|
Re: Software unique identification
Roger Meier <roger@...>
Hi Michel
toggle quoted message
Show quoted text
I think the "Official Common Platform Enumeration (CPE) Dictionary" http://nvd.nist.gov/cpe.cfm is a good starting point for this topic. another source to consider is ISO/IEC 19770 all the best! -roger ;-r Quoting "RUFFIN, MICHEL (MICHEL)" <michel.ruffin@...>: Dear all we are facing a very difficult issue: How to identify uniquely Software. |
|
|
|
Re: Software unique identification
Armijn Hemel - Tjaldur Software Governance Solutions <armijn@...>
hi,
I am currently a senior systems engineer at Nokia, and I can sayThis is not my experience at all. In the Binary Analysis Tool I use fingerprinting using string constants, function names, variable names, and so on, and I can reliably tell versions of binaries apart (granted: the information has to be in my database). This is absolutely no problem at all. armijn -- Armijn Hemel, MSc Tjaldur Software Governance Solutions |
|
|
|
Re: Software unique identification
William Boyle
I am currently a senior systems engineer at Nokia, and I can say
without reservation that we face this problem also, identifying specific versions of software (binaries as well as sources). Binaries can change, even if the source does not, if for example the compiler is updated, or associated libraries. This is especially problematic when the libraries are (as is often the case) dynamically-linked shared libraries. Bill Boyle Senior Systems Engineer, Nokia Mobile Phones, Itasca, Illinois On Mon, May 13, 2013 at 9:56 AM, RUFFIN, MICHEL (MICHEL) <michel.ruffin@...> wrote: Dear all we are facing a very difficult issue: How to identify uniquely |
|
|
|
Software unique identification
RUFFIN MICHEL
Dear all we are facing a very difficult issue: How to identify uniquely Software.
In Alcatel-Lucent (ALU) we would like to link all our databases on SW (FOSS SW, proprietary SW, FOSS SW coming in proprietary solutions, FOSS coming from outsourcing contracts, …) The goal is to automate a lot of things: royalty tracking, producing documentations
on FOSS respecting the license obligations automatically, knowing which ALU product is using what SW, automatically connecting with tools such as Blackduck protex or Palamida or any others of their competitors, …………………………………………….
The major issue is SW unique identification: Today we have the following:
I know that SPDX is not perhaps the best place to discuss this issue, but I would like to engage a discussion on this topic
So my question here is: do you have similar concerns in your companies, and what can we do to solve this issue (should we create a group on this?)
Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France |
|
|
|
Minutes from May 2 Meeting
Philip Odence
The survey is still open. If you haven't responded, please do: www.spdx.org/survey
|
|
|
|
SPDX General Meeting Reminder and Collab Summit Summary
Philip Odence
Announcements
Summary of very successful Collaboration Summit (also appended at the bottom)
HELP WITH THE SURVEY (please please please)
Meeting Time: Thursday, May 2, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Next steps
Legal Team Report - Jilayne
Next steps
Business Team Report – Jack/Scott
Next steps
Cross Functional Issues –
Phil
Website Update – Jack
COLLABORATION SUMMIT SUMMARY
For those of you who didn’t make it to the Collaboration Summit, below is a summary of the different components of the event. It was pretty inspiring in a number of ways…for me, it felt like the
rubber is finally meeting the road seeing real tools—our own, from academia, and commercial—putting out real live SPDX docs. The every positive KarenC summed it up as “The discussions have much more of a feeling that this has to happen – the only questions
are around how.” And I agree.
All the team leads did an outstanding job organizing our ever expanding involvement in Linux event. (Now we even get our own track.) Gary, MarkG and Adam were also key in pulling this off.
Tech Team Working Session
In this session we went through the current model proposal for 2.0, and discussed options that would simplify the model, and still meet the use cases we're targeting. We were also able to start
off the relationship and element usage enumerations. Full details can be found at: http://wiki.spdx.org/view/Technical_Team/Minutes/2013-04-16.
Legal Team Working Session
The SPDX Legal Team met at the LF Collab Summit to hash out the remaining bits of the License Matching guidelines. Namely whether SPDX should provide "guidelines only" in regards to what is to be
considered substantive text of a license for matching purposes or whether SPDX should go further and provide some kind of actual markup or examples in regards to text than can be ignored or considered "replaceable" for matching purposes. And, if the latter,
to what extent and in what format to provide such markup or examples. The legal team, with good representation from various tool makers and tech team members, decided that markup was needed to avoid potential differences in interpretation by tool makers.
It was decided to use simple markup that could be illustrated within a .txt file, as that is the (mostly) preferred download format for the licenses. The exact details of the markup are being worked out and the Legal Team (with help from anyone else in the
SPDX Workgroup) will manage getting the markup created for the entire current SPDX License List.
Open SPDX Discussion
Mark Gisi from Windriver and Adam Cohn from Cisco held this session on Tuesday afternoon. It was held under Chatham House Rules which means “When a meeting, or part thereof, is held under the Chatham
House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.”. Now before you say hey you just said you weren’t supposed to mention names,
these two were the chairs as listed on the SPDX schedule.There was a lot of good discussion. One individual talked about how they are fully integrating SPDX into what they their company delivers and how they are shipping, and I believe the number was, over
500 SPDX documents with each release. They also had a website for generating SPDX documents. Others talked about how they have started to integrate SPDX into their compliance process using it for reviews but not yet quite shipping. The reasons seemed to vary
for that but they appeared to be more procedural than SPDX related. One individual did raise a concern on the amount of time that it might take to generate SPDX documents adding that it increased the cost of their compliance it was not something they could
do. A few individuals talked about the adoption of SPDX among open source projects. There was some discussion on how this could be done now as there are a few open source tools that have appeared to generate SPDX documents. One individual talked about how
they would like to see SPDX become more fully integrated into the community meaning that practices normally associated with an open source project such as peer review and so forth were used and considered part of the process of generating, reviewing and editing
SPDX documents.
SPDX Morning Sessions
Mark Gisi (the man that Scott calls “the spiritual leader of SPDX adoption”) kicked off the morning with License to Kill…You Code, a very cogent treatise on why it’s important for copyright holders
to get it right if they want their projects to thrive.
Then Gary “the Toolman” O’Neall lead a panel on Tooling up for SPDX. He gave an over view of group, community and commercial tools that are now compatible with SPDX. Gary was joined by Matt Germonprez
of the University of Nebraska Omaha and Sameer Ahmed from Wind River Systems who both talked in some detail about work their groups have done to “tool up.”
Conclusion: This stuff is real! And to prove it…
SPDX Bakeoff
The SPDX Bakeoff was held Wednesday afternoon. Our main objective was to compare SPDX output from different tools in order to identify bugs and resolve different interpretations of the specification.
We had great representation from the various tool providers, members of the SPDX working group, and a number of other interested parties. Gary O’Neall’s excellent spreadsheet comparison tool was used as the basis for comparison of the various SPDX files. Per
the agenda, we first stepped through the complete Time package on a file by file basis. Following that we dove into Busybox but only at the package level. There was a lot good discussion and yes we did find some bugs in the tools and areas where the specification
needs to be improved. All in all it was a very productive session and should serve to advance the adoption of SPDX. The spreadsheet along with notes from the session are captured on in this Google doc folder: https://drive.google.com/?tab=mo&authuser=0#folders/0BxKdX878M2HCTlZIbkZSMXN6SGc
|
|
|
|
SPDX Website and Survey
Philip Odence
Here's some great news about the website and a request for your help with the SPDX survey.
WEBSITE
I am pleased to tell you that http://spdx.org/ has been upgraded with a new, superior underlying platform as well as new architecture/look & feel. It should take you about 2 seconds to notice the improvement. The biggest
conceptual change is the we have separated the main site from the wiki and upgraded the wiki as well. Now the main site is mainly for purposes of learning and consumption and the wiki is our working area.
Jack Manbeck deserves a ton of credit for driving this change and herding the cats needed to make it happen before the Collaboration Summit. (He's accepting beers in SF next week.) Other worthy beer recipients are Brian Warner from the Linux Foundation
and Martin Michlmayr who seamlessly migrated the wiki. Jilayne, Scott, Kate and Gary also participated in the heavy lifting, and credit goes to Ibrahim Haddad for originally convincing us to accept the Foundation's generous offer to help with the site.
SURVEY
A key part of the business team's agenda is to make sure we systematically collect and utilize industry feedback on an ongoing basis. The first step in that is a survey to help better understand current awareness and adoption of SPDX and to get some insight
future plans and what we can do to shape that future. http://www.spdx.org/survey
We will be promoting the survey at the Collaboration Summit. Here is how you can help drive further participation:
Thanks,
Phil
L. Philip Odence
Vice President of Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
|
|
|
|
Re: Wiki migration: feedback required
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
New wiki looks great.
Scott: ++1 The LF hasn't installed a WYSIWYG editor yet but we can request it ifthere's a need. Jack: I'm thinking we should request one. Media wiki syntax while not difficult may seem bizarre to some people? Scott: yes! |
|
|
|
Re: Wiki migrated to MediaWiki
Martin Michlmayr
* Marc-Etienne Vargenau <Marc-Etienne.Vargenau@...> [2013-04-11 15:48]:
The e-mail address wiki@... given in pageYeah, I know. I also sent a request to the LF. You can email me directly in the meantime. -- Martin Michlmayr Open Source Program Office, Hewlett-Packard |
|
|
|
Re: Wiki migrated to MediaWiki
Marc-Etienne Vargenau
Le 11/04/2013 12:58, Martin Michlmayr a écrit :
The wiki has been migrated to a proper wiki using MediaWiki. AllHello, The e-mail address wiki@... given in page http://wiki.spdx.org/view/Getting_started to request an account does not seem to work. Best regards, Marc-Etienne -- Marc-Etienne Vargenau Marc-Etienne.Vargenau@... Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 1 30 77 28 33 OnNet 2103 2833 |
|
|
|
Re: Wiki migrated to MediaWiki
Manbeck, Jack
I glossed over the Getting Started link. Would it make sense to display it as "Getting Started Using this Wiki"?
toggle quoted message
Show quoted text
Jack -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Martin Michlmayr Sent: Thursday, April 11, 2013 6:59 AM To: spdx@... Subject: Wiki migrated to MediaWiki The wiki has been migrated to a proper wiki using MediaWiki. All content (including past revisions) has been migrated. You can find the new wiki at http://wiki.spdx.org/view/ Here's a "Getting started" guide: http://wiki.spdx.org/view/Getting_started And a set of proposed wiki conventions, although they will have to be refined as we gain more experience with the new wiki: http://wiki.spdx.org/view/Wiki_Conventions If you have any questions, please let me know. -- Martin Michlmayr Open Source Program Office, Hewlett-Packard _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
Re: Wiki migration: feedback required
Manbeck, Jack
New wiki looks great.
The LF hasn't installed a WYSIWYG editor yet but we can request it ifthere's a need. Jack: I'm thinking we should request one. Media wiki syntax while not difficult may seem bizarre to some people? Attachments can only be downloaded when logged inJack: Attachments seem necessary so I wouldn't want to remove that ability if that is what you are suggesting. Let's talk about the issues first. I like the wiki conventions page. We should probably call it out on the main page to read before you make changes to the site? I would also suggest adding a few basics, such as How do I create a New Page on there (it's not obvious if you haven't done it) and how to upload and insert an image on a page? You could also link to here as well: http://www.mediawiki.org/wiki/Help:Formatting . If you'd like I could add it. Jack -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Martin Michlmayr Sent: Thursday, April 11, 2013 7:00 AM To: spdx@... Subject: Re: Wiki migration: feedback required * Martin Michlmayr <tbm@...> [2013-03-11 16:28]: ## Known IssuesStill a problem. In fact, the attachment extension is quite buggy, so I'd like to remove it. * Comments have not been migratedComments have been migrated in the meantime. * I need to write a guide on how to use the new wikiDone. * There's no WYSIWYG editor on this wiki but there will be one once we migrateThe LF hasn't installed a WYSIWYG editor yet but we can request it if there's a need. * Category links are not workingFixed. -- Martin Michlmayr Open Source Program Office, Hewlett-Packard _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
Re: Wiki migration: feedback required
Martin Michlmayr
* Martin Michlmayr <tbm@...> [2013-03-11 16:28]:
## Known IssuesStill a problem. In fact, the attachment extension is quite buggy, so I'd like to remove it. * Comments have not been migratedComments have been migrated in the meantime. * I need to write a guide on how to use the new wikiDone. * There's no WYSIWYG editor on this wiki but there will be one once we migrateThe LF hasn't installed a WYSIWYG editor yet but we can request it if there's a need. * Category links are not workingFixed. -- Martin Michlmayr Open Source Program Office, Hewlett-Packard |
|
|
|
Wiki migrated to MediaWiki
Martin Michlmayr
The wiki has been migrated to a proper wiki using MediaWiki. All
content (including past revisions) has been migrated. You can find the new wiki at http://wiki.spdx.org/view/ Here's a "Getting started" guide: http://wiki.spdx.org/view/Getting_started And a set of proposed wiki conventions, although they will have to be refined as we gain more experience with the new wiki: http://wiki.spdx.org/view/Wiki_Conventions If you have any questions, please let me know. -- Martin Michlmayr Open Source Program Office, Hewlett-Packard |
|
|
|
Hello
Edo Shor
Hi all, Um, my name is Edo Shor and I'm from the White Source R&D team. Thank you for all the efforts in putting together the SPDX spec. We believe it is a certain step towards a better, open sourced, world. We are currently working to support the spec in our service. Enjoy the upcoming conference (^_^) |
|
|
|
SPDX Bakeoff sign-up!
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Hi folks,
Please let us know if you plan to participate in the upcoming SPDX Bakeoff workgroup session by filling out the sign-up form.
Regards, Scott Lamons Kate Stewart |
|
|
|
SPDX General Meeting Minutes and Important Highlights
Philip Odence
Minutes of April 4 meeting: http://spdx.org/wiki/201344-minutes
HIGHLIGHTS:
UNO Presentation
License list Inclusion Guidelines (NEED FEEDBACK):
The Survey says…
Collab Summit- Hope to see everyone there.
|
|
|
|
Reminder Thursday SPDX General Meeting with Special Guest Star
Philip Odence
We will have a presentation from Matt Germonprez
from the University of Nebraska to discuss their work with SPDX and FOSSology.
We'll move thru the normal agenda quickly and then turn it over to Matt for about 30 mins. Matt will be using slides, so please plan on being on line. Here's the link.
Note, use the dial in below a per usual.
Linux Collaboration Summit
Meeting Time: Thursday, April 4, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues –
Phil
Website Update – Jack
|
|
|
|
SPDX License List overview page
Jilayne Lovejoy <jilayne.lovejoy@...>
Hello all,
The SPDX Legal Team has been working on updating and improving the SPDX License List overview page, with the inclusion of some newly drafted guidelines on what criteria is considered for new licenses to be added to the License List. We have gone over
the text amongst the Legal Team, but felt it was important enough to get final approval from the general list. Discussions concerning this have occurred during the Legal Team conference calls over the last couple months, so please refer to the minutes if
you missed that or are interested in the evolution, in particular the notes from 10/31 and 11/13 found here: http://spdx.org/wiki/spdx/legal/minutes and 2/14 and 2/28 found here: http://spdx.org/wiki/meeting-minutes-and-decisions-legal-team
The draft is posted here: http://spdx.org/wiki/spdx-ll-overview-and-license-inclusion-guidelines-draft-review
Please review and if you have any substantive feedback, send it via email or bring up on the next general call on April 4th. We will finalize the draft on the next legal call on Thursday, April 11th, so any feedback needs to be received before then.
Cheers,
Jilayne Lovejoy
SPDX | Legal Team lead
OpenLogic, Inc. | Corporate Counsel
jlovejoy@... | 720
240 4545
|
|
|
|
Collab Summit SPDX Track
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
SPDX Community,
Good news! We have secured a track for SPDX at the upcoming Linux Foundation Collaboration Summit. The schedule for both the Tuesday and Wednesday tracks is now posted and we hope you can join us. There are some really good presentations and working group sessions planed for both producers and consumers of SPDX. And if you are working on tools that support SPDX be sure to join us for the Wednesday afternoon SPDX Bakeoff.
Regards, Scott Lamons & Jack Manbeck SPDX Business Team
Kate Stewart SPDX Technical Team
Jilayne Lovejoy SPDX Legal Team
|
|
|