|
SPDX website updates
Steve Winslow
Hello SPDX community, This is a follow-up
from discussions on several of the SPDX general meetings and workgroup
calls over the past couple of months. The TL;DR version is:
More details are below for those who are interested. Thank you to everyone who was involved in assisting with the changeover. Best, Steve = = = The SPDX static website has previously been hosted on Drupal servers at https://spdx.org. This URL has also been used for hosting the files that are dynamically generated for the license list (https://spdx.org/licenses) and the RDF spec definition files (https://spdx.org/rdf/terms and other files under /rdf). The
Drupal servers have been planned for decommission, and we have migrated
the static website content over to Wordpress. Originally, we had
explored whether both the static and dynamically-generated content could
all remain at its existing URLs. However, this did not appear to be
reasonably doable without shifting the dynamic license list and RDF
content to separate subdomains. Because SPDX has committed to
maintaining the existing URLs for those files, we did not want to take
this approach. Instead, as mentioned above, the static content for the website has been shifted over to a new domain, https://spdx.dev. We have created redirects from the old spdx.org URLs over to the new corresponding pages at spdx.dev.
Because of this, URLs that you've bookmarked for the static site should
still get you to the right content. And URLs that you've bookmarked
for the license list and RDF definition files will remain the same, as
those are continuing to be hosted from spdx.org. You'll see that the content at the new https://spdx.dev
site is largely identical to the old site, although we have done some
reorganization of the top-level links to make the menu bar a bit more
usable. Now that the site transition is completed, we are looking to
make more updates to some of the content that has grown stale over time.
If you have suggestions or content you'd like to add or update, or if
you see bugs or errors on the website, please feel free to file an issue
at https://github.com/spdx/spdx-website/issues -- for the moment that is probably the easiest way to flag issues. -- Steve Winslow Director of Strategic Programs The Linux Foundation
|
|
|
|
May SPDX General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2020-05-07
General Meeting/Minutes/2020-05-07< General Meeting | Minutes · Attendance: 19 · Lead by Phil Odence · Minutes of April meeting Contents[hide] · 1 Presentation - SPDX 2.2 Overview, Kate · 2 Tech Team Report - Kate / Gary · 3 Legal Team Report - Jilayne/Paul/Steve · 4 Outreach Team Report - Jack Presentation - SPDX 2.2 Overview, Kate[edit]· Great job Tech Team Report - Kate / Gary[edit]· Spec · See above · Tools · Just released java tools updating to 2.2 · Will be separate tool for new formats and will be migrating that way in the next month or two · Leaner, faster, more modern · Python libs support new JSON today · Maintaining full forward/backward compatibility · GSoC · Students will be joining · They are getting oriented now · Will start coding in a month Legal Team Report - Jilayne/Paul/Steve[edit]· License List · Release postponed to Mid-May so as not to clash with 2.2 · Another week of work on tagging remaining requests Outreach Team Report - Jack[edit]· SPDX Tools is no a Twitter handle Cross Functional - Steve[edit]· Website · Existing website is on Drupal · All LF stuff moving to Wordpress · Some issues with auto generated pages on Wordpress · Critical to maintain URLs · Solution- License and RDF will stay at their current locations · New site will be sped.dev · Full redirects will be in place · So no issues for users with migration · Contents has been largely maintained · Some cleanup of formatting and organization · Plan to improve content over time.
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Mark Atwood, Amazon · Steve Winslow, LF · Kate Stewart, Linux Foundation · Alexios Zavras, Intel · David Wheeler, Linux Foundation · Gary O’Neall, SourceAuditor · Matthew Crawford, ARM · Jack Manbeck, TI · Bradlee Edmondson, Harvard · Hal Hearst, Synopsys · Anisha Srivastava, Student · Takashi Ninjouji, Toshiba · Paul Madick · Brad Goldring, GTC Law · William Bartholomew, GitHub · Jilayne Lovejoy, Canonical · Matije Suklje, Liferay · Philippe Ombrédanne- nexB
|
|
|
|
Thursday's SPDX General Meeting Reminder - Special Presentation
Phil Odence
One thing that remains normal in the world is the SPDX General Meeting.
This month Kate Stewart will be reviewing what’s new in the just-buttoned-up 2.2 release.
GENERAL MEETING
Meeting Time: Thurs, May 7, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02
Special 2.2 Release Presentation – Kate
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul/Steve
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
SPDX 2.2 Specification Review Window - ends May 1, 2020
Kate Stewart
Hi all, The SPDX 2.2 specification is now in the final 2 week public review window. The SPDX tech-list participants have been working on polishing it for the last couple of months and adding in the outstanding pull requests that have been completed. If you are interested in reviewing this final draft, the online rendered version can be found at: https://spdx.github.io/spdx-spec/v2-draft/ (Thank you to Thomas Steenbergen and William Bartholomew for giving us this option, and sorting out the rendering infrastructure!) If a reviewer spots any issues that need to be fixed before we publish the final version, please create an issue at: https://github.com/spdx/spdx-spec/issues and tag it with the milestone 2.2. The changes from our 2.1 version of the specification at a high level are:
Thanks again to all the contributors who've worked on including these changes! Kate
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
Bradley M. Kuhn <bkuhn@...>
This would be a good time to note that folks who care about their software
freedom cannot effectively participate in SPDX, and not only because the conferencing solution is proprietary software (although in the past I was able to join non-video via a phone number using PSTN line -- this thread indicates to me that feature might go away now). In particular, the mailing lists silently one night a year or two ago changed from GNU Mailman to a proprietary software service with almost no notice. (I discovered later SPDX was apparently the "test list" that LF used when they switched all their mailing lists wholesale from a FOSS solution to a proprietary one, which is why SPDX switched first.) That new service requires agreement to a proprietary license to interact with its web interface at all (including to just manage subscription requests), which of course installs proprietary Javascript on one's computer while using it [0]. I have invited FOSS licensing folks to the SPDX list who refused to join the mailing list because they didn't want to agree to this proprietary license. There are thus non-hypothetical examples of SPDX's lack of inclusivity discouraging participation. Meanwhile, with the slow move to GitHub for more and more SPDX items, SPDX has slowly begun to cross the line into using proprietary-access-only GitHub features. The CLI GitHub clients that use the API can interact with GitHub issues somewhat. I think (although I haven't checked in about a year) that GitHub doesn't require you to agree to a proprietary license just to make an account and use the API. However, the standard web interface to most GitHub features requires the installation of proprietary software. So, while James' "must work on Linux" is of course a must, I think this would be a good moment for SPDX to consider if it wants to dig even deeper into being a project that has been for some time fundamentally unfriendly to FOSS enthusiasts. The trend has been in a FOSS-unfriendly direction, and this is a factor in why I've reduced my volunteer time substantially for SPDX in the last 6-9 months. I noticed and read through this thread because the subject line was related to that very issue, and it confirms that I should be recommending that folks who care about software freedom will probably just need to avoid the SPDX project. [0] The only reason I'm still on this mailing list is that the GNU Mailman subscriptions were auto-imported to the proprietary system, and I since was a founding member of the inaugural FOSS-Bazaar-Package-Facts list that became the SPDX lists eventually, I'm still on it. As such, I've never actually agreed to Linux Foundation's new proprietary license for its mailing list software, now LF is just sending me (now-unsolicited) email that I happen to find in my inbox. -- Bradley M. Kuhn - he/him Pls. support the charity where I work, Software Freedom Conservancy: https://sfconservancy.org/supporter/
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
Jonas Smedegaard
Quoting Jeremiah C. Foster (2020-04-15 18:57:24)
On Tue, 2020-04-14 at 16:45 -0400, John Sullivan wrote:For the pragmatic angle of "does it work reliably" I agree that Jitsi is"James Bottomley" <James.Bottomley@...> writes:I've used Jitsi meet a bit and it is pretty decent too;Well, I'm glad you asked ... so far the most promising fully open a viable option. Any conferencing service _can_ become unreliable when stressed. Stability for all improves when a) fewest possible participants use their camera, and b) use newest release of a Chromium-based web browser (i.e. best to avoid¹ Firefox or Safari or GNOME Web). One caveat with tools that use WebRTC - there is no E2E encryption yetTrue, no general-purpose web browser support E2E encryption for WebRTC calls, so if you want the convenience of "calling from your browser" then you cannot have the strongest of security. That said, WebRTC security is still _better_ than that of non-WebRTC services like Zoom². For conferences crucially needing it, WebRTC with E2E encryption _is_ possible, using a dedicated tool (i.e. not a web browser) and the advanced WebRTC+MLS service at https://wire.com/en/ - Jonas ¹ Because Jitsi until next release (expected few days from now) only reliably supports Chromium-based web browsers - https://github.com/jitsi/jitsi-meet/issues/4758 - and Firefox is known to cause trouble not only for themselves but also for other participants - https://github.com/jitsi/jitsi-meet/issues/5439 and https://bugzilla.mozilla.org/show_bug.cgi?id=1164187 ² Because Zoom is known to jeopardize security and even practice newspeak by advertising that they support "e2e" (meaning something else by that term than the rest of the world): https://onezero.medium.com/zoom-is-a-nightmare-so-why-is-everyone-still-using-it-1b05a4efd5cc -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
On Tue, 2020-04-14 at 16:45 -0400, John Sullivan wrote:
"James Bottomley" <James.Bottomley@...> writes:I've used Jitsi meet a bit and it is pretty decent too;Well, I'm glad you asked ... so far the most promising fully open https://github.com/jitsi/jitsi-meet One caveat with tools that use WebRTC - there is no E2E encryption yet in the protocol. Matrix however does have this and I've used its' video and audio and that works quite well. Yeah, FSF is running an instance that is being used to successfullyAwesome list and it should hold everything needed for most folks to fully participate in SPDX discussions. Cheers, Jeremiah ________________________________ This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
|
|
|
|
wiki.spdx.org service migration 2020-04-19 @ 19:00 to 20:0 UTC
Ryan Finnin Day <rday@...>
What: The Linux Foundation will be moving wiki.spdx.org to new
infrastructure When: Sunday, April 19, 2020 @ 19:00 to 20:00 UTC Why: Improving capacity and reliability of underlying infrastructure Impact: wiki.spdx.org will be unavailable while it is moved to a new datacenter. DNS for wiki.spdx.org will change during the migration. The current infrastructure for wiki.spdx.org is scheduled to be retired soon, so the wiki is being moved to Amazon Web Services which will provide better scalability and reliability. Notices will be posted here and on https://status.linuxfoundation.org/ before and after the maintenance.
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
John Sullivan
"James Bottomley" <James.Bottomley@...> writes:
Well, I'm glad you asked ... so far the most promising fully open trialYeah, FSF is running an instance that is being used to successfully teach classes at MIT right now. We'll post more about it soon, but can confirm that it works for 20+, with video and screen sharing. Also have quite a bit of info at https://libreplanet.org/wiki/Remote_Communication. -john -- John Sullivan | he/his/him | Executive Director and VP, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
James Bottomley
On Mon, 2020-04-13 at 20:55 -0700, Kyle Mitchell wrote:
Others have more religious affinity for the Linux desktop.Wow that's a blast from the early part of this millenium. Since Linux now runs over 80% of the world's computing resources, I thought we'd got over stigmatizing people who actually run it on their desktops. It's not for want of others trying: my workplace keeps sending me windows laptops, but they aren't really useful for my daily activities and it turns out that if you don't switch them on very often, they simply stop working and eventually the capital expense isn't worth it. But I haven't seen any libre option that stacks up to Zoom'sWell, I'm glad you asked ... so far the most promising fully open trial is this one: https://bigbluebutton.org/ But the trials are still ongoing so that's by no means the final answer. It's actually somewhat obvious: bigbluebutton was developed for teaching remotely in under resourced schools, so of course they brought it up on a free (as in beer) OS because everything else was cost prohibitive. No one's heard of it because their advertising budget matches the available resources ... James
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
Alexios Zavras
The good folks at FSFE maintain a wiki page with Free Software alternatives:
toggle quoted messageShow quoted text
https://wiki.fsfe.org/Activities/FreeSoftware4RemoteWorking I should point out that in the SPDX calls we don't actually use video -- it's audio and screen sharing. -- zvr
-----Original Message-----
From: Spdx-legal@... <Spdx-legal@...> On Behalf Of James Bottomley Sent: Tuesday, 14 April, 2020 06:35 To: Kyle Mitchell <kyle@...> Cc: atwoodm@...; Kate Stewart <kstewart@...>; Spdx-legal@...; spdx@... Subject: Re: Chime instead of Zoom, a modest proposal On Mon, 2020-04-13 at 20:55 -0700, Kyle Mitchell wrote: Others have more religious affinity for the Linux desktop.Wow that's a blast from the early part of this millenium. Since Linux now runs over 80% of the world's computing resources, I thought we'd got over stigmatizing people who actually run it on their desktops. It's not for want of others trying: my workplace keeps sending me windows laptops, but they aren't really useful for my daily activities and it turns out that if you don't switch them on very often, they simply stop working and eventually the capital expense isn't worth it. But I haven't seen any libre option that stacks up to Zoom'sWell, I'm glad you asked ... so far the most promising fully open trial is this one: https://bigbluebutton.org/ But the trials are still ongoing so that's by no means the final answer. It's actually somewhat obvious: bigbluebutton was developed for teaching remotely in under resourced schools, so of course they brought it up on a free (as in beer) OS because everything else was cost prohibitive. No one's heard of it because their advertising budget matches the available resources ... James Intel Deutschland GmbH Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de Managing Directors: Christin Eisenschmid, Gary Kershaw Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
James Bottomley
On Mon, 2020-04-13 at 20:31 +0000, Mark Atwood via lists.spdx.org
wrote: Chime has clients for Win, and for Mac, it runs in Browser on FirefoxSo no app for Linux then? As you can appreciate, a lot of us have now been evaluating a whole range of video conference technologies and one of the empirical rules I've been seeing is that solutions that don't provide a Linux client usually can't provide app equivalent functionality on the web either ... and actually there are several solutions (cough, bluejeans, cough) that allegedly provide a linux app but not with the full range of capability and have similar problems on the web. One of the things I will give zoom in the pantheon of proprietary crap for meetings is that they have a full range of supported linux clients, for almost every distribution you can think of, with functionality equivalent to windows and mac. James
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
Jumping in randomly: would be super interested in exploring this for OpenChain if that’s on the table. Shane
On Apr 14, 2020, at 5:31, Mark Atwood via lists.spdx.org <atwoodm=amazon.com@...> wrote:
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
Kyle Mitchell
I've used the Linux Zoom client nearly every day for a few
weeks now, and less often for several months before that. It's been seamless for all the core talk-and-watch functionality. It does lag a bit behind on lesser features. For example, some of the call-recording options on Windows and Mac still haven't made it over to Linux. So it goes. I don't usually attend SPDX calls, so this is just FYI. If I do end up joining in again, I can always use a phone. Which had sprouted six or seven different apps for VoIP, last I checked. Others have more religious affinity for the Linux desktop. But I haven't seen any libre option that stacks up to Zoom's reliability. Other closed competitors---Hangouts especially---never met that bar, either. -- Kyle Mitchell, attorney // Oakland // (510) 712 - 0933
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
One of the benefits of using Zoom is its native Linux client. Does Chime offer a Linux client?
If not, I think it is kinda weird (given the year of the Linux desktop) to use something that isn't available on Linux.
Cheers,
Jeremiah
On Mon, 2020-04-13 at 15:50 -0500, Kate Stewart wrote:
This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
|
|
|
|
Re: Chime instead of Zoom, a modest proposal
Kate Stewart
Hi Mark, Thanks for the generous offer. :-) We're not paying for zoom, however I'm definitely up for doing an experiment during our spdx-tech meeting tomorrow, and if it works for the regular attendees, changing to a system with better security. Can you send me the details for the account to use, and we'll do an experiment during the tech call, and feedback to the wider group. Thanks again! Kate
On Mon, Apr 13, 2020 at 3:31 PM Atwood, Mark <atwoodm@...> wrote:
|
|
|
|
Chime instead of Zoom, a modest proposal
Hi Kate and other SPDX folk,
We have been using Zoom to provide teleconference for SPDX meetings. In light of recent events, Zoom has gotten very popular, and also been failing many security audits, and so many companies and governments have started banning its use.
Amazon has a service very similar to Zoom, called Amazon Chime. Amazon Chime has 1) it's got much better security, 2) it doesn't give your personal, login, and meeting info to the adtech tracking industry, 3) it is gratis with all professional features
to the end of June, and 4) as an Amazonian and this being part of my work, I can provide gratis usage to the SPDX group even after the end of June.
Chime has clients for Win, and for Mac, it runs in Browser on Firefox and on Chrome on all OSes, it has clients for mobile OSes, and also has local and tollfree telephone dialin in most countries.
So, what do you think? Switch to Chime? It's especially a win if we are paying for Zoom.
..m
-- Mark Atwood <atwoodm@...> Principal, Open Source, Amazon
|
|
|
|
April General SPDX Meeting Minutes
Phil Odence
A great meeting with great attendance. Please volunteer or suggest a guest speaker for next time. Anything SPDX related is fair game.
https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02
General Meeting/Minutes/2020-04-02< General Meeting | Minutes · Attendance: 19 · Lead by Phil Odence · Minutes of April meeting Contents[hide] · 1 Guest Speaker- Allan Friedman, NTIA · 4 Outreach Team Report - Jack Guest Speaker- Allan Friedman, NTIA[edit]· NTIA’s Multistakeholder SBOM Process · Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM. · Allan’s slides https://drive.google.com/open?id=1KOsm6grnSZ5FsSnzTI9ybYT9m84F8Zfe Tech Team Report - Kate[edit]· Spec · Wrapping up 2.2 spec · Known unknowns made it in · 3.0 Visions · William Bartholomew’s talk about profiles was great (and recorded) · Tools · Gary’s been working on 2.2 tooling · Requiring a complete rewrite to the java tools · Not API compatible · Google SoC · 15 different submissions · Google is looking for additional mentors on each project · So, we need more mentors; contact Gary Legal Team Report - Steve[edit]· Finalized updates to license inclusion principles · Mostly clarifications · But also to broaden a bit for non-OSS source available licenses · https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md · 3.9 list release has been pushed out a bit · Were waiting for above · https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.9+release%22 · In anticipation of 3.0 working on a licensing profile · With Tech Team, updating back end of SPDX website to manage move from Drupal to Wordpress · Maintaining license URLs · Static pages moving do a different domain.
Outreach Team Report - Jack[edit]· Will be looking for help to update content for Website as per above · Documenting comprehensive list of SPDX-related tooling Cross Functional -[edit]· None Attendees[edit]· Phil Odence, Black Duck/Synopsys · Alan Friedman, NTIA · Rose Judge, VMware · Steve Winslow, LF · Kate Stewart, Linux Foundation · Alexios Zavras, Intel · Jack Manbeck, TI · Jim Hutchison, Qualcomm · William Bartholomew, GitHub · Dave McLoughlin, Flexera · Michael Herzog- nexB · Alex Rybak, Flexera · Gary O’Neall, SourceAuditor · Paul Madick · Brad Goldring, GTC Law · David Wheeler, Linux Foundation · Mike Dolan, Linux Foundation · Bob Campbell, DXC · Mark Atwood, Amazon
|
|
|
|
Thursday's SPDX General Meeting Reminder - Including Special Guest Star
Phil Odence
We’ll be pleased to welcome “professor-turned-technocrat” Allan Friedman, the Director of Cybersecurity at NTIA. He is at the center of NTIA’s effort to standard a software BOM and an SPDX fan. This is a great opportunity to understand this important work and where we fit. (Details on Allan and his talk below the agenda.)
GENERAL MEETING
Meeting Time: Thurs, April 2, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval:
Guest Presentation – Allan Friedman
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul/Steve
Outreach Team Report – Jack
Any Cross Functional Issues –All
Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM.
Allan Friedman is Director of Cybersecurity at National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA's multistakeholder processes on cybersecurity, focusing on addressing vulnerabilities in IoT and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted InfoSec and tech policy scholar at Harvard's Computer Science Department, the Brookings Institution and George Washington University's Engineering School. He is the co-author of the popular text 'Cybersecurity and Cyberwar: What Everyone Needs to Know,' has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University, and is quite friendly for a failed professor-turned-technocrat.
|
|
|
|
SPDX License List inclusion principles and 3.9 release
Steve Winslow
Hello all, Following from Jilayne's email earlier this month, the legal team has now finalized and posted the update to the license inclusion principles for the SPDX License List. The updated principles can be found at: As a result of the update, we will be shifting the date for the next release of the License List (version 3.9) from the end of March to the end of April. This will provide a window for recent submissions -- as well as the backlog of older submissions that relate to this update -- to be considered for inclusion under the new guidelines for the next release. I would encourage folks to review the open issues that are listed for consideration in 3.9, and to weigh in with comments on whether they should be added under the updated guidelines. You can see the issues tagged for 3.9 at: https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.9+release%22 Even if you aren't familiar enough with the License List's XML format to create XML files for actually adding licenses, input is welcome on the baseline question of whether or not the submitted licenses are appropriate to add to the list. Hope everyone is staying safe and healthy. Best, Steve
|
|
|