Date   

SPDX General Meeting Minutes and Webpage Update

Phil Odence
 

There was full support for the webpage updates at the General Meeting. The plan is on to move forward if no one raises any concerns in the next week. (text of update is at the bottom of this email)

 

Meeting minutes and link below

 

Thanks,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_234117645   signature_858572913   signature_661693669   signature_167300685

 

 

Minutes:

https://wiki.spdx.org/view/General_Meeting/Minutes/2020-10-01

 

General Meeting/Minutes/2020-10-01

General Meeting‎ | Minutes

·         Attendance: 8

·         Lead by Phil Odence

·         Minutes of Sept meeting Approved

Contents

 [hide

·         1 Webpage Update- Phil

·         2 Tech Team Report - Steve standing in

·         3 Legal Team Report - Paul/Jilayne/Steve

·         4 Outreach Team Report

·         5 Attendees

Webpage Update- Phil[edit]

·         No objections to new copy for website

Tech Team Report - Steve standing in[edit]

·         Spec

·         DCO bot has been turned on for the spec

·         2.2.1

·         ISO requested more information

·         Developed and submitted

·         3.0

·         WilliamB has set up new branch

·         Still working on main profile

·         Minor mods for OMG/NTIA

·         Japan user group has provided inputs

·         Vulnerabilities Profile

·         Working with 3TS group

·         Linkage Profile

·         Name still up in the air

·         Something about of linking docs and vetting provenance

·         Build Profile

·         Kate working on looking at different built systems

·         Tools

·         Google SoC

·         All students passed. Congrats!

·         Rishabh has stayed involved and done some great work

·         Community Bridge

·         2 projects going

·         Tools.spdx.org

·         Funding is $2100 / $2400

·         All tools being transitioned

·         Test instance in place http://52.32.53.255/

·         Please Poke!

Legal Team Report - Paul/Jilayne/Steve[edit]

·         Licensing Profie

·         This has been the recent focus of the team

·         Simplify/Clarify what’s been in place

·         Working doc for initial draft: https://docs.google.com/document/d/1k_2tSlFXvW_SbW-I1DcSEoCNBMQJd4FEFIQr6KCJuyU/edit#

·         Base + Licensing is targeted at the historical use case for SPDX

·         Next step will be to clean up the initial draft for further discussion

·         License List

·         Little change due to focus on Licensing Profile

·         Building up a little backlog

·         Minutes for Legal Team going forward keeps minutes here:

·         https://github.com/spdx/meetings

Outreach Team Report[edit]

·         No Update

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Paul Madick

·         Rishabh Bhatnagar, St Francis Inst Tech

·         Aveek, NextMark Printers

·         Steve Winslow, LF

·         Jilayne Lovejoy, Canonical

·         Michael Herzog- nexB

·         Mike Dolan, Linux Foundation

 

 

From: Phil Odence <podence@...>
Date: Tuesday, September 29, 2020 at 4:00 PM
To: "spdx@..." <spdx@...>
Subject: SPDX Webpage Update

 

All,

The SPDX Core Team has been working on a long overdue update to some of the web content that describes the spec and the project. Below is what we’ve come up with. We think it’s good to go, but at the Thurs General Meeting will see if anyone has concerns that would merit scheduling a meeting to discuss in more detail.

Thanks,

Phil

 

 

----- Short summary for top of main page, https://spdx.dev/ and anywhere else a short summary is needed/used ------

SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information. SPDX reduces redundant work by providing common formats for organizations  and communities to share important data, thereby streamlining and improving compliance, security, and dependability.

 

------------ FOR NEW ABOUT PAGE ----------------------------

 

Our Vision

The vision of SPDX is to reduce redundant work by providing common formats for organizations and communities to share important data, thereby streamlining and improving compliance, security, and dependability. 

 

Our Mission

The mission of SPDX is to develop and promote open standards for communicating software bill of material information, including provenance, license, security, and other related information. 

 

About

SPDX is an open source project hosted by the Linux Foundation. The grass-roots effort includes representatives from a diverse set of organizations—software, systems and tool vendors, foundations and systems integrators. Work is done by two sub-groups: the tech team and the legal team. There is also a monthly general call which provides an overview of progress on the entire project. For more information about getting involved, see the Participate page.

 

The SPDX project is composed of:

  • The SPDX Specification itself
  • the SPDX License List (including exceptions, matching guidelines, license IDs, and license expression syntax)
  • SPDX tools and libraries for working with the SPDX documents and SPDX License List

 

Guiding principles

  • SPDX represents data in formats that are both machine- and human-readable.
  • SPDX focuses on collecting and communicating facts; and provides a framework to make assertions about those facts.
  • SPDX makes no legal interpretations (of licenses or license compliance).
  • SPDX facilitates the efficient exchange of metadata in the supply chain. 

 

Governance Model

The SPDX Governance model is documented here.

 

------------END  FOR NEW ABOUT PAGE ----------------------------

 


Thursday SPDX General Meeting Reminder - w/brief website discussion

Phil Odence
 

Funding SPDX Tool Hosting…$284 to go to our goal: Thanks to a number of contributions (and especially generous contributions from OpenChain, Qualcomm and our own Jilayne) we’ve blown past our phase 1 goal to fund this year and are well on our way to phase 2 to fund next year.

Still a little way to go; if you’ve not already, please contribute: https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

THANKS!

 

Phil Odence

 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Sept 3, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva

 

Website – Input on moving forward with updates (review Tuesday email)

 

Technical Team Report – Steve

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


SPDX Webpage Update

Phil Odence
 

All,

The SPDX Core Team has been working on a long overdue update to some of the web content that describes the spec and the project. Below is what we’ve come up with. We think it’s good to go, but at the Thurs General Meeting will see if anyone has concerns that would merit scheduling a meeting to discuss in more detail.

Thanks,

Phil

 

 

----- Short summary for top of main page, https://spdx.dev/ and anywhere else a short summary is needed/used ------

SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information. SPDX reduces redundant work by providing common formats for organizations  and communities to share important data, thereby streamlining and improving compliance, security, and dependability.

 

------------ FOR NEW ABOUT PAGE ----------------------------

 

Our Vision

The vision of SPDX is to reduce redundant work by providing common formats for organizations and communities to share important data, thereby streamlining and improving compliance, security, and dependability. 

 

Our Mission

The mission of SPDX is to develop and promote open standards for communicating software bill of material information, including provenance, license, security, and other related information. 

 

About

SPDX is an open source project hosted by the Linux Foundation. The grass-roots effort includes representatives from a diverse set of organizations—software, systems and tool vendors, foundations and systems integrators. Work is done by two sub-groups: the tech team and the legal team. There is also a monthly general call which provides an overview of progress on the entire project. For more information about getting involved, see the Participate page.

 

The SPDX project is composed of:

  • The SPDX Specification itself
  • the SPDX License List (including exceptions, matching guidelines, license IDs, and license expression syntax)
  • SPDX tools and libraries for working with the SPDX documents and SPDX License List

 

Guiding principles

  • SPDX represents data in formats that are both machine- and human-readable.
  • SPDX focuses on collecting and communicating facts; and provides a framework to make assertions about those facts.
  • SPDX makes no legal interpretations (of licenses or license compliance).
  • SPDX facilitates the efficient exchange of metadata in the supply chain. 

 

Governance Model

The SPDX Governance model is documented here.

 

------------END  FOR NEW ABOUT PAGE ----------------------------

 


Using SPDX for Python packages license documentation

Philippe Ombredanne
 

Dear Special People Doing eXceptional things:

FYI, I have been working with the Python community to specify how
Python package distributions can use SPDX license expressions for
their Core metadata.

The draft of this spec (called a PEP for Python Enhancement Proposal) is at:
https://www.python.org/dev/peps/pep-0639/

Comments and feedback are welcomed at:
https://discuss.python.org/t/2154

--
Cordially
Philippe Ombredanne

+1 650 799 0949 | pombredanne@...
DejaCode - What's in your code?! - http://www.dejacode.com
AboutCode - Open source for open source - https://www.aboutcode.org
nexB Inc. - http://www.nexb.com


SPDX Sept Gen Meeting Minutes

Phil Odence
 

Thanks to Paul for hosting in my absence.

https://wiki.spdx.org/view/General_Meeting/Minutes/2020-09-03

 

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1436684939   signature_807930114   signature_558097265   signature_1185682222

 


Today's SPDX General Meeting Reminder - Special Presentation

Phil Odence
 

I have a conflict, so Paul will run the show today. Normal agenda, so it should not go the full hour.

 

Funding SPDX Tool Hosting…$800 to go to our goal: Thanks to a number of contributions we’ve blown past our phase 1 goal to fund this year and are well on our way to phase 2 to fund next year. You can still contribute: https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Sept 3, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


Re: Confirming General Meeting datetime and connection info

VM (Vicky) Brasseur
 

Check! Many thanks to you & Mike for the quick responses. My calendar is finally correct on this matter. :)

--V

Steve Winslow wrote on 10/8/20 11:54:

Hi VM, that's correct, for the time being the General meeting has continued to use UberConference for their monthly calls.
Best,
Steve
On Mon, Aug 10, 2020 at 2:43 PM VM (Vicky) Brasseur <spdx@... <mailto:spdx@...>> wrote:
According to the wiki page, the General Meeting call is the first
Thursday of the month and meets on Uberconference:
https://wiki.spdx.org/view/General_Meeting
Is this still correct, or is there (for instance) a Zoom link to use
instead?
--V
--
Steve Winslow
Director of Strategic Programs
The Linux Foundation
swinslow@... <mailto:swinslow@...>


Re: Confirming General Meeting datetime and connection info

Steve Winslow
 

Hi VM, that's correct, for the time being the General meeting has continued to use UberConference for their monthly calls.

Best,
Steve


On Mon, Aug 10, 2020 at 2:43 PM VM (Vicky) Brasseur <spdx@...> wrote:
According to the wiki page, the General Meeting call is the first
Thursday of the month and meets on Uberconference:
https://wiki.spdx.org/view/General_Meeting

Is this still correct, or is there (for instance) a Zoom link to use
instead?

--V





--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Re: Confirming General Meeting datetime and connection info

Michael Dolan
 

On Mon, Aug 10, 2020 at 2:43 PM VM (Vicky) Brasseur <spdx@...> wrote:
According to the wiki page, the General Meeting call is the first
Thursday of the month and meets on Uberconference:
https://wiki.spdx.org/view/General_Meeting

Is this still correct, or is there (for instance) a Zoom link to use
instead?

Yes, that's still correct. SPDX has been using UberConference for a while now. 


Confirming General Meeting datetime and connection info

VM (Vicky) Brasseur
 

According to the wiki page, the General Meeting call is the first Thursday of the month and meets on Uberconference: https://wiki.spdx.org/view/General_Meeting

Is this still correct, or is there (for instance) a Zoom link to use instead?

--V


SPDX Aug General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2020-08-06

 

 

General Meeting/Minutes/2020-08-06

General Meeting‎ | Minutes

·         Attendance: 14

·         Lead by Phil Odence

·         Minutes of Aug meeting

Contents

 [hide

·         1 Presentation - GSoC Smith Tanjong Agbor

·         2 Tech Team Report - Kate / Gary

·         3 Legal Team Report - Paul/Steve

·         4 Outreach Team Report

·         5 Cross Functional

·         6 Attendees

Presentation - GSoC Smith Tanjong Agbor[edit]

·         Validating License Cross References

Tech Team Report - Kate / Gary[edit]

·         Spec

·         2.1 is in good shape

·         Ready to submit to ISO

·         Many big thanks to Steve, Jack, Rex and others for great work

·         Should be an ISO Spec in 4-5 months

·         Also looking at 3.0 for ISO

·         Tools

·         Community Bridge funding project

·         We are through phase 1 (funding for this year)

·         On track for phase 2 next year

·         Should have new infrastructure up in the next month or two

·         Including real URL

·         and SSL for security

·         GSoC

·         All projects are progressing quite well

·         All students have passed 2nd evaluation

·         Aveek started this for SPDX (in addition to LF) and it’s been great for us

·         We get more slots as a consequence

Legal Team Report - Paul/Steve[edit]

·         License List

·         Monday we relapsed 3.10 license list

·         20 new ones

·         Joint meeting upcoming with the tech team to look at 3.0

Outreach Team Report[edit]

·         No Update

Cross Functional[edit]

·          

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         David Wheeler, Linux Foundation

·         Mark Baushke, Juniper

·         Kate Stewart, Linux Foundation

·         Gary O’Neall, SourceAuditor

·         Paul Madick

·         Michael Herzog- nexB

·         Steve Winslow, LF

·         Michael Herzog- nexB

·         Matije Suklje, Liferay

·         Aveek, NextMark Printers

·         Alexios Zavras, Intel

·         Michael Richardson

·         Mike Dolan, Linux Foundation

 


Today's SPDX General Meeting Reminder - Special Presentation

Phil Odence
 

Special Presentation by Tanjong Agbor Smith, one of our Google Summer of Code students

 

Here’s how Tanjong describes himself and his work: I am Tanjong Agbor smith, enrolled in a Masters degree in Computing Science at the University of Alberta. This is my second GSOC contribution for spdx; my first was last year(GSOC 2019) with the License List namespaces project which was a success. I shall be talking about a Google summer of code project titled "Validate license list cross references". This project emanates from a github issue raised, and seeks to provide more information on the validity of urls listed in license files.

 

Funding SPDX Tool Hosting: I’ll also mention that thanks to a number of contributions we’ve blown past our phase 1 goal to fund this year and are well on our way to phase 2 to fund next year. You can still contribute: https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 6, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva

 

Presentation

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


Re: Funding for Hosting On-Line SPDX Tools

 

It would be great. How about Third Monday August at 5pm Pacific? We can do one to two slots on CommunityBridge stuff, each up to 15 minutes + questions.

Can you help pull it together? I would love to showcase the practical stuff happening.

Shane

On Aug 6, 2020, at 2:18, Gary O'Neall <gary@...> wrote:

Hi Shane,



There are a couple of community bridge related topics we could cover.



For the SPDX online tools, I’m planning on presenting to the OpenChain tools workgroup in Sept.



We could also present as part of a webinar.



Another interesting topic would be the work the interns and GSoC students are doing for the tools more generally.



We have a number of mentors and students involved – perhaps some of the mentors would be interested in jointly presenting?



Gary





From: spdx@... <spdx@...> On Behalf Of Shane Coughlan
Sent: Wednesday, August 5, 2020 4:57 AM
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools



Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar?



Shane



On Aug 5, 2020, at 20:26, Alexios Zavras <alexios.zavras@...> wrote:



Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉



-- zvr



From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools



The deployment is a bit complex (Java/Python/Django/PostgreSQL).


Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?



Vladimir



Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928



Re: Funding for Hosting On-Line SPDX Tools

Gary O'Neall
 

Hi Shane,

 

There are a couple of community bridge related topics we could cover.

 

For the SPDX online tools, I’m planning on presenting to the OpenChain tools workgroup in Sept.

 

We could also present as part of a webinar.

 

Another interesting topic would be the work the interns and GSoC students are doing for the tools more generally.

 

We have a number of mentors and students involved – perhaps some of the mentors would be interested in jointly presenting?

 

Gary

 

 

From: spdx@... <spdx@...> On Behalf Of Shane Coughlan
Sent: Wednesday, August 5, 2020 4:57 AM
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar?

 

Shane 



On Aug 5, 2020, at 20:26, Alexios Zavras <alexios.zavras@...> wrote:



Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

Gary O'Neall
 

I actually tried to implement this in a serverless environment (it was my first choice), but there is persistent state required for some of the components.  As Alexios points out – a good future project.

 

The PostgreSQL is necessary as a DB backend.  It also uses Redis – but this doesn’t seem to add too much complexity.  We have some projects underway to reduce the dependency on Java – it would be great to make this all python sometime in the future.

 

BTW – Anyone interested in reviewing and contributing can review the issues listed here: https://github.com/spdx/spdx-online-tools/issues/199

 

Gary

 

From: spdx@... <spdx@...> On Behalf Of Alexios Zavras
Sent: Wednesday, August 5, 2020 4:27 AM
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

 

Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar?

Shane 

On Aug 5, 2020, at 20:26, Alexios Zavras <alexios.zavras@...> wrote:



Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

Alexios Zavras
 

Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

Vladimir Sitnikov
 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

Is the complexity really needed?
Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

Vladimir


Re: Funding for Hosting On-Line SPDX Tools

Gary O'Neall
 

Hi Mark,

 

Yes – SPDX is using AWS for the hosting (see https://github.com/spdx/spdx-online-tools/issues/194 for a discussion on the hosting options).

 

The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Any credits/help is appreciated.

 

I registered the account that is hosting the site – so feel free to contact me for additional details.

 

Gary

 

 

From: spdx@... <spdx@...> On Behalf Of Mark Atwood via lists.spdx.org
Sent: Monday, August 3, 2020 7:15 PM
To: spdx@...; phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

Is SPDX using AWS for any hosting?  I can probably get gratis AWS credits provided to SPDX.

 

And since SPDX is using Github, then Github pages can be used to host HTML/CSS/JS

 

..m

 

 

Mark Atwood <atwoodm@...>

Principal, Open Source

+1-206-604-2198

 

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence
Sent: Tuesday, July 28, 2020 11:18 AM
To: spdx@...
Subject: [EXTERNAL] [spdx] Funding for Hosting On-Line SPDX Tools

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_475269920   signature_224475140   signature_97575969   signature_128435618

 


Re: Funding for Hosting On-Line SPDX Tools

Mark Atwood
 

Is SPDX using AWS for any hosting?  I can probably get gratis AWS credits provided to SPDX.

 

And since SPDX is using Github, then Github pages can be used to host HTML/CSS/JS

 

..m

 

 

Mark Atwood <atwoodm@...>

Principal, Open Source

+1-206-604-2198

 

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence
Sent: Tuesday, July 28, 2020 11:18 AM
To: spdx@...
Subject: [EXTERNAL] [spdx] Funding for Hosting On-Line SPDX Tools

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_475269920   signature_224475140   signature_97575969   signature_128435618