Date   

Re: May SPDX General Meeting Minutes

Matija Šuklje
 

On četrtek, 03. maj 2018 17:51:26 CEST Phil Odence wrote:
Matije Suklje, LF
Flattered, but my affiliation is with Liferay :)

Was a very interesting call. I’m miffed that we have some important internal
conference call clash directly and 100% every time with the SPDX Legal call.


cheers,
Matija Šuklje
--
gsm: +386 41 849 552
www: http://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...


Re: Spdx Digest, Vol 93, Issue 2

Kate Stewart
 

Hi John,
    Thanks for reaching out!  I think this discussion is best handled 
with the tech team so switching mailing lists, and moving 
general to bcc.  :-)

    Some of the information you're proposing in SEvA is already 
handled in the SPDX specification.  https://spdx.github.io/spdx-spec/ 
which has been in development by supply chain participants for 
over 8 years now.

    Its not clear from your proposal if you're planning on using
the SPDX license identifiers to capture the licensing information,
can you clarify this?   Also, have you compared the information 
you're looking to be captured in SEvA with the fields that are 
already in place and standardized on in the specification?

The next rev of the specification will explicitly permit JSON and YAML,
document expression in addition to RDF, tag:value. Prototype translators 
between formats are already in place if you want to experiment. 

If there are fields you're looking to see captured,  that aren't in place already,
Feel free to open an issues on https://github.com/spdx/spdx-spec/issues
with background how it will be used, and where the information should be
derived from. 

Also, if you'd like to have a more interactive discussion,  the tech team
meets weekly[1], and we'd be happy to add you on to the agenda to 
explore collaboration options,  just let us know. 

Looking forward to continuing the discussion. 

Thanks,
Kate 

SPDX tech team co-lead.

   


On Thu, May 3, 2018 at 11:01 AM, John Scott (Ion) <john.scott@...> wrote:
Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

-------------------------------------------
John Scott, President, Ion Channel
 240.401.6574 @johnmscott
www.ionchannel.io

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to
spdx@...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...

You can reach the person managing the list at
spdx-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."


Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


----------------------------------------------------------------------

Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@internal.synopsys.com>
Content-Type: text/plain; charset="utf-8"

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila



Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings



Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation



Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 93, Issue 2
***********************************

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx



Re: Spdx Digest, Vol 93, Issue 2

John Scott
 

Hi All, 
Sorry for getting on the call late. 

We recently released this Spec.

SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below.

Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. 

We could talk about it next month 

-------------------------------------------
John Scott, President, Ion Channel
 240.401.6574 @johnmscott
www.ionchannel.io

 Inline image 1
Software Supply Chain Intelligence

On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:

Send Spdx mailing list submissions to
spdx@...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@...

You can reach the person managing the list at
spdx-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx digest..."


Today's Topics:

1. May SPDX General Meeting Minutes (Phil Odence)


----------------------------------------------------------------------

Message: 1
Date: Thu, 3 May 2018 15:51:26 +0000
From: Phil Odence <Phil.Odence@...>
To: "spdx@..." <spdx@...>
Subject: May SPDX General Meeting Minutes
Message-ID:
<0F8BDA21-A94D-4534-8DB6-4AE7E2C5C307@...>
Content-Type: text/plain; charset="utf-8"

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

General Meeting/Minutes/2018-05-03
< General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes<https://wiki.spdx.org/view/General_Meeting/Minutes>
? Attendance: 12
? Lead by Phil Odence
? Minutes of April meeting approved
Contents
[hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>]
? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn>
? 2 Tech Team Report - Kate/Gary<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary>
? 3 Outreach Team Report - Jack<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack>
? 4 Legal Team Report - Paul<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul>
? 5 Attendees<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees>
Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=1>]
? Variant on Leadership Summit Presentation
? Don?t need to define SPDX
? Will show product for illustrative purposes
? Governance Today
? Different formats for BoMs
? Challenges
? Manually updating
? Compliance Management
? Requires consistent tooling
? Goals using SPDX
? Automate BoM
? Automate Reporting
? Single format
? Illustration
? Replace disparate BoMs with SPDX versions
? Load into a single data store (example Apache Jena Fuseki
? Query with Sparql
? Demo
? Aggregating multiple BoMs
? Committing change to GItLab
? CI/CD- Build and Scan
? Generate new SPDX doc for changed project
? Sparql queries
? Policy checks
? Voila



Tech Team Report - Kate/Gary[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=2>]
? Working on outstanding requests for 2.2
? License expression features
? Handling cases of annotations and extensions to address
? 2.1.1 pdf
? Wrestling with tools a bit
? GoSoC
? Students and mentors in place
? Should be hearing from students during community bonding period
? Projects lined up
? Will present during General Meetings



Outreach Team Report - Jack[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=3>]
? LinuxCon Vancouver
? Trying to organize ?back off? day before event starts
? Website:
? Still waiting on LF for moving Website to Wordpress
? Content
? Looking at a variety of ways
? Looking at audio/video recordings
? Could include monthly talks
? Yev volunteered to do his
? Looking for more people involvement in OTeam
Legal Team Report - Paul[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=4>]
? Released latest rev of license list
? Kudos Jilayne and others
? Working out how to manage license submissions in new world
? GoSoC student working out automation



Attendees[edit<https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit&section=5>]
? Phil Odence, Black Duck/Synopsys
? Matthew Crawford, ARM
? Yev Bronshteyn, Black Duck/Synopsys
? Steve Billings, Black Duck/Synopsys
? Gary O?Neall, SourceAuditor
? Dave Marr, Qualcomm
? Jack Manbeck, TI
? Kate Stewart, Linux Foundation
? Steve Winslow, LF
? Paul Madick, Dimension Data
? Matije Suklje, LF
? John Scott, Ion Channel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 93, Issue 2
***********************************


May SPDX General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

 

General Meeting/Minutes/2018-05-03

< General Meeting‎ | Minutes

·         Attendance: 12

·         Lead by Phil Odence

·         Minutes of April meeting approved 

Contents

 [hide

·         1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn

·         2 Tech Team Report - Kate/Gary

·         3 Outreach Team Report - Jack

·         4 Legal Team Report - Paul

·         5 Attendees

Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit]

·         Variant on Leadership Summit Presentation

·         Don’t need to define SPDX

·         Will show product for illustrative purposes

·         Governance Today

·         Different formats for BoMs

·         Challenges

·         Manually updating

·         Compliance Management

·         Requires consistent tooling

·         Goals using SPDX 

·         Automate BoM

·         Automate Reporting

·         Single format

·         Illustration

·         Replace disparate BoMs with SPDX versions

·         Load into a single data store (example Apache Jena Fuseki

·         Query with Sparql

·         Demo

·         Aggregating multiple BoMs

·         Committing change to GItLab

·         CI/CD- Build and Scan

·         Generate new SPDX doc for changed project

·         Sparql queries

·         Policy checks

·         Voila

 

Tech Team Report - Kate/Gary[edit]

·         Working on outstanding requests for 2.2

·         License expression features

·         Handling cases of annotations and extensions to address

·         2.1.1 pdf

·         Wrestling with tools a bit

·         GoSoC 

·         Students and mentors in place

·         Should be hearing from students during community bonding period

·         Projects lined up

·         Will present during General Meetings

 

Outreach Team Report - Jack[edit]

·         LinuxCon Vancouver

·         Trying to organize “back off” day before event starts

·         Website:

·         Still waiting on LF for moving Website to Wordpress

·         Content

·         Looking at a variety of ways

·         Looking at audio/video recordings

·         Could include monthly talks

·         Yev volunteered to do his

·         Looking for more people involvement in OTeam

Legal Team Report - Paul[edit]

·         Released latest rev of license list

·         Kudos Jilayne and others

·         Working out how to manage license submissions in new world

·         GoSoC student working out automation

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Matthew Crawford, ARM

·         Yev Bronshteyn, Black Duck/Synopsys

·         Steve Billings, Black Duck/Synopsys

·         Gary O’Neall, SourceAuditor

·         Dave Marr, Qualcomm

·         Jack Manbeck, TI

·         Kate Stewart, Linux Foundation

·         Steve Winslow, LF

·         Paul Madick, Dimension Data

·         Matije Suklje, LF

·         John Scott, Ion Channel

 


Reminder of Thursday's SPDX General Meeting...with guest speaker!

Phil Odence
 

Speaking this month will be our own Yev; he’ll share a scaled down version of his talk from the Leadership Summit. Hope you can join! Note: Yev will be using some slides and sharing his screen, so, if possible, be in front of your computer.

 

Automating Governance with SPDX

Today’s enterprises often have diverse processes for incorporating, managing, and analyzing their open source components. In this talk, we’ll demonstrate how SPDX provides a common baseline for a variety of governance tools, and how SPDX generation and analysis can be automated to attain real-time, actionable intelligence.

 

Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. In addition to being a member of the SPDX technical team, he has spoken at a number of technical conferences and user groups contributed to a number of technical blogs.

 


L. Philip Odence
General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
M: +1.781.258.9502
www.blackducksoftware.com  

 

 

GENERAL MEETING

 

Meeting Time: Thurs, May 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05

 

“Guest” Presentation – Yev

 

Technical Team Report – Kate

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 


April General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05

 

 

General Meeting/Minutes/2018-04-05

< General Meeting‎ | Minutes

·         Attendance: 13

·         Lead by Phil Odence / Jack Manbeck

·         Minutes of March meeting approved 

Contents

 [hide

·         1 Adoption Update- Kate

·         2 Tech Team Report - Kate

·         3 Outreach Team Report - Jack

·         4 Legal Team Report - Jilayne

·         5 Attendees

Adoption Update- Kate[edit]

·         License List Identifiers Update

·         DEP 5 adopting, LF and others

·         IDs in Source

·         U-Boot, selected projects, LF projects including the Kernel

·         Eclipse, FreeBSD, REUSE.software

·         Open Gov Partnership

·         Doc Creation

·         New formats: YAML, others

·         Tooling

·         Open Source

·         SPDX Tools, FOSSology, ScanCode

·         Commercial

·         Wind REiver, Protecode, SourceAuditor, TripleCHeck, WS (license list only), BD

·         Scan tool accuracy- Different tools get slightly differing results

·         Formats correctness- worth checking too

·         Outreach time is working on examples for testing

·         SPDX tools have compare capabilities

·         New Tools for Inside Org workflow

·         SPDX online tools to validate and compare

·         SW360, ORT, Quartermaster

·         Between Orgs

·         Aligning with OpenChain

·         REUSE by FSFE- Conventions for best practices for how/where to include license info (check out their cute video)

·         Emerging: Software Parts Ledger

·         Blockchain Hyperledger (driven by Wind River)

·         Missing Pieces

·         Real world reference examples, use studies, build integration

 

Tech Team Report - Kate[edit]

·         Looking at google summer of code. That’s apriority right now. We are reviewing proposals from candidates and have eighteen this year! The quality of the proposals seems to be very good. Not sure how many slots google will give us yet (should know next week) but we are asking for 5-6.

·         We have just enough mentors for the project’s but would welcome any additional ones. No experience needed and you can be teamed up with an experienced mentor. There is much you can do, even non-technical.

·         The 2.1.1 specification update is pending. All GIT issues are resolved. This is a minor update for mostly types and clarifications and changes to support the specification being in GitHub. Kate is working with Thomas to be able to generate a review version to send out. Expect the review time frame to be 1-2 weeks long.

Outreach Team Report - Jack[edit]

·         We are revamping the main suite for the Use area. What we had was an initial cut. Pages are being broken out and expanded. First section to change will the license identifiers in source (Steve Winlsow from the LF is doing this) followed by the list and documents sections.

·         SPDX website move. No movement yet. Still waiting on the LF to come back with a new update. They have to get extra help to figure out how to do the license list and rdf pages that we auto generate.

·         If anyone is going to LinuxCon in Vancouver (August) the call for papers is open. Please submit any you might o have on SPDX. We are also investigating whether we can do another tool bake off and/or a birds of a feather session.

Legal Team Report - Jilayne[edit]

·         3.1 license list is still pending. Need to make sure all open issues on it are resolved. Anyone wishing to help (which would be greatly appreciated) should join the Legal Calls.

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Matthew Crawford, ARM

·         Steve Winslow, LF

·         Dennis Clark, NexB

·         Kate Stewart, Linux Foundation

·         Jack Manbeck, TI

·         Jilayne Lovejoy, ARM

·         Michael Herzog- nexB

·         Matije Suklje, LF

·         Bradlee Edmondson, Harvard

·         Gary O’Neall, SourceAuditor

·         Dave Marr, Qualcomm

·         Philippe Ombrédanne- nexB

 

 


Thursday SPDX General Meeting Reminder

Phil Odence
 

Our “guest” speaker this week is Kate Stewart, guest in her own home. Over the past year,  we've seen a lot of open source projects as well as commercial tools able to interact with SPDX (license ids, 1 line comments,  documents).  Kate will give an overview of the projects in the SPDX ecosystem that she's aware of, and is interested in learning about any she's missed from other meeting attendees.

Best, 

Phil


L. Philip Odence
General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
M: +1.781.258.9502
www.blackducksoftware.com  

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:  https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01

 

Technical Team Report – Phil

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 

 

 


Re: agenda for OSLS

J Lovejoy
 

Quick update/reminder:

There will be no legal team call tomorrow (Thursday)

We will be having our F2F in Sonoma, CA Friday.
We’ll meet at 9am in Kenwood 2

We will use the usual conference line for those who want to join from afar:
Web conference: http://uberconference.com/SPDXTeam
Optional dial in number: 415-881-1586
No PIN needed

A bit more on and re-order on agenda:
  1. Updates to spec and next release planning
    1. Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
    2. SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec? How to get people to notice and understand SPDX specification fields that relate to licenses, 
  2. Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  3. Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    1. what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  4. SPDX “relaxed” - some people are providing SPDX documents that lack some of mandatory fields, thus are not SPDX compliant, but this is still useful info. Should we have a “relaxed” option or some kind of grading for SPDX documents to encourage more use.

Thanks!

Jilayne & Kate




On Feb 27, 2018, at 7:06 AM, J Lovejoy <opensource@...> wrote:

oops, forgot one of the topics - added to list below!



On Feb 27, 2018, at 8:05 AM, J Lovejoy <opensource@...> wrote:

HI all SPDX teams,

Open Source Leadership Summit is coming up next week and the Linux Foundation has been generous enough to reserve a room at the venue the morning after the event ends for our face-to-face working group.  

We’ll meet on Friday, March 9th, from 9am to lunch. (room name TBD)

We have quite a few cross-functional topics lined up, so we’ll meet as a group. Topics will include:

  • Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  • Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    • what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  • Updates to spec and next release planning
  • Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
  • SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec?
  • SPDX “relaxed” - some people are providing SPDX documents that lack some of mandatory fields, thus are not SPDX compliant, but this is still useful info. Should we have a “relaxed” option or some kind of grading for SPDX documents to encourage more use.

Please let me know if I’ve missed anything or if there is any kind of preferred order of topics.  


Thanks,
Jilayne

SPDX Legal Team co-lead
opensource@...


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal


SPDX March General Meeting Minutes

Philip Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01

 

General Meeting/Minutes/2018-03-01

< General Meeting‎ | Minutes

·         Attendance: 6

·         Lead by Phil Odence

·         Minutes of Feb meeting approved 

Contents

 [hide

·         1 Tech Team Report - notes sent by Kate

·         2 Outreach Team Report - Jack out

·         3 Legal Team Report - Bradlee

·         4 Attendees

Tech Team Report - notes sent by Kate[edit]

·         Thomas continues to get closer on 2.1.1 release, most changes from Trevor merged now.

·         Reviewed PURL proposal and concensus was to adopt for 2.2, after we see it finalize and be picked up by other projects.

·         PURL is a a generalized way to specify a package.

·         Discussion of multiple formats being supported (JSON, YAML, etc.),  as long as there are translation tools, and we follow the RDF naming, agreement to introduce them in 2.2.

 

Outreach Team Report - Jack out[edit]

·         Website migration- No update from the LF

·         British Computer Society

·         Open Source Group

·         March 22

·         Alexios presenting on SPDX

·         https://ossg220318.eventbrite.co.uk/

 

Legal Team Report - Bradlee[edit]

·         3.1 LL release, end of March

·         Then back to 3 month cadence

·         Jilayne working with FSF on status of their license evaluation

·         For Summit Topics

·         Use of GitHub for licenses and Spec

·         Philipe ID’ed some licenses in the Kernel that are not in the list

·         He’s putting together pull requests

·         There are a number of others, the he believes might be candidate.

·         He’ll prioritize and will “drip” to the Legal Team

·         Also some discussion about what to do, if anything, about proprietary licenses

·         Could be make sense to have a common identifier for commonly used ones

·         Could conceivably use the same architecture for proprietary 

·         Also discussing a “relaxed” format.

·         Not necessarily including all the checksums

·         So could might introduce levels of SPDX compliance (A, AA, AAA…or something)

·         Discussion of how to get more lawyers involved.

·         Women lawyers would be particularly welcome

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Dennis Clark, NexB

·         Steve Winslow, LF

·         Bradlee Edmondson, Harvard

·         Matthew Crawford, ARM

 

 


Today's SPDX General Meeting Reminder

Philip Odence
 

They have to stop starting month’s on a Thursday, or I will never remember to get reminders out.

 

Today’s meeting should be just a quick update. Hope you will be able to join.

 

Best,

Phil


L. Philip Odence
Sr. Director/General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
O: +1.781.425.4479, M: +1.781.258.9502, Skype: philip.odence
www.blackducksoftware.com  

 

 

GENERAL MEETING

 

Meeting Time: Thurs, March 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01

 

Technical Team Report – Phil

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 

 


Re: agenda for OSLS

J Lovejoy
 

oops, forgot one of the topics - added to list below!



On Feb 27, 2018, at 8:05 AM, J Lovejoy <opensource@...> wrote:

HI all SPDX teams,

Open Source Leadership Summit is coming up next week and the Linux Foundation has been generous enough to reserve a room at the venue the morning after the event ends for our face-to-face working group.  

We’ll meet on Friday, March 9th, from 9am to lunch. (room name TBD)

We have quite a few cross-functional topics lined up, so we’ll meet as a group. Topics will include:

  • Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  • Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    • what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  • Updates to spec and next release planning
  • Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
  • SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec?
  • SPDX “relaxed” - some people are providing SPDX documents that lack some of mandatory fields, thus are not SPDX compliant, but this is still useful info. Should we have a “relaxed” option or some kind of grading for SPDX documents to encourage more use.

Please let me know if I’ve missed anything or if there is any kind of preferred order of topics.  


Thanks,
Jilayne

SPDX Legal Team co-lead
opensource@...


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


agenda for OSLS

J Lovejoy
 

HI all SPDX teams,

Open Source Leadership Summit is coming up next week and the Linux Foundation has been generous enough to reserve a room at the venue the morning after the event ends for our face-to-face working group.  

We’ll meet on Friday, March 9th, from 9am to lunch. (room name TBD)

We have quite a few cross-functional topics lined up, so we’ll meet as a group. Topics will include:

  • Using Github for SPDX: what is our process for different repos, identify improvements, generate or update documentation
  • Adding more licenses to SPDX License List: from the Linux kernel, other licenses
    • what about lists of non-open source licenses that other people maintain; is there a way to enable that?
  • Updates to spec and next release planning
  • Communicating and explaining relationship and versioning for spec, license list, matching guidelines, tools, etc. Where/how to update website to clarify this?
  • SPDX License List and it’s related material: better organization to make it easier to find - should this all go into an Appendix in the Spec?

Please let me know if I’ve missed anything or if there is any kind of preferred order of topics.  


Thanks,
Jilayne

SPDX Legal Team co-lead
opensource@...



Feb SPDX General Meeting Minutes

Philip Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01

 

General Meeting/Minutes/2018-02-01

< General Meeting‎ | Minutes

·         Attendance: 13

·         Lead by Phil Odence

·         Minutes of Jan meeting approved 

Contents

 [hide

·         1 Tech Team Report - Kate

·         2 Outreach Team Report - Jack

·         3 Legal Team Report - Jilayne

·         4 Attendees

Tech Team Report - Kate[edit]

·         Highlights

·         Looking at multiple formats supported

·         Much of January dedicated

·         JSON and YAML

·         Some interest in deprecating

·         Submitted Google SoC project, once again

·         Have usually been accepted in advance

·         Should know by next meeting

·         Can still contribute ideas

 

Outreach Team Report – Jack [edit]

·         Website migration

·         Waiting on date from LF

·         Need a mechanism for pushing some generated pages (licensing/RDF)

·         Today’s meeting will be to lay out a roadmap

·         Linux Leadership Summit

·         Meetings Friday

·         Jilayne sending out notice to try to hustle up participation

·         Anyone who needs an invite can contact Kate

·         FOSSDEM is this weekend

·         Will be streamed from Brussels

·         Legal and Policy track

·         Jilayne speaking

 

Legal Team Report - Jilayne[edit]

·         Major release of license list recently

·         3.1 release

·         Aiming to align 3.2 version with 2.2 spec

·         Undergoing technical and legal review

·         Transitioning to taking advantage of GitHub capabilities

·         Technical stuff on track

·         Reviewing some new licenses, need naming conventions

 

Attendees[edit]

·         Phil Odence, Black Duck/Synpsys

·         Kate Stewart, Linux Foundation

·         Mike Dolan, Linux Foundation

·         Steve Winslow, LF

·         Jeff Luszcz, Flexera

·         Jack Manbeck, TI

·         Denisse Weil, 

·         Robert Musial, Progressive

·         Gary O’Neall, SourceAuditor

·         Bradlee Edmondson, Harvard

·         Matthew Crawford, ARM

·         Jilayne Lovejoy, ARM

·         Michael Herzog- nexB

 

 


SPDX General Meeting Today

Philip Odence
 

Sorry for the late reminder. I confess that Feb 1 snuck up on me.

 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Feb 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-12-07  

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 


SPDX servers rebooting over the weekend for Spectre/Meltdown remediation.

Kate Stewart
 

Hi,
   Just heard from LF IT that our SPDX site & wiki will be rebooting 
this weekend, as the apply the Meltdown/Spectre remediation.

It should just be down for 5 minutes early this weekend, so this is
mostly for your information, in case you notice something.

Kate


Re: SPDX at Leadership Summit in March

Philip Odence
 

Hello,

If you did not respond to this before, please do now. Thanks

Best regards,

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

From: Philip Odence <podence@...>
Date: Wednesday, November 22, 2017 at 9:46 AM
To: "spdx@..." <spdx@...>, "spdx-tech@..." <spdx-tech@...>, "spdx-biz@..." <spdx-biz@...>, "spdx-legal@..." <spdx-legal@...>
Subject: SPDX at Leadership Summit in March

 

As you may know, the Linux Foundation Leadership Summit is in Sonoma, March 6-8. Additionally, there will be group meetings on the Monday before and Friday after for SPDX and Open Chain respectively.

 

The call for papers was just published. Please consider submitting a paper. There’s an appetite for talks on SPDX tooling, automation or usage.

http://events.linuxfoundation.org/events/open-source-leadership-summit/program/callforproposals

 

Please take this 1 minute survey to give a sense of the likelihood or your attending:

https://www.surveymonkey.com/r/NLX7KXN

 

Best regards,

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 


Thursday SPDX General Meeting Reminder

Philip Odence
 

Happy New Year. No guest speaker this month, therefore should be a fairly short meeting.

 

GENERAL MEETING

 

Meeting Time: Thurs, Jan 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-12-07

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 

 

 

 


Re: SPDX License List 3.0 is now live!

W. Trevor King
 

On Fri, Dec 29, 2017 at 03:26:47PM -0500, Neal Gompa wrote:
Aww man, you've got to be kidding? You got rid of the "+" signifier
and now we have to write out words?!

I really don't like this change. It makes things more verbose for no
benefit.
This issue has seen a a lot of discussion over the past year (going
back at least as far as May [1]). I'm also not wild about the change
(although there are *some* benefits), but discussing it should
probably be an issue for the spdx-legal@ list only (no need to drag in
spdx@ or spdx-biz@, and the spdx-tech@ folks are probably all
listening on spdx-legal@ anyway). I propose we continue this
discussion on spdx-legal@ only, and have only included the other
spdx-*@ in my message in case folks there are wondering where the
conversation went ;).

Cheers,
Trevor

[1]: https://lists.spdx.org/pipermail/spdx-legal/2017-May/001975.html
Subject: various threads on "only" suffix (for GPL)
Date: Fri, 26 May 2017 11:01:44 -0600
Message-ID: <ED57B88B-2056-44F8-B632-037E91A13907@...>

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


Re: SPDX License List 3.0 is now live!

Neal Gompa
 

On Fri, Dec 29, 2017 at 12:27 PM, J Lovejoy <opensource@...> wrote:
Hi all,

Thanks to a lot of hard work by various members of the SPDX legal team, we
have now (finally!) gone live with version 3.0 of the SPDX License List -
including use of the new XML format for the master files and changes to the
GNU license identifiers due to collaboration with the FSF. As always, you
can see the new version at the usual place: https://spdx.org/licenses/

There is still some odds and ends to tidy up, and we’ll have a blog post
with a more thorough description of the changes after the 1st of the year.
In the meantime, I hope everyone enjoys the holiday weekend and New Year’s
festivities (in whatever form you choose)!

Thanks again to the massive effort by the SPDX legal team and tech team
members who have tirelessly made this happen!
Aww man, you've got to be kidding? You got rid of the "+" signifier
and now we have to write out words?!

I really don't like this change. It makes things more verbose for no benefit.



--
真実はいつも一つ!/ Always, there's only one truth!


Re: SPDX License List 3.0 is now live!

Philip Odence
 

AMAZING!

And, of course, Jilayne deserves kudos beyond measure.

 

From: <spdx-bounces@...> on behalf of Jilayne Lovejoy <opensource@...>
Date: Friday, December 29, 2017 at 12:27 PM
To: SPDX-legal <spdx-legal@...>
Cc: "spdx-tech@..." <spdx-tech@...>, SPDX-biz <spdx-biz@...>, SPDX-general <spdx@...>
Subject: SPDX License List 3.0 is now live!

 

Hi all,

 

Thanks to a lot of hard work by various members of the SPDX legal team, we have now (finally!) gone live with version 3.0 of the SPDX License List - including use of the new XML format for the master files and changes to the GNU license identifiers due to collaboration with the FSF. As always, you can see the new version at the usual place: https://spdx.org/licenses/

 

There is still some odds and ends to tidy up, and we’ll have a blog post with a more thorough description of the changes after the 1st of the year.  In the meantime, I hope everyone enjoys the holiday weekend and New Year’s festivities (in whatever form you choose)!

 

Thanks again to the massive effort by the SPDX legal team and tech team members who have tirelessly made this happen!

 

Cheers,

 

Jilayne

 

SPDX Legal Team co-lead
opensource@...

 

421 - 440 of 1591