing list migration which will occur tomorrow, June 13th. You can get an overview of the new feature’s here. I have re-printed the email from the LF below which has some specifics about the move, who to contact if you have issues and general information on what Groups.io is.

 

There should be no impact for the general, technical and legal lists. The business list will change its name to outreach to complete the name change we did earlier. Other than that the migration should be seamless for you.

 

In addition to the above, whenever anyone signs up for the technical, legal or outreach lists they will be added to the general list (spdx) automatically which will become our main announcement only list (which is how it works today). This means, as part of the migration, if you were not subscribed to the general list you will be. This is a VERY low volume list used only for general announcement’s.

 

Should you run into any difficulties with the new list after the 13th use the assistance email in the mail below. Should you wish to explore using any of the new integration features of Groups.io please discuss that within the relevant team for which it applies. Also, we may send one test email to each mailing list after the transition which can be deleted by you.

 

Again, there should be no action required by you as part of this move.

 

Best regards,

 

Jack Manbeck

 

 

LF email:

 

<<<< 

 

Greetings SPDX community!

The Linux Foundation has connected with a new vendor called Groups.io, which provides mailing list services in a simple but modern interface. Groups.io offers all of the capabilities of our existing Mailman mailing service plus additional community tools that make it an exceptional service solution.

We are planning to migrate your existing mailing list archives and user lists to Groups.io on Wednesday June 13th starting at 9:30am PST.

The migration will include details on subscriber preferences and owner or moderator privileges.

Owners and Moderators: Please be aware pending memberships or posts (and similar pending moderation actions) in Mailman will not be preserved in this migration. We recommend re-checking for any such pending decisions and taking action on them within Mailman one hour prior to the start of the migration window.

During the migration window you will still be able to access the archives, however the delivery of messages sent to the mailing lists during this window will be delayed until after the migration of the archives and list members are complete. We will turn off new list signups during the migration window, then this functionality will be restored once it is complete.

 

FAQs

What are the key differences between Mailman and Groups.io?

·        Groups.io has a modern interface, robust user security model, and interactive, searchable archives

·        Groups.io provides advanced features including muting threads and integrations with modern tools like GitHub, Slack, and Trello

·        Groups.io also has optional extras like a shared calendar, polling, chat, a wiki, and more

·        Groups.io uses a concept of subgroups, where members first join the project “group” (a master list, normally called "main"), then they choose the specific “subgroup” lists they want to subscribe to

How do the costs compare?

The Linux Foundation can provide project-branded Groups.io accounts to projects for less cost than managing our in-house Mailman systems.

How is the experience different for me as a list moderator or participant?

In many ways, it is very much the same. You will still find the main group at your existing URL and sub-groups equate to the more focused mailing lists based on the community’s needs. Here is an example of main group and sub-group URL patterns, and their respective emails:

https://lists.projectname.org/g/main

https://lists.projectname.org/g/devs

https://lists.projectname.org/g/ci

main@...

devs@...

ci@...

What is different is Groups.io’s simple but highly functional UI that will make the experience of moderating or participating in the community discussions more enjoyable.

Where do I find the settings and owner/moderator tools?

If you’d like to learn more about using Groups.io , please reference their help documentation. If you need assistance with Groups.io, please email helpdesk@... for The Linux Foundation’s helpdesk.


Cheers!

Brendan OSullivan

 

Helpdesk Analyst

The Linux Foundation

 

>>> 

 


Re: May SPDX General Meeting Minutes

Matija Šuklje
 

On četrtek, 03. maj 2018 17:51:26 CEST Phil Odence wrote:
Matije Suklje, LF
Flattered, but my affiliation is with Liferay :)

Was a very interesting call. I’m miffed that we have some important internal
conference call clash directly and 100% every time with the SPDX Legal call.


cheers,
Matija Šuklje
--
gsm: +386 41 849 552
www: http://matija.suklje.name
xmpp: matija.suklje@gabbler.org
sip: matija_suklje@ippi.fr


Re: Spdx Digest, Vol 93, Issue 2

Kate Stewart
 

Hi John,
    Thanks for reaching out!  I think this discussion is best handled 
with the tech team so switching mailing lists, and moving 
general to bcc.  :-)

    Some of the information you're proposing in SEvA is already 
handled in the SPDX specification.  https://spdx.github.io/spdx-spec/ 
which has been in development by supply chain participants for 
over 8 years now.

    Its not clear from your proposal if you're planning on using
the SPDX license identifiers to capture the licensing information,
can you clarify this?   Also, have you compared the information 
you're looking to be captured in SEvA with the fields that are 
already in place and standardized on in the specification?

The next rev of the specification will explicitly permit JSON and YAML,
document expression in addition to RDF, tag:value. Prototype translators 
between formats are already in place if you want to experiment. 

If there are fields you're looking to see captured,  that aren't in place already,
Feel free to open an issues on https://github.com/spdx/spdx-spec/issues
with background how it will be used, and where the information should be
derived from. 

Also, if you'd like to have a more interactive discussion,  the tech team
meets weekly[1], and we'd be happy to add you on to the agenda to 
explore collaboration options,  just let us know. 

Looking forward to continuing the discussion. 

Thanks,
Kate 

SPDX tech team co-lead.

   


On Thu, May 3, 2018 at 11:01 AM, John Scott (Ion) <john.scott@...> wrote:
Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

-------------------------------------------
John Scott, President, Ion Channel
 240.401.6574 @johnmscott
www.ionchannel.io

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to
spdx@...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...

You can reach the person managing the list at
spdx-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."


Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


----------------------------------------------------------------------

Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@internal.synopsys.com>
Content-Type: text/plain; charset="utf-8"

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila



Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings



Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation



Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 93, Issue 2
***********************************

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx



Re: Spdx Digest, Vol 93, Issue 2

John Scott
 

Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

-------------------------------------------
John Scott, President, Ion Channel
 240.401.6574 @johnmscott
www.ionchannel.io

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to
spdx@...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...

You can reach the person managing the list at
spdx-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."


Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


----------------------------------------------------------------------

Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@...>
Content-Type: text/plain; charset="utf-8"

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila



Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings



Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation



Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 93, Issue 2
***********************************


May SPDX General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

 

General Meeting/Minutes/2018-05-03

< General Meeting‎ | Minutes

·         Attendance: 12

·         Lead by Phil Odence

·         Minutes of April meeting approved 

Contents

 [hide

·         1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn

·         2 Tech Team Report - Kate/Gary

·         3 Outreach Team Report - Jack

·         4 Legal Team Report - Paul

·         5 Attendees

Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit]

·         Variant on Leadership Summit Presentation

·         Don’t need to define SPDX

·         Will show product for illustrative purposes

·         Governance Today

·         Different formats for BoMs

·         Challenges

·         Manually updating

·         Compliance Management

·         Requires consistent tooling

·         Goals using SPDX 

·         Automate BoM

·         Automate Reporting

·         Single format

·         Illustration

·         Replace disparate BoMs with SPDX versions

·         Load into a single data store (example Apache Jena Fuseki

·         Query with Sparql

·         Demo

·         Aggregating multiple BoMs

·         Committing change to GItLab

·         CI/CD- Build and Scan

·         Generate new SPDX doc for changed project

·         Sparql queries

·         Policy checks

·         Voila

 

Tech Team Report - Kate/Gary[edit]

·         Working on outstanding requests for 2.2

·         License expression features

·         Handling cases of annotations and extensions to address

·         2.1.1 pdf

·         Wrestling with tools a bit

·         GoSoC 

·         Students and mentors in place

·         Should be hearing from students during community bonding period

·         Projects lined up

·         Will present during General Meetings

 

Outreach Team Report - Jack[edit]

·         LinuxCon Vancouver

·         Trying to organize “back off” day before event starts

·         Website:

·         Still waiting on LF for moving Website to Wordpress

·         Content

·         Looking at a variety of ways

·         Looking at audio/video recordings

·         Could include monthly talks

·         Yev volunteered to do his

·         Looking for more people involvement in OTeam

Legal Team Report - Paul[edit]

·         Released latest rev of license list

·         Kudos Jilayne and others

·         Working out how to manage license submissions in new world

·         GoSoC student working out automation

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Matthew Crawford, ARM

·         Yev Bronshteyn, Black Duck/Synopsys

·         Steve Billings, Black Duck/Synopsys

·         Gary O’Neall, SourceAuditor

·         Dave Marr, Qualcomm

·         Jack Manbeck, TI

·         Kate Stewart, Linux Foundation

·         Steve Winslow, LF

·         Paul Madick, Dimension Data

·         Matije Suklje, LF

·         John Scott, Ion Channel

 


Reminder of Thursday's SPDX General Meeting...with guest speaker!

Phil Odence
 

Speaking this month will be our own Yev; he’ll share a scaled down version of his talk from the Leadership Summit. Hope you can join! Note: Yev will be using some slides and sharing his screen, so, if possible, be in front of your computer.

 

Automating Governance with SPDX

Today’s enterprises often have diverse processes for incorporating, managing, and analyzing their open source components. In this talk, we’ll demonstrate how SPDX provides a common baseline for a variety of governance tools, and how SPDX generation and analysis can be automated to attain real-time, actionable intelligence.

 

Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. In addition to being a member of the SPDX technical team, he has spoken at a number of technical conferences and user groups contributed to a number of technical blogs.

 


L. Philip Odence
General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
M: +1.781.258.9502
www.blackducksoftware.com  

 

 

GENERAL MEETING

 

Meeting Time: Thurs, May 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05

 

“Guest” Presentation – Yev

 

Technical Team Report – Kate

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 


April General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05

 

 

General Meeting/Minutes/2018-04-05

< General Meeting‎ | Minutes

·         Attendance: 13

·         Lead by Phil Odence / Jack Manbeck

·         Minutes of March meeting approved 

Contents

 [hide

·         1 Adoption Update- Kate

·         2 Tech Team Report - Kate

·         3 Outreach Team Report - Jack

·         4 Legal Team Report - Jilayne

·         5 Attendees

Adoption Update- Kate[edit]

·         License List Identifiers Update

·         DEP 5 adopting, LF and others

·         IDs in Source

·         U-Boot, selected projects, LF projects including the Kernel

·         Eclipse, FreeBSD, REUSE.software

·         Open Gov Partnership

·         Doc Creation

·         New formats: YAML, others

·         Tooling

·         Open Source

·         SPDX Tools, FOSSology, ScanCode

·         Commercial

·         Wind REiver, Protecode, SourceAuditor, TripleCHeck, WS (license list only), BD

·         Scan tool accuracy- Different tools get slightly differing results

·         Formats correctness- worth checking too

·         Outreach time is working on examples for testing

·         SPDX tools have compare capabilities

·         New Tools for Inside Org workflow

·         SPDX online tools to validate and compare

·         SW360, ORT, Quartermaster

·         Between Orgs

·         Aligning with OpenChain

·         REUSE by FSFE- Conventions for best practices for how/where to include license info (check out their cute video)

·         Emerging: Software Parts Ledger

·         Blockchain Hyperledger (driven by Wind River)

·         Missing Pieces

·         Real world reference examples, use studies, build integration

 

Tech Team Report - Kate[edit]

·         Looking at google summer of code. That’s apriority right now. We are reviewing proposals from candidates and have eighteen this year! The quality of the proposals seems to be very good. Not sure how many slots google will give us yet (should know next week) but we are asking for 5-6.

·         We have just enough mentors for the project’s but would welcome any additional ones. No experience needed and you can be teamed up with an experienced mentor. There is much you can do, even non-technical.

·         The 2.1.1 specification update is pending. All GIT issues are resolved. This is a minor update for mostly types and clarifications and changes to support the specification being in GitHub. Kate is working with Thomas to be able to generate a review version to send out. Expect the review time frame to be 1-2 weeks long.

Outreach Team Report - Jack[edit]

·         We are revamping the main suite for the Use area. What we had was an initial cut. Pages are being broken out and expanded. First section to change will the license identifiers in source (Steve Winlsow from the LF is doing this) followed by the list and documents sections.

·         SPDX website move. No movement yet. Still waiting on the LF to come back with a new update. They have to get extra help to figure out how to do the license list and rdf pages that we auto generate.

·         If anyone is going to LinuxCon in Vancouver (August) the call for papers is open. Please submit any you might o have on SPDX. We are also investigating whether we can do another tool bake off and/or a birds of a feather session.

Legal Team Report - Jilayne[edit]

·         3.1 license list is still pending. Need to make sure all open issues on it are resolved. Anyone wishing to help (which would be greatly appreciated) should join the Legal Calls.

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Matthew Crawford, ARM

·         Steve Winslow, LF

·         Dennis Clark, NexB

·         Kate Stewart, Linux Foundation

·         Jack Manbeck, TI

·         Jilayne Lovejoy, ARM

·         Michael Herzog- nexB

·         Matije Suklje, LF

·         Bradlee Edmondson, Harvard

·         Gary O’Neall, SourceAuditor

·         Dave Marr, Qualcomm

·         Philippe Ombrédanne- nexB

 

 


Thursday SPDX General Meeting Reminder

Phil Odence
 

Our “guest” speaker this week is Kate Stewart, guest in her own home. Over the past year,  we've seen a lot of open source projects as well as commercial tools able to interact with SPDX (license ids, 1 line comments,  documents).  Kate will give an overview of the projects in the SPDX ecosystem that she's aware of, and is interested in learning about any she's missed from other meeting attendees.

Best, 

Phil


L. Philip Odence
General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
M: +1.781.258.9502
www.blackducksoftware.com  

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:  https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01

 

Technical Team Report – Phil

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 

 

 


Re: agenda for OSLS

J Lovejoy
 

Quick update/reminder:

There will be no legal team call tomorrow (Thursday)

We will be having our F2F in Sonoma, CA Friday.
We’ll meet at 9am in Kenwood 2

We will use the usual conference line for those who want to join from afar:
Web conference: http://uberconference.com/SPDXTeam
Optional dial in number: 415-881-1586
No PIN needed

A bit more on and re-order on agenda:
  1. Updates to spec and next release planning
    1. Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
    2. SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec? How to get people to notice and understand SPDX specification fields that relate to licenses, 
  2. Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  3. Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    1. what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  4. SPDX “relaxed” - some people are providing SPDX documents that lack some of mandatory fields, thus are not SPDX compliant, but this is still useful info. Should we have a “relaxed” option or some kind of grading for SPDX documents to encourage more use.

Thanks!

Jilayne & Kate




On Feb 27, 2018, at 7:06 AM, J Lovejoy <opensource@...> wrote:

oops, forgot one of the topics - added to list below!



On Feb 27, 2018, at 8:05 AM, J Lovejoy <opensource@...> wrote:

HI all SPDX teams,

Open Source Leadership Summit is coming up next week and the Linux Foundation has been generous enough to reserve a room at the venue the morning after the event ends for our face-to-face working group.  

We’ll meet on Friday, March 9th, from 9am to lunch. (room name TBD)

We have quite a few cross-functional topics lined up, so we’ll meet as a group. Topics will include:

  • Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  • Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    • what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  • Updates to spec and next release planning
  • Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
  • SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec?
  • SPDX “relaxed” - some people are providing SPDX documents that lack some of mandatory fields, thus are not SPDX compliant, but this is still useful info. Should we have a “relaxed” option or some kind of grading for SPDX documents to encourage more use.

Please let me know if I’ve missed anything or if there is any kind of preferred order of topics.  


Thanks,
Jilayne

SPDX Legal Team co-lead
opensource@...


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal


SPDX March General Meeting Minutes

Philip Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01

 

General Meeting/Minutes/2018-03-01

< General Meeting‎ | Minutes

·         Attendance: 6

·         Lead by Phil Odence

·         Minutes of Feb meeting approved 

Contents

 [hide

·         1 Tech Team Report - notes sent by Kate

·         2 Outreach Team Report - Jack out

·         3 Legal Team Report - Bradlee

·         4 Attendees

Tech Team Report - notes sent by Kate[edit]

·         Thomas continues to get closer on 2.1.1 release, most changes from Trevor merged now.

·         Reviewed PURL proposal and concensus was to adopt for 2.2, after we see it finalize and be picked up by other projects.

·         PURL is a a generalized way to specify a package.

·         Discussion of multiple formats being supported (JSON, YAML, etc.),  as long as there are translation tools, and we follow the RDF naming, agreement to introduce them in 2.2.

 

Outreach Team Report - Jack out[edit]

·         Website migration- No update from the LF

·         British Computer Society

·         Open Source Group

·         March 22

·         Alexios presenting on SPDX

·         https://ossg220318.eventbrite.co.uk/

 

Legal Team Report - Bradlee[edit]

·         3.1 LL release, end of March

·         Then back to 3 month cadence

·         Jilayne working with FSF on status of their license evaluation

·         For Summit Topics

·         Use of GitHub for licenses and Spec

·         Philipe ID’ed some licenses in the Kernel that are not in the list

·         He’s putting together pull requests

·         There are a number of others, the he believes might be candidate.

·         He’ll prioritize and will “drip” to the Legal Team

·         Also some discussion about what to do, if anything, about proprietary licenses

·         Could be make sense to have a common identifier for commonly used ones

·         Could conceivably use the same architecture for proprietary 

·         Also discussing a “relaxed” format.

·         Not necessarily including all the checksums

·         So could might introduce levels of SPDX compliance (A, AA, AAA…or something)

·         Discussion of how to get more lawyers involved.

·         Women lawyers would be particularly welcome

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Dennis Clark, NexB

·         Steve Winslow, LF

·         Bradlee Edmondson, Harvard

·         Matthew Crawford, ARM

 

 


Today's SPDX General Meeting Reminder

Philip Odence
 

They have to stop starting month’s on a Thursday, or I will never remember to get reminders out.

 

Today’s meeting should be just a quick update. Hope you will be able to join.

 

Best,

Phil


L. Philip Odence
Sr. Director/General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
O: +1.781.425.4479, M: +1.781.258.9502, Skype: philip.odence
www.blackducksoftware.com  

 

 

GENERAL MEETING

 

Meeting Time: Thurs, March 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01

 

Technical Team Report – Phil

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 

 


Re: agenda for OSLS

J Lovejoy
 

oops, forgot one of the topics - added to list below!



On Feb 27, 2018, at 8:05 AM, J Lovejoy <opensource@...> wrote:

HI all SPDX teams,

Open Source Leadership Summit is coming up next week and the Linux Foundation has been generous enough to reserve a room at the venue the morning after the event ends for our face-to-face working group.  

We’ll meet on Friday, March 9th, from 9am to lunch. (room name TBD)

We have quite a few cross-functional topics lined up, so we’ll meet as a group. Topics will include:

  • Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  • Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    • what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  • Updates to spec and next release planning
  • Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
  • SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec?
  • SPDX “relaxed” - some people are providing SPDX documents that lack some of mandatory fields, thus are not SPDX compliant, but this is still useful info. Should we have a “relaxed” option or some kind of grading for SPDX documents to encourage more use.

Please let me know if I’ve missed anything or if there is any kind of preferred order of topics.  


Thanks,
Jilayne

SPDX Legal Team co-lead
opensource@...


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


agenda for OSLS

J Lovejoy
 

HI all SPDX teams,

Open Source Leadership Summit is coming up next week and the Linux Foundation has been generous enough to reserve a room at the venue the morning after the event ends for our face-to-face working group.  

We’ll meet on Friday, March 9th, from 9am to lunch. (room name TBD)

We have quite a few cross-functional topics lined up, so we’ll meet as a group. Topics will include:

  • Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  • Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    • what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  • Updates to spec and next release planning
  • Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
  • SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec?

Please let me know if I’ve missed anything or if there is any kind of preferred order of topics.  


Thanks,
Jilayne

SPDX Legal Team co-lead
opensource@...



Feb SPDX General Meeting Minutes

Philip Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01

 

General Meeting/Minutes/2018-02-01

< General Meeting‎ | Minutes

·         Attendance: 13

·         Lead by Phil Odence

·         Minutes of Jan meeting approved 

Contents

 [hide

·         1 Tech Team Report - Kate

·         2 Outreach Team Report - Jack

·         3 Legal Team Report - Jilayne

·         4 Attendees

Tech Team Report - Kate[edit]

·         Highlights

·         Looking at multiple formats supported

·         Much of January dedicated

·         JSON and YAML

·         Some interest in deprecating

·         Submitted Google SoC project, once again

·         Have usually been accepted in advance

·         Should know by next meeting

·         Can still contribute ideas

 

Outreach Team Report – Jack [edit]

·         Website migration

·         Waiting on date from LF

·         Need a mechanism for pushing some generated pages (licensing/RDF)

·         Today’s meeting will be to lay out a roadmap

·         Linux Leadership Summit

·         Meetings Friday

·         Jilayne sending out notice to try to hustle up participation

·         Anyone who needs an invite can contact Kate

·         FOSSDEM is this weekend

·         Will be streamed from Brussels

·         Legal and Policy track

·         Jilayne speaking

 

Legal Team Report - Jilayne[edit]

·         Major release of license list recently

·         3.1 release

·         Aiming to align 3.2 version with 2.2 spec

·         Undergoing technical and legal review

·         Transitioning to taking advantage of GitHub capabilities

·         Technical stuff on track

·         Reviewing some new licenses, need naming conventions

 

Attendees[edit]

·         Phil Odence, Black Duck/Synpsys

·         Kate Stewart, Linux Foundation

·         Mike Dolan, Linux Foundation

·         Steve Winslow, LF

·         Jeff Luszcz, Flexera

·         Jack Manbeck, TI

·         Denisse Weil, 

·         Robert Musial, Progressive

·         Gary O’Neall, SourceAuditor

·         Bradlee Edmondson, Harvard

·         Matthew Crawford, ARM

·         Jilayne Lovejoy, ARM

·         Michael Herzog- nexB

 

 


SPDX General Meeting Today

Philip Odence
 

Sorry for the late reminder. I confess that Feb 1 snuck up on me.

 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Feb 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-12-07  

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 


SPDX servers rebooting over the weekend for Spectre/Meltdown remediation.

Kate Stewart
 

Hi,
   Just heard from LF IT that our SPDX site & wiki will be rebooting 
this weekend, as the apply the Meltdown/Spectre remediation.

It should just be down for 5 minutes early this weekend, so this is
mostly for your information, in case you notice something.

Kate


Re: SPDX at Leadership Summit in March

Philip Odence
 

Hello,

If you did not respond to this before, please do now. Thanks

Best regards,

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

From: Philip Odence <podence@...>
Date: Wednesday, November 22, 2017 at 9:46 AM
To: "spdx@..." <spdx@...>, "spdx-tech@..." <spdx-tech@...>, "spdx-biz@..." <spdx-biz@...>, "spdx-legal@..." <spdx-legal@...>
Subject: SPDX at Leadership Summit in March

 

As you may know, the Linux Foundation Leadership Summit is in Sonoma, March 6-8. Additionally, there will be group meetings on the Monday before and Friday after for SPDX and Open Chain respectively.

 

The call for papers was just published. Please consider submitting a paper. There’s an appetite for talks on SPDX tooling, automation or usage.

http://events.linuxfoundation.org/events/open-source-leadership-summit/program/callforproposals

 

Please take this 1 minute survey to give a sense of the likelihood or your attending:

https://www.surveymonkey.com/r/NLX7KXN

 

Best regards,

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 


Thursday SPDX General Meeting Reminder

Philip Odence
 

Happy New Year. No guest speaker this month, therefore should be a fairly short meeting.

 

GENERAL MEETING

 

Meeting Time: Thurs, Jan 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-12-07

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 

 

 


Re: SPDX License List 3.0 is now live!

W. Trevor King
 

On Fri, Dec 29, 2017 at 03:26:47PM -0500, Neal Gompa wrote:
Aww man, you've got to be kidding? You got rid of the "+" signifier
and now we have to write out words?!

I really don't like this change. It makes things more verbose for no
benefit.
This issue has seen a a lot of discussion over the past year (going
back at least as far as May [1]). I'm also not wild about the change
(although there are *some* benefits), but discussing it should
probably be an issue for the spdx-legal@ list only (no need to drag in
spdx@ or spdx-biz@, and the spdx-tech@ folks are probably all
listening on spdx-legal@ anyway). I propose we continue this
discussion on spdx-legal@ only, and have only included the other
spdx-*@ in my message in case folks there are wondering where the
conversation went ;).

Cheers,
Trevor

[1]: https://lists.spdx.org/pipermail/spdx-legal/2017-May/001975.html
Subject: various threads on "only" suffix (for GPL)
Date: Fri, 26 May 2017 11:01:44 -0600
Message-ID: <ED57B88B-2056-44F8-B632-037E91A13907@jilayne.com>

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy

201 - 220 of 1373