Date   

SPDX at 2012 Events

Kim Weins
 

Hi all

We have created a list of potential events where we would like to have a talk on SPDX.  We will create a few abstracts that anyone can use (or modify).  It would also be helpful to have talks about use cases from some of the end user members of SPDX.

If you are planning to be at one of these events (or an event that's not listed)  and would like to submit a talk on SPDX, please let Kim know kim.weins@....  We’ll try to coordinate so that we can cover as many events as possible.

This list is also available at http://www.spdx.org/wiki/events-2012

  • LF
    • Android Builder/Embedded – Feb CA
    • Collab Summit – Apr CA -- Kim to submit a talk
    • Enterprise Summit – May NY
    • LinuxCon Japan – Jun Yokohama
    • LinuxCon NA – Aug San Diego
    • LinuxCon Europe – Nov Barcelona
  • Others
    • DebConf Jul 2012 Nicaragua
    • OSCON – Jul Portland -- 
    • ApacheCOn – Nov  -  Scott Lamons willing to speak
    • EclipseCon – Mar DC
    • FUDCon – Jan VA
    • Open World Forum -- Fall Paris?



Kim Weins |
Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410  |  cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


Help needed with website update

Kim Weins
 

Hi All

We will be rolling out the new version of the website in early January.  We will have the new website up in parallel from Mon Dec 19 – Fri Jan 6 to move content over from the old site to the new site.  

We are looking for volunteers to own sections of the new site and be responsible for moving content over or filling in new content where needed.  Below are the lists of sections or subsections of the new site and the volunteers so far.  We’d like to get volunteers on each of these.  Please let me know if you are able to take a section.  We will provide detailed instructions on what you need to do and no special technical or HTML skills are needed.

You can review the mindmap for the new website at http://www.spdx.org/wiki/spdx-web-site-mind-maps
You can review the assignment list at  http://www.spdx.org/wiki/website-content-assignments

Kim

  • Intro to SPDX
    • Background -- Phil O
    • Membership -
    • How to Participate
    • Roles & Responsibilities
  • Documentation
    • Current Specification -
    • FAQs - Mark Gisi
    • Archive Specs
    • Whitepapers/Tutorials/Other Content - Kim
    • Beta Collateral - Kim
    • Launch Collateral - Kim
  • Tools -- Gary
  • Current Activities
    • Beta Test  Kim
    • SPDX Launch - Kim
  • WorkGroups
    • General - Phil O
    • Technical -
    • Legal
    • Business - Kim
    • Website Refresh - Web Team
  • Calendar
  • Blogs & Discussion
  • Finding your way around this site



Kim Weins |
Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410  |  cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


Re: SPDX and the Collaboration Summit

Kim Weins
 

The Biz Team will take responsibility for getting a speaking slot at the key
events. We'll of course be asking for volunteers who will be at various
events to do the speaking. I can do the Collab Summit one.

And yes, I think we should do a F2F there.

Kim


On Thu 12/15/11 6:47 AM, "Martin Michlmayr" <tbm@...> wrote:

We had a very productive SPDX meeting at the Collaboration Summit
earlier this year. In 2012, the Collaboration Summit will take place
from April 3 to 5 (again in San Francisco but at a different hotel).

Are we planning to have another face to face meeting in April?

The CFP is currently open and if we want to have a room for a SPDX
meeting we should request one:
https://events.linuxfoundation.org/events/collaboration-summit/cfp

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


SPDX and the Collaboration Summit

Martin Michlmayr
 

We had a very productive SPDX meeting at the Collaboration Summit
earlier this year. In 2012, the Collaboration Summit will take place
from April 3 to 5 (again in San Francisco but at a different hotel).

Are we planning to have another face to face meeting in April?

The CFP is currently open and if we want to have a room for a SPDX
meeting we should request one:
https://events.linuxfoundation.org/events/collaboration-summit/cfp

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard


FW: SPDX General Meeting Thursday Reminder

Philip Odence
 

Sorry, I had the wrong date in the previous version.


From: Phil Odence <podence@...>
Date: Tue, 13 Dec 2011 08:38:27 -0500
To: "spdx@..." <spdx@...>
Subject: SPDX General Meeting Thursday Reminder

Meeting Time: December 15, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes   
http://www.spdx.org/wiki/2011122-general-meeting-minutes
Technical Team Report - Kate

Legal Team Report - Rockett/Karen

Business Team Report - Kim

Cross Functional Issues



SPDX General Meeting Thursday Reminder

Philip Odence
 

Meeting Time: Sept 8, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes   
http://www.spdx.org/wiki/2011122-general-meeting-minutes
Technical Team Report - Kate

Legal Team Report - Rockett/Karen

Business Team Report - Kim

Cross Functional Issues



SPDX Business Team Minutes

Kim Weins
 

Hi all

We had a meeting today — minutes here.
http://www.spdx.org/wiki/business-team-meeting-agendaminutes-2011-12-08.

Topics included:
-Website
-Community outreach
-2012 goals for business team

We are going to be needing help in the next month to migrate content to our new website.  Stay tuned for more info as we request volunteers to own pages or sections.

Kim




Kim Weins |
Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410  |  cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


SPDX General Meeting Minutes

Philip Odence
 

We are back in business!

Next call is Dec 15 at 11am Boston time.



Attendance: 7

     
Technical Team Report - Kate

  • Bugzilla, the final piece of downed infrastracture up, so we are finally fully functional
  • Tech team has been meeting regularly thru the outtage. 
  • Minutes have been distributed through the mailing list and will be posted
  • Shortly a new draft will be available, either "1.1" or "1.0.1"
  • EdW is still working on a proposal for handling hierarchy which will be the basis for SPDX 2.0.
  • There have been some good recent contributions to the SPDX tools including a new verification tool

Business Team Report - Michael Herzog (in Kim's absence)

  • Most of the recent discussion has been on our infrastructure plan in the wake of the outtage.
  • No update on new website.

Legal Team Report - Jilayne (in Rockett's absence)

  • Data license issue
    • Seems to be resolved to everyone's satisfaction.
    • Rockett drafted a pre-amble to the CC0 license and got support from Eben Moglen.
  • Next Steps
    • Templatizing work is resuming in the next Legal Team call.
    • Jilayne is resuming some clean-up on the license list

Cross Functional Issues – Phil

  • Infrastructure
    • Discussed the LF's infrastructure issue. Phil's opinion is that the new infrastructure meets our needs
    • In the next couple weeks there will be a meeting with folks from the Linux Foundation in which they will present an overview what's been done, the idea being to make us comfortable.
    • We don't want to group to be overly large, but if anyone is interested in participating, email Phil.

Open Action Items


Attendees

  • Phil Odence, Black Duck Software
  • Kate Stewart, Canonical
  • Jilayne Lovejoy, OpenLogic
  • Michael Herzog, nexB
  • Philippe Obredanne, nexB
  • Adam Cohn, Cisco
  • Brandon Robinson, Cisco


Re: ** Revised Draft SPDX CC-0 Preamble **

Jilayne Lovejoy <jilayne.lovejoy@...>
 

A few nit-picky, but not crucial suggestions:

  • is "compliance" the right word in the first sentence?
  • first and second sentence seem like they should be the same paragraph, since all related to definition of "SPDX Metadata"
  • "you hereby agree that any copyright... Shall be subject to..." - is that right? Is it the copyright that is subject to the CC-Zero license, or should it be, "you hereby agree that any copyrightable material ... In any SPDX-Metadata... Shall be subject"? (or does it make a difference either way?)
  • "copyright rights" sounds odd. I think that UK attorneys simply would say "copyright" in the first scenario below, which is much cleaner sounding and looking.  Same usage could be implemented in the second scenario or "copyrightable material" as suggested in red below


On 11/30/11 9:01 AM, "Esteban Rockett" <mgia3940@...> wrote:

SPDX Legal Workstream Members:

- Eden is ok with CC-0 and the following preamble for the SDPX-Metadata.

Rockett


** Revised Draft SPDX CC-0 Preamble **

Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata").

The SPDX specification contains numerous fields where an SPDX author may provide relevant explanatory text in SPDX-Metadata.

Without opining on the lawfulness of "database rights" (in jurisdictions where applicable), such explanatory text is copyrightable subject matter in most Berne Convention countries.

By using the SPDX specification, or any portion hereof, you hereby agree that any copyright [rights] STRIKE (as determined by your jurisdiction) in any SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the [below recited] (STRIKE - parentesis at end of sentence says the same thing) Creative Commons CC0 1.0 Universal license (reproduced in its entirety below).

Further, for SPDX-Metadata not containing any copyrightable material, you hereby agree and acknowledge that the SPDX-Metadata is provided to you "as-is" and without any representations or warranties of any kind concerning the SPDX-Metadata, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.

***


Jilayne Lovejoy |  Corporate Counsel
jlovejoy@...

720 240 4545  |  phone
720 240 4556  |  fax
1 888 OpenLogic  |  toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


SPDX Update

Philip Odence
 

SPDX Community,

As most of you know, the Linux Foundation web properties were victim to a very sophisticated attack from which the Foundation is nearly recovered. The time it has taken to recover is reflective of how seriously the Foundation took has taken the incident. They have been pretty much 100%, 7 days a week focused on putting back in place a super-hardened infrastructure to avoid the issue in the future. Finally, SPDX and our mailing lists are back in action. Thanks for your patience. 

This has obviously been a big hit to SPDX progress. Amazingly, some good work has gotten done over the last couple months, hurdles notwithstanding. Now it's time to get a back on track. To get momentum ramped up, we need everyone individually to dive back in; please take 30 seconds to get yourself psyched up. First order of business is for each of the teams to create a report on current status and next steps, which we will circulate to the General list. Otherwise it's business as usual on our old normal schedule.

An elephant in the room is: How do we avoid this in the future? As companies become committed to SPDX, they will also become dependent on our on-line assets. In this sense, the timing of the incident could have been much worse. Let's take it as a wakeup call that we need to ensure we have a reliable site. Given the work that the LF has done, there's a good chance that the new platform and processes are sufficiently secure and reliable for our needs. We are in the midst of discussions with the Linux Foundation to verify that the new infrastructure can meet our needs in the future.

To help everyone sync'ed, below is the ongoing schedule. Looking forward to reconnecting and once again moving forward.

Best wishes,
Phil

L. Philip Odence
Vice President of Business Development
Black Duck Software, Inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence




GENERAL MEETING
Purpose- Reporting out of by each team.
Mailing list- spdx@...
Calls- Every two weeks; Thursday at 11am US Eastern time. Next one: Dec 1
Organizer- Phil Odence, podence@...
Dial in Info-
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

TECHNICAL TEAM MEETING
Purpose- Technical discussion around the spec and its implementation
Mailing list- spdx-tech@...
IRC: #spdx at Freenode.net
Contact - Kate Stewart (stewart@...)
Calls- every week on Tuesday at 2pm EST (1900 GMT)
Host - Bill Schineller (bschineller@...)
Dial in Info-  (877) 435-0230; Conference code: 7833942033.
Screenshare: http://blackducksoftware.na6.acrobat.com/spdxrdf/

BUSINESS TEAM MEETING
Purpose- Discuss business team issues such as website, community outreach, business processes.
Mailing list- spdx-biz@...
Calls- Every other week (opposite week from General Meeting); Thursday 11am ET/8am PT; Next one Dec 8
Organizer-Kim Weins, kim.weins@...
Dial in Info- 866-740-1260  ID 2404502

LEGAL TEAM MEETING
Purpose- Handling all legal issues associated with the project (spec, website, licensing, etc.)
Mailing list- spdx-legal@...
Calls- Every two weeks; Wednesday at 11am US Eastern time. Next one: Nov 30
Organizer-Esteban Rockett rockett@...
Dial in Info-  1.877.825.8522 PIN:0376146


Re: status of git repositories?

Jeff Licquia
 

On 11/26/2011 11:29 AM, Peter Bigot wrote:
I see from email earlier this month that there was some sort of
problem which explains why the tools page link to
http://git.linuxfoundation.org/?p=spdx-tools.git;a=tree does not work
(it comes back with "no such project"). I'd also somewhere run across
minutes from a meeting a couple months ago suggesting the tools were
going to be split into separate Python and Java repositories, so
perhaps the link is simply out of date.

Are these tools still available anywhere, or will they be restored anytime soon?
Yes; the Linux Foundation is still restoring services after the security
breach we had a while back. While a lot has been restored, we're still
ironing out some of the kinks.

You may have better luck with the following link:

http://git.spdx.org/?p=spdx-tools.git;a=summary

If you find any other things that are hard to find, let us know.
--
Jeff Licquia
The Linux Foundation
+1 (317) 915-7441
licquia@...

Linux Foundation Events Schedule: events.linuxfoundation.org
Linux Foundation Training Schedule: training.linuxfoundation.org

Join us this year in celebrating the 20th Anniversary of Linux!
Watch the "Story of Linux" here:
http://www.youtube.com/watch?v=5ocq6_3-nEw
See all of the 20th Anniversary activities here:
http://www.linuxfoundation.org/20th


status of git repositories?

Peter A. Bigot
 

From an email in the OpenEmbedded development group I've found SPDX,
and would like to try following the current specification in a new
open source project I'm going to release. Ideally I'd like to be able
to put tag values into the source files and have them automatically
extracted. So, I'm looking for SPDX-related tools.

I see from email earlier this month that there was some sort of
problem which explains why the tools page link to
http://git.linuxfoundation.org/?p=spdx-tools.git;a=tree does not work
(it comes back with "no such project"). I'd also somewhere run across
minutes from a meeting a couple months ago suggesting the tools were
going to be split into separate Python and Java repositories, so
perhaps the link is simply out of date.

Are these tools still available anywhere, or will they be restored anytime soon?

Thanks.

Peter


SPDX General team meeting schedule

Kirsten Newcomer
 

Hi all, 

My apologies for the missed General team meeting today. I had a conflict today and didn't realize that Phil was also unavailable. 

The next SPDX General meeting will be held on Thursday, December 1, at the usual time of 11 am ET. 

We'll talk to you then! Thanks!

Kirsten

Kirsten Newcomer
Senior Product Manager
Black Duck Software, Inc.

knewcomer@...
Office: +1.781.810.1839   Mobile: +1.781-710-2184


Re: Status of spdx.org

Tom "spot" Callaway
 

On 11/11/2011 12:25 AM, Martin Michlmayr wrote:
- I was asked to install mediawiki a few months ago but afaik this
was not used at all. I've therefore no plans to install it... is
this ok or do you need it? (Note: this is not the wiki at
spdx.org/wiki but a separate wiki that Tom Callaway requested)
I am not currently active on SPDX efforts at the moment, as it is
unclear whether or not Fedora will participate going forward at this
point. I suppose you don't have to add mediawiki just for me then.

~tom

==
Fedora Project


Status of spdx.org

Martin Michlmayr
 

I'm happy to say that spdx.org is back. Here is a status update.

What works:

- Web site: spdx.org (as well as fossbazaar.org) are back.
You should have received an email already on how to reset your
password.

- Mailing lists: all spdx lists (spdx, spdx-tech, spdx-legal
and spdx-biz) are working again; see https://fossbazaar.org/mailman/listinfo
for archives and more information. If you have subscribed to
an SPDX list in the past, you are already subscribed; there's
no need to re-subscribe.

Questions and input needed:

- I performed an audit of the code (i.e. the software behind our
web site). I also looked at the web site and it seems that
everything looks ok. However, if you notice any problems with
the web site, the mailing lists or anything else, let me know.
We had to re-install everything, so it's possible that there
are some problems I'm not aware of.

- I was asked to install mediawiki a few months ago but afaik this
was not used at all. I've therefore no plans to install it... is
this ok or do you need it? (Note: this is not the wiki at
spdx.org/wiki but a separate wiki that Tom Callaway requested)

- Sandbox (we had a test site where Steve Cropper and others were
working on a new design of the web site): I emailed Steve to see
what the requirements are.

Things I cannot help with:

- The bug tracker and the git repos are on LF infrastructure and not
done by me. I don't have an estimate on when they'll be back.
Kate is already in contact with the LF admins on this, however.

Any questions or problems - please let me know.

Martin

P.S. Thanks to Jeff Licquia and Eric Searcy from the Linux Foundation
for their help getting things back.

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard


SPDX General Meeting today

Philip Odence
 

Sorry for the late reminder; I'm just getting back into the post-LinuxCon groove.


Meeting Time: Sept 8, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Technical Team Report - Kate

Legal Team Report - Rockett/Karen

Business Team Report - Kim

Cross Functional Issues – Phil
Handling "over the transom" requests for information on the various lists.


Re: Clarification on purpose and participation

Karim Ratib <karim.ratib@...>
 

Kim and Daniel,

Thanks for your informative replies. My main interest at this point is
to generate an SPDX from a running Drupal installation, not a source
code repository, if at all feasible - I'll check how Ninka can help
there.

In general, my motivation for exploring the software inventory domain
is not legal as much as it is economically oriented: knowing which
open source packages are used in a project is the first step in
budgeting some resources (money, effort) to go towards those packages'
communities. Being an open source producer/consumer myself, I wish
this was an established practice.

Best,
Karim

On Sat, Sep 3, 2011 at 12:48 PM, D M German <dmg@...> wrote:
 Kim Weins twisted the bytes to say:

 Kim> Their are several commercial tools that do this, but we also feel that open
 Kim> source tools will be critical.  Today there are a couple of OSS tools that
 Kim> can help find and identify open source licenses.  One is FOSSology (created
 Kim> and maintained by HP) which is available at fossology.org.  They are also
 Kim> hosting it at OSU's Open Source Lab.  Another is ninka (
 Kim> http://ninka.turingmachine.org/) which was created by Daniel German.  I've
 Kim> cc'd Daniel -- since you may want to talk to him about some of his
 Kim> experience doing this.  I don't believe FOSSology or Ninka will generate an
 Kim> SPDX file (yet).  We also have some free OSS tools on the spdx.org site that
 Kim> can help you convert a software bill of materials from spreadsheet form into
 Kim> SPDX format.  However that assumes you already have the info about what open
 Kim> source licenses are included.

I wrote some scripts that will actually do a decent job of generating an
SPDX document. The only (challenge|problem) is that Ninka does not recognized
many of the SPDX licenses. here is an example, using Linux as the Guinea pig:

http://turingmachine.org/~dmg/temp/linux-3.0.2.spdx.v0.1

Notice that this is not a true SPDX compliant document:

- It is licensed under the Creative Commons.
- It has some extra tags that I find useful.
- It does not contain a verification code.

--dmg

--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .


Re: Clarification on purpose and participation

dmg
 

Kim Weins twisted the bytes to say:

Kim> Their are several commercial tools that do this, but we also feel that open
Kim> source tools will be critical. Today there are a couple of OSS tools that
Kim> can help find and identify open source licenses. One is FOSSology (created
Kim> and maintained by HP) which is available at fossology.org. They are also
Kim> hosting it at OSU's Open Source Lab. Another is ninka (
Kim> http://ninka.turingmachine.org/) which was created by Daniel German. I've
Kim> cc'd Daniel -- since you may want to talk to him about some of his
Kim> experience doing this. I don't believe FOSSology or Ninka will generate an
Kim> SPDX file (yet). We also have some free OSS tools on the spdx.org site that
Kim> can help you convert a software bill of materials from spreadsheet form into
Kim> SPDX format. However that assumes you already have the info about what open
Kim> source licenses are included.

I wrote some scripts that will actually do a decent job of generating an
SPDX document. The only (challenge|problem) is that Ninka does not recognized
many of the SPDX licenses. here is an example, using Linux as the Guinea pig:

http://turingmachine.org/~dmg/temp/linux-3.0.2.spdx.v0.1

Notice that this is not a true SPDX compliant document:

- It is licensed under the Creative Commons.
- It has some extra tags that I find useful.
- It does not contain a verification code.

--dmg

--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .


Re: Clarification on purpose and participation

Kim Weins
 

Hi Karim

Thanks so much for your interest and sorry for the slow response!

All of the questions that you have asked are exactly on track with our next
steps for SPDX. Now that we have a v1 of the SPDX spec, we want to start to
create tools that will help developers that create or use OSS to better
generate SPDX files.

Their are several commercial tools that do this, but we also feel that open
source tools will be critical. Today there are a couple of OSS tools that
can help find and identify open source licenses. One is FOSSology (created
and maintained by HP) which is available at fossology.org. They are also
hosting it at OSU's Open Source Lab. Another is ninka (
http://ninka.turingmachine.org/) which was created by Daniel German. I've
cc'd Daniel -- since you may want to talk to him about some of his
experience doing this. I don't believe FOSSology or Ninka will generate an
SPDX file (yet). We also have some free OSS tools on the spdx.org site that
can help you convert a software bill of materials from spreadsheet form into
SPDX format. However that assumes you already have the info about what open
source licenses are included.

We are also looking to create additional tools/toolkits that can be used,
and would love help in that process.

If you are interested in participating, we have three workstreams --
technical, legal and business. Each group holds regular open calls to
discuss issues. You can find more details on the participate section of
spdx.org.

Also, you can sign up for the mailing lists and participate that way as
well.

Kim



On Fri 8/26/11 3:57 PM, "Karim Ratib" <karim.ratib@...> wrote:

Hello,

I just discovered SPDX and after watching the 3-minute video and
reading through the Web site, I am eager to understand more - and
possibly to participate in the effort, in my capacity as a software
developer.

I develop web applications using the open source Drupal CMS, and each
implementation typically uses tens, if not hundreds, of contributed
modules. Each module as well as the core system are GPL licensed. I
would like to generate a bill of material for the whole application,
and eventually for the server that hosts the application.

My initial thought is to write a software tool that generates a single
SPDX file based on the Drupal installation's metadata - core version,
installed modules, additional libraries, etc.

Is this what would be expected to comply with the SPDX vision?

As follow-up questions:
- Is there a convention to query Web applications for their SPDX (e.g.
a well-known URI) ?
Nope. Interesting idea thought
- Are there existing tools within Linux distributions to generate SPDX
for installed packages ?
Nope. We want to create some tools though.
- Is there a recommended workflow for generating a comprehensive SPDX
document for a given computer (desktop/server) ?
Nope.

Sorry of these are naive questions - thanks in advance for taking the
time to enlighten me.

Karim
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


Canceled Event: SPDX Legal Workstream Call 11ET/10CT/8PT @ Wed Aug 31 8am - 9am (spdx@fossbazaar.org)

Esteban Rockett <mgia3940@...>
 

This event has been canceled and removed from your calendar.

SPDX Legal Workstream Call 11ET/10CT/8PT

All:

As discussed, this is a reminder that we agreed to meet "same time, same place" this week to attempt to finish resolving the "meta-data/confidentiality issue for verision 1.1 of the specification.

I actually thought I sent this reminder notice out last week, but just noticed I did not.

(I just went through a complex week, with moving from the East Coast to California, and (due to Hurricane Irene) 2 re-scheduled flights and lost of power when I needed to finish packing up family ... hard to pack in the dark.)

Many thanks,

Rockett

Motorola Inc.
E.A. Rockett
Senior Counsel
Software, Applications &
Digital Content Licensing
(408)541-6703 (O)
(408)541-6900 (F)
(415)508-7625 (M)
rockett@...

When
Wed Aug 31 8am – 9am Pacific Time
Where
Conference Bridge 1.877.825.8522 PIN:0376146 (map)
Calendar
spdx@...
Who
Esteban Rockett - organizer

Invitation from Google Calendar

You are receiving this courtesy email at the account spdx@... because you are an attendee of this event.

To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.