|
Re: Funding for Hosting On-Line SPDX Tools
It would be great. How about Third Monday August at 5pm Pacific? We can do one to two slots on CommunityBridge stuff, each up to 15 minutes + questions.
toggle quoted messageShow quoted text
Can you help pull it together? I would love to showcase the practical stuff happening. Shane
On Aug 6, 2020, at 2:18, Gary O'Neall <gary@...> wrote:
|
|
|
|
Re: Funding for Hosting On-Line SPDX Tools
Gary O'Neall
Hi Shane,
There are a couple of community bridge related topics we could cover.
For the SPDX online tools, I’m planning on presenting to the OpenChain tools workgroup in Sept.
We could also present as part of a webinar.
Another interesting topic would be the work the interns and GSoC students are doing for the tools more generally.
We have a number of mentors and students involved – perhaps some of the mentors would be interested in jointly presenting?
Gary
From: spdx@... <spdx@...> On Behalf Of Shane Coughlan
Sent: Wednesday, August 5, 2020 4:57 AM To: spdx@... Cc: phil.odence@...; Kate Stewart <kstewart@...> Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools
Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar?
Shane
|
|
|
|
Re: Funding for Hosting On-Line SPDX Tools
Gary O'Neall
I actually tried to implement this in a serverless environment (it was my first choice), but there is persistent state required for some of the components. As Alexios points out – a good future project.
The PostgreSQL is necessary as a DB backend. It also uses Redis – but this doesn’t seem to add too much complexity. We have some projects underway to reduce the dependency on Java – it would be great to make this all python sometime in the future.
BTW – Anyone interested in reviewing and contributing can review the issues listed here: https://github.com/spdx/spdx-online-tools/issues/199
Gary
From: spdx@... <spdx@...> On Behalf Of Alexios Zavras
Sent: Wednesday, August 5, 2020 4:27 AM To: spdx@... Cc: phil.odence@...; Kate Stewart <kstewart@...> Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools
Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉
-- zvr
From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
>The deployment is a bit complex (Java/Python/Django/PostgreSQL).
Is the complexity really needed? Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?
Vladimir
Intel Deutschland GmbH
|
|
|
|
Re: Funding for Hosting On-Line SPDX Tools
Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar? Shane
On Aug 5, 2020, at 20:26, Alexios Zavras <alexios.zavras@...> wrote:
|
|
|
|
Re: Funding for Hosting On-Line SPDX Tools
Alexios Zavras
Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉
-- zvr
From: spdx@... <spdx@...> On Behalf Of
Vladimir Sitnikov
>The deployment is a bit complex (Java/Python/Django/PostgreSQL).
Is the complexity really needed? Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?
Vladimir
Intel Deutschland GmbH
|
|
|
|
Re: Funding for Hosting On-Line SPDX Tools
Vladimir Sitnikov
>The deployment is a bit complex (Java/Python/Django/PostgreSQL). Is the complexity really needed? Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend? Vladimir
|
|
|
|
Re: Funding for Hosting On-Line SPDX Tools
Gary O'Neall
Hi Mark,
Yes – SPDX is using AWS for the hosting (see https://github.com/spdx/spdx-online-tools/issues/194 for a discussion on the hosting options).
The deployment is a bit complex (Java/Python/Django/PostgreSQL).
Any credits/help is appreciated.
I registered the account that is hosting the site – so feel free to contact me for additional details.
Gary
From: spdx@... <spdx@...> On Behalf Of Mark Atwood via lists.spdx.org
Sent: Monday, August 3, 2020 7:15 PM To: spdx@...; phil.odence@...; Kate Stewart <kstewart@...> Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools
Is SPDX using AWS for any hosting? I can probably get gratis AWS credits provided to SPDX.
And since SPDX is using Github, then Github pages can be used to host HTML/CSS/JS
..m
Mark Atwood <atwoodm@...> Principal, Open Source +1-206-604-2198
The SPDX Work Group needs your help to host on-line tools.
As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.
We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.
Please make a contribution of any size through the Linux Foundation CommunityBridge at: https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124
BIG THANKS in advance!
Phil
L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil.odence@... https://www.synopsys.com/audits
|
|
|
|
Re: Funding for Hosting On-Line SPDX Tools
Is SPDX using AWS for any hosting? I can probably get gratis AWS credits provided to SPDX.
And since SPDX is using Github, then Github pages can be used to host HTML/CSS/JS
..m
Mark Atwood <atwoodm@...> Principal, Open Source +1-206-604-2198
From: spdx@... <spdx@...> On Behalf Of Phil Odence
Sent: Tuesday, July 28, 2020 11:18 AM To: spdx@... Subject: [EXTERNAL] [spdx] Funding for Hosting On-Line SPDX Tools
The SPDX Work Group needs your help to host on-line tools.
As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.
We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.
Please make a contribution of any size through the Linux Foundation CommunityBridge at: https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124
BIG THANKS in advance!
Phil
L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil.odence@... https://www.synopsys.com/audits
|
|
|
|
Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools
J Lovejoy
I just donated using a Visa and it worked.
toggle quoted messageShow quoted text
J.
|
|
|
|
Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools
Phil Odence
Thank, Steve. And, McCoy, thanks in advance for the contribution! Best, Phil
L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil.odence@... https://www.synopsys.com/audits
From: <main@...> on behalf of Steve Winslow <swinslow@...>
Sorry to hear that, McCoy... I've reached out to the CommunityBridge maintainers to ask them to look into this and figure out what's going on. Will let you know what I hear back.
Best, Steve
On Fri, Jul 31, 2020 at 11:02 AM Shane Coughlan <scoughlan@...> wrote:
Steve Winslow
|
|
|
|
Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools
Steve Winslow
Sorry to hear that, McCoy... I've reached out to the CommunityBridge maintainers to ask them to look into this and figure out what's going on. Will let you know what I hear back. Best, Steve
On Fri, Jul 31, 2020 at 11:02 AM Shane Coughlan <scoughlan@...> wrote:
|
|
|
|
Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools
Looping our SPDX friends into the thread so they can check this out. :O
On Jul 31, 2020, at 23:25, McCoy Smith <mccoy@...> wrote:
|
|
|
|
Re: Requiest for suggestion: wording of SPDX tag
I’m on it!
toggle quoted messageShow quoted text
SDPX Team! We have a proposal in from the OpenChain Japan Licensing Information Exchange Work Group. Please see the suggested addition below. Shane
On Jul 29, 2020, at 11:54, YOSHIYUKI ITO <yoshiyuki.ito.ub@...> wrote:
|
|
|
|
Re: SPDX license identifier for bzip2 are strange, why?
J Lovejoy
< bcc general list as FYI for anyone who wants to follow the discussion, but moving to legal list>
toggle quoted messageShow quoted text
Quick search shows: - both version were on the list when we moved to the XML format in 2016 - email archive https://lists.spdx.org/g/Spdx-legal/topic/22080449#817 - shows discussion for zip in Feb 2014, added for v1.20 of the license list (also see: https://wiki.spdx.org/view/Legal_Team/License_List/Licenses_Under_Consideration#Licenses_Under_Consideration and https://wiki.spdx.org/view/Legal_Team/Minutes/2014-02-20 However, I’m not clear on if that was both versions or what… a ha! search on wiki meeting minutes then found this: https://wiki.spdx.org/view/Legal_Team/Minutes/2014-06-26 regarding diff b/w 1.0..5 and 1.0.6 we should check 1.0.7 and 8 against matching guidelines. that’s all I have for now, it’s late. higher power, eh? ;) Cheers, Jilayne PS given this quick trip back in time at our process flow for new licenses back then… OMG, LOOK HOW FAR WE’VE COME!!!!
|
|
|
|
SPDX license identifier for bzip2 are strange, why?
Hi!
I’ve started looking at the license and the SPDX identifiers on the “bzip2” project.
The license looks like a unsurprising BSD variant, but weirdly it’s been getting a versioned license ID with each release version. The difference between two version seems to be entirely just the data and the software version.
Can this instead just match against one of the BSD variant templates?
Why does bzip2 get so finely versioned licensed identifiers? Do we plan on created a new license identifier when bzip2 releases a version 1.0.9?
..m
Mark Atwood <atwoodm@...> Principal, Open Source +1-206-604-2198
From: Cressey, Ben <bcressey@...>
Sent: Wednesday, July 29, 2020 11:03 AM To: Atwood, Mark <atwoodm@...> Cc: etaoin, iliana <iweller@...> Subject: SPDX license identifier for bzip2
Hi Mark,
iliana suggested I run this by you, as a higher power in the SPDX org.
I’m looking to package bzip2 for Bottlerocket. It has an odd license that Fedora dubs “BSD” but which SPDX has a versioned license for: https://spdx.org/licenses/bzip2-1.0.5.html https://spdx.org/licenses/bzip2-1.0.6.html
The upstream author seems to revise the license with each new version, though 1.0.7 and 1.0.8 are close except for the date and version: https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.7 https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.8
iliana recommended that I use the “bzip2-1.0.6” identifier for now.
Perhaps the author could be persuaded to tweak the license so that it doesn’t need a new SPDX identifier for every release? Maybe it doesn’t matter and 1.0.6 is close enough until they change the text in a significant way again?
Thanks, Ben
|
|
|
|
Funding for Hosting On-Line SPDX Tools
Phil Odence
The SPDX Work Group needs your help to host on-line tools.
As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.
We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.
Please make a contribution of any size through the Linux Foundation CommunityBridge at: https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124
BIG THANKS in advance!
Phil
L. Philip Odence General Manager, Black Duck Audit Business Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil.odence@... https://www.synopsys.com/audits
|
|
|
|
Thursday's SPDX General Meeting Reminder - Special Presentation
Phil Odence
Special Presentation by Rishabh Bhatnager, one of our Google Summer of Code students
Title: Golang Parallel RDF Parser
Description: Building a GoLang RDF reader in native GoLang which not only would be useful for the SPDX community but also might help the golang community as a whole. Reducing the time required to parse each file using the concurrent parser.
About Rishabh: A Blockchain enthusiast interested in open-source who's good at competitive-programming. I'm in the final year of graduation pursuing computer engineering at St. Francis Institute of Technology (Mumbai, India).
I’m off on Thursday, so Gary will run the show.
Best, Phil
GENERAL MEETING
Meeting Time: Thurs, July 2, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul/Steve
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Re: Thursday's SPDX General Meeting Reminder - Special Presentation
J Lovejoy
yes, it's the 4th :)
toggle quoted messageShow quoted text
On 6/3/20 2:04 PM, Jeremiah C. Foster
wrote:
|
|
|
|
Re: Thursday's SPDX General Meeting Reminder - Special Presentation
Is not Thursday June 4th?
On Wed, 2020-06-03 at 18:58 +0000, Phil Odence wrote:
This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
|
|
|
|
Thursday's SPDX General Meeting Reminder - Special Presentation
Phil Odence
Special Presentation
Title: The Use of SPDX for SBOM Content by the NTIA Software Transparency Initiative
Abstract: The NTIA Transparency Initiative has established a Healthcare Proof-of-Concept Working Group in order to evaluate the generation and consumption of SBOMs for Medical Devices. Multiple Medical Device Manufacturers are creating proof-of-concept SBOMs in the SPDX format in support of this activity. An update on the efforts of this group and their use of SPDX will be provided.
Bio: Ed Heierman is a Sr. Product Cybersecurity Architect at Abbott Laboratories, and has 15+ years’ experience with medical device cybersecurity. As part of the Healthcare Proof-of-Concept Working Group, he is leading an effort to define the SBOM content and formats that will be evaluated as part of the NTIA Software Transparency Initiative.
GENERAL MEETING
Meeting Time: Thurs, June 3, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul/Steve
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
