|
[Openchain-japan-wg] Question about SPDX Light: Supported Fields
Shane Coughlan <coughlan@...>
Dear all We have an active discussion via the OpenChain Japan Work Group (mostly in Japanese) about SPDX. Several Japanese companies are using SPDX in production today and are collaborating to this through a common approach and “ask” for suppliers, particularly those with a relatively limited understanding of open source. This “ask” will be a subset variant of SPDX informally dubbed “SPDX Light.” It is not intended to break the SPDX Mandatory / Optional fields. Instead it is looking like a series of core fields plus some optional codified into one clear procurement request from multiple companies. One note and comment about this is below (English after the Japanese). Please note: (1) Japanese companies operate mostly in Japanese, which is why this discussion has not been occurring on the SPDX mailing list (2) SPDX calls are at inaccessible times for Japanese companies, which has further hindered interaction Nevertheless, this is a great moment for us all to jump into a shared discussion. Regards Shane Begin forwarded message:
|
|
|
|
Re: [OpenChain] Knowledge Sharing: Reference guideline for exchanging license information in the supply chain
Shane Coughlan <coughlan@...>
HI Fukuchi San
Very interesting and exciting collaboration. I understand that companies like Fujitsu are actively deploying SPDX. I think you have already spoken about your activity with Kate. I think the basic note is: if using a cut down version of SDPX the important thing is to have the File Analyzed attribute set to “false”. I am adding SDPX mailing list to CC. Regards Shane On Jan 11, 2019, at 18:10, <Hiroyuki.Fukuchi@...> <Hiroyuki.Fukuchi@...> wrote:-- Shane Coughlan General Manager, OpenChain e: coughlan@... p: +81 (0) 80 4035 8083 w: www.openchainproject.org Schedule a call: https://calendly.com/shanecoughlan
|
|
|
|
Re: [EXTERNAL] Re: [spdx-tech] [spdx] Need Help for contrubuting in GSOC 2019
#spdx
Gary O'Neall
In addition to Java, we have quite a few tools written in Python. We just added libraries written in go.
Gary
From: spdx@... <spdx@...> On Behalf Of Manbeck, Jack via Lists.Spdx.Org
Sent: Friday, January 11, 2019 1:04 PM To: varsha kukreja <varshak333@...>; spdx@... Subject: Re: [EXTERNAL] Re: [spdx-tech] [spdx] Need Help for contrubuting in GSOC 2019 #spdx
Sure. Were just now starting the process of applying to Google for their Summer of Code 2019. If we do get awarded slots there is a specific process you must follow. I suggest you get signed up with them and review what the process is. You would need to submit a proposal for any of the projects we have, assuming we are selected. We then go through the proposals and pick the best one. I’m over simplifying this a bit but that’s the general idea.
The spdx tools themselves are based on Java. You can visit our github project here: https://github.com/spdx
We have a few other online tools but off hand I don’t recall what they are written in. Possibly some python and others.
Gary, can you fill in that gap?
Jack
From: varsha kukreja [mailto:varshak333@...]
Hey Can i know which languages are used in backend of spdx?
On Thu, Jan 10, 2019 at 10:35 PM varsha kukreja <varshak333@...> wrote:
|
|
|
|
Re: [EXTERNAL] Re: [spdx-tech] [spdx] Need Help for contrubuting in GSOC 2019
#spdx
Manbeck, Jack
Sure. Were just now starting the process of applying to Google for their Summer of Code 2019. If we do get awarded slots there is a specific process you must follow. I suggest you get signed up with them and review what the process is. You would need to submit a proposal for any of the projects we have, assuming we are selected. We then go through the proposals and pick the best one. I’m over simplifying this a bit but that’s the general idea.
The spdx tools themselves are based on Java. You can visit our github project here: https://github.com/spdx
We have a few other online tools but off hand I don’t recall what they are written in. Possibly some python and others.
Gary, can you fill in that gap?
Jack
From: varsha kukreja [mailto:varshak333@...]
Hey Can i know which languages are used in backend of spdx?
On Thu, Jan 10, 2019 at 10:35 PM varsha kukreja <varshak333@...> wrote:
|
|
|
|
Re: [EXTERNAL] Re: [spdx-tech] [spdx] Need Help for contrubuting in GSOC 2019
#spdx
varshak333@...
Hey Can i know which languages are used in backend of spdx?
On Thu, Jan 10, 2019 at 10:35 PM varsha kukreja <varshak333@...> wrote:
|
|
|
|
Re: Need Help for contrubuting in GSOC 2019
#spdx
Kate Stewart
Hi Varshak, Welcome! Glad you're interested in participating in our community. I am copying the spdx-tech mail list where we discuss the GSoC efforts. Ideas we've come up with so far are listed on: https://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeas, but we're in active idea gathering mode this week, so suggestions are welcome as well. Kate
On Thu, Jan 10, 2019 at 7:36 AM <varshak333@...> wrote: I would like to contribute to the open source community ..I have majorly worked on backend on 2 college sponsored projects and working currently on a project by Government Organization. I have fair knowledge in Javascript, NodeJs, Typescript, Spring Boot, Laravel , Docker and apache thrift. It woukd be great if could if someone could help me get started --
Kate Stewart Sr. Director of Strategic Programs, The Linux Foundation Mobile: +1.512.657.3669 Email / Google Talk: kstewart@...
|
|
|
|
Need Help for contrubuting in GSOC 2019
#spdx
varshak333@...
I would like to contribute to the open source community ..I have majorly worked on backend on 2 college sponsored projects and working currently on a project by Government Organization. I have fair knowledge in Javascript, NodeJs, Typescript, Spring Boot, Laravel , Docker and apache thrift. It woukd be great if could if someone could help me get started
|
|
|
|
SPDX January General Meeting Minutes
Phil Odence
< General Meeting | Minutes · Attendance: 15 · Lead by Phil Odence · Minutes of Dec meeting approved
Contents[hide] · 1 Guest Presentation, JC Herz · 2 Tech Team Report - Kate/Gary · 3 Legal Team Report - Jilayne Guest Presentation, JC Herz[edit]· Background · Years of working with companies and DOD in open source · The Issues/concerns · License issues- SPDX handles well · Concerns about security close on the heels · Compliance is an additional step- Jumping through the hoops to document · SEVA Software Evidence Archive · Elements · Serves S-BOM function · Augments with content that needs to travel with software · Therefore allowing compliance work to be automated · Freeing up valuable resources to do what they are supposed to do · Can apply to a single component or a full application, so SEVA doesn’t distinguish · Format Issue · Customers required XML, beyond SEVA JSON · To be useable by a highly secure facility, data has to be hardened for which XML is better suited · Can be constrained and format can be verified (and extended) · SPDX and SEVA Overlap · License Info · For the most part SPDX handles beautifully · Government also needs to distinguish government open source · A little more information about state of software (e.g. pre-release) · Security extra needs · Some concern about spurious vulnerabilities · Answer is to extend a BoM to include patch info, etc · End of life indicator · They take SPDX familiar thing and provide some extensibility · How to name “supplier”? · Working with Kate · OSS organization for example · A bank’s black list · Vulnerabilities · Key requirement for vulnerabilities info in SBOM, although just a link might make more sense · Reason is “audit” function. What you knew when. So needs a time stamp. · Bureaucratic are not going to change in favor of something that makes more sense for developers · Concerns that this will get worse over time · Other Side - Logistics · Moving and shipping of SW/chain of custody- Where did it come from exactly · Not something OSS community has had to worry about · Bad mirror issue, for example. · Signed? Timestamp? Delivery date and time for software. · Something like FedEx analogy · Package URL helps identify · Q&A · What can SPDX group do? · JC thinks that they should open source SEVA · Could contribute to LinuxF perhaps · Understand and need to balance needs of OSS consumers and dev communities · Don’t want to burden them · Automate · Challenge- How to distinguish enterprise quality OSS vs. pet projects
Tech Team Report - Kate/Gary[edit]· Tools · Starting to plan for GSoC submissions with Gary/Kate · Steve has been trained on releasing License list, so Gary now has backup · Steve has been working on some new tools for summarizing the SPDX_license_ids based on a new SPDX go library - currently its just supporting TV, but he hopes to add in the other formats · Specification · Gary & James have been working through SeVA XML and working through how it can be added. Legal Team Report - Jilayne[edit]· License List · V3.4 out before Christmas · Big success to not have to scramble through holidays · Release notes in the GitHub repo · Instructions for requesting now live in Repo as well · Leverage GSOC work has been automated. · New frontier- Getting open hardware licenses on list · Expanding definition of what goes on the list
Outreach Team Report[edit]· None this month Attendees[edit]· Phil Odence, Black Duck/Synopsys · Kate Stewart, Linux Foundation · Jilayne Lovejoy · Steve Winslow, LF · Alexios Zavras, Intel · Luis Villa, Tidelift · Jams Neushal, Neushul Solutions · Matthew Crawford, ARM · Kevin Nelson, Optim Tech UHG · Dennis Clark, NexB · Thomas Steenbergen, HERE · Bradlee Edmondson, Harvard · Gary O’Neall, SourceAuditor · Nicholas Toussaint, Orange · JC Herz, Ionchannel
|
|
|
|
Re: Jan 3 SPDX General Meeting Reminder
Phil Odence
Apologies for the extra email, but someone kindly pointed out an error on my part. The correct time for the General Meeting is 16:00 UTC. Meeting Time: Thurs, Jan 3, 8am PT / 10 am CT / 11am ET / 16:00 UTC.
From: "podence@..." <podence@...>
Re-reminding now that most folks are back from the holidays.
From: "podence@..." <podence@...>
Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.
A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications.
Here's what she’ll be talking about- “Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)” In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components.
GENERAL MEETING
Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Guest Speaker – JC Herz
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
FW: Jan 3 SPDX General Meeting Reminder
Phil Odence
Re-reminding now that most folks are back from the holidays.
From: "podence@..." <podence@...>
Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.
A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications.
Here's what she’ll be talking about- “Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)” In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components.
GENERAL MEETING
Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Guest Speaker – JC Herz
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
Jan 3 SPDX General Meeting Reminder
Phil Odence
Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.
A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications.
Here's what she’ll be talking about- “Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)” In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components.
GENERAL MEETING
Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Guest Speaker – JC Herz
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
Meeting Minutes from December General Meeting
Gary O'Neall
Meeting minutes from this month’s general meeting have been published at https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Regards,
------------------------------------------------- Gary O'Neall Principal Consultant Source Auditor Inc. Mobile: 408.805.0586 Email: gary@...
|
|
|
|
SPDX Nov General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-11-01
General Meeting/Minutes/2018-11-01< General Meeting | Minutes · Attendance: 6 · Lead by Phil Odence · Minutes of Oct meeting approved
Contents[hide] · 1 Tech Team Report - Kate/Gary · 2 Legal Team Report - Jilayne · 3 Outreach Team Report - All Tech Team Report - Kate/Gary[edit]· Spec · Ceva discussions · Looking at fields that we might incorporate · Security · Evidence · Idea is to bring in as a separate section · Good Progress · Some discussions with NTIA Group as well · SWID · May start using the security mailing list soon · Tooling · Multiple formats · Challenges solves · XML, JSON, YAML, Tag value, RDF · Attention back to updating tooling with spec · Some concern about file sizes with certain packages/formats · May simply be an issue of LOTS of files · Generating License List · Didn’t work perfectly · Giving another run · Updating tooling for license submittal/editing · A few bugs need to be worked around
Legal Team Report - Jilayne[edit]· There’s a fair backlog of issues to work through · Ongoing process · 3.1 Is out · Started new practice of release notes · Tooling and new request system has to be nailed down · People are going through multiple paths/processes · Need to standardize · Tooling is close · Need a few more text fields · All submissions seem to come from Gary · License inclusion guidelines · Inbound request regarding open hardware languages · Already included open data license · May need to revisit inclusion guidelines · OSI discussion about naming issues with SPDX · Need to find opportunity for better collaboration
Outreach Team Report - All[edit]· Seems to be a lot more use of SPDX in the wild than we are aware of · How do we run down and catalog? · Wonder if it’s time for another poll · Last poll results: https://spdx.org/sites/cpstandard/files/pages/files/spdx_survey_results_may_2013.zip
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Kate Stewart, Linux Foundation · Gary O’Neall, SourceAuditor · Andrew Katz, Orcro · Jilayne Lovejoy · Steve Winslow, LF
|
|
|
|
Re: Today SPDX General Meeting Reminder
Paul Madick
Hi Phil,
I have a conflict today so will miss the meeting. I will be on the legal call after.
Best,
Paul
-------- Original message --------
From: Phil Odence <phil.odence@...>
Date: 11/1/18 12:48 AM (GMT-08:00)
To: spdx@...
Subject: [spdx] Today SPDX General Meeting Reminder
No guest presentation this month, so anticipate a shorter meeting.
(I’m open to ideas for guest presentations.)
GENERAL MEETING
Meeting Time: Thurs, Nov 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
itevomcid
|
|
|
|
Today SPDX General Meeting Reminder
Phil Odence
No guest presentation this month, so anticipate a shorter meeting.
(I’m open to ideas for guest presentations.)
GENERAL MEETING
Meeting Time: Thurs, Nov 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
OpenChain Recap - Week of 22nd October - Open Source Summit Europe
Shane Coughlan <coughlan@...>
It was a huge week last week. Quick recap of the major items below.
tl;dr - Toshiba is a Platinum Member, SUSE is OpenChain Conformant, Sony and Fujitsu shared knowledge We had two slide decks shared via the OpenChain Workshop (see bottom of mail). These boil down to two data points: (1) Fujitsu is actively using SPDX and wants to work with everyone else using this standard for describing information in software packages. (2) Sony has identified that it is important to include Sales/Marketing in the discussions around OpenChain and open source compliance. This builds on prior identification of the importance of making sure Procurement can understand OpenChain. For (1), I am going to hand over to Kate and the team at SPDX to discuss collaboration with Ueba San at Fujitsu. All in CC. For (2), we have a clear understanding that we need to formulate onboarding/introduction material for: (i) Procurement (ii) Sales/Marketing Nathan (chair of onboarding), would it make sense for us to open a couple of Google Docs to collaborate on this? == Big News == Toshiba Joins the OpenChain Project as a Platinum Member: “OpenChain is not just a project for OSS license compliance, it also helps to improve mutual trust and effective communication between open source developers and users,” says Tetsuji Fukaya, Director of the Corporate Software Engineering and Technology Center of Toshiba Corporation. “Open source is publicly recognized as an essential part of digital transformation and widely used in numerous products. In order to use open source appropriately, we think that license compliance alone is not enough. Mutual trust between developers and users is also essential. OpenChain will be key to achieve both. For that reason, we feel proud of being part of the OpenChain Project.” https://www.linuxfoundation.org/press-release/2018/10/toshiba-joins-the-openchain-project-as-a-platinum-member/ SUSE Joins the OpenChain Community of Conformance: “For more than 25 years, SUSE has created and engaged with open source communities as a foundation for its enterprise solutions,” said Thomas Di Giacomo, SUSE CTO. “We always engage with the community to better meet customer needs, and our OpenChain certification is another indication to enterprises that we are committed to making their experience with open source software more reliable and cost effective.” https://www.linuxfoundation.org/press-release/2018/10/suse-joins-the-openchain-community-of-conformance/ == OpenChain Workshop Contributions == Improvements in meta spdxscanner through FOSSology - Ueba San: https://www.slideshare.net/ShaneCoughlan3/improvements-in-meta-spdxscanner-through-fossology-ueba-san Two aspects for OpenChain BoF session - Ueda San: https://www.slideshare.net/ShaneCoughlan3/two-aspects-for-openchain-bof-session-ueda-san Regards Shane -- Shane Coughlan General Manager, OpenChain e: coughlan@... p: +81 (0) 80 4035 8083 w: www.openchainproject.org Professional profile: http://www.linkedin.com/in/shanecoughlan Get my free book on open source compliance here: https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance
|
|
|
|
SPDX Sept General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04
General Meeting/Minutes/2018-10-04< General Meeting | Minutes · Attendance: 8 · Lead by Phil Odence · Minutes of Sept meeting approved
Contents[hide] · 1 Tech Team Report - Kate/Gary · 2 Legal Team Report - Jilayne · 3 Outreach Team Report - Jack Tech Team Report - Kate/Gary[edit]· Spec · Focus on multiple formats · How do deal with XML, JSON, YAML · Proposal to link to software heritage identifies · SW heritage- presentation came out recently on how code should be ID’ed in repos · Seems to make sense to extend references to point to · General agreement on last tech call · Tooling · Got integrated on line tools up · License submittal · XML editor · Beta quality, ready to go. http://spdxtools.sourceauditor.com · GSOC has worked very well · Should thank Google · Post on Website · Could use some social media · Topic for Outreach · May want to point projects to FSF software reuse site which advocates SPDX · Would be a good credibility builder · The link is on the site, but not easy to find · Other Groups · NTIA- Government group defining a BoM standard · Prototype work in health care · Fingers crossed that they will use SPDX · SWID · Active discussion · Mapping fields between SPDX an SW · Other groups may be able to use our use cases · They are wrestling with what is a components · Also, how a company can keep their own supplementary license list · Can do via a SPDX doc that is just licenses and make external reference to · Steve W will help out Legal Team Report - Jilayne[edit]· New license backlog · Trying to clear out for next release · Looking forward to new tooling · Could use testing help · Need some Python help on the tools · Mostly fixing up formatting stuff Outreach Team Report - Jack[edit]· Little activity · Regrouping
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Kate Stewart, Linux Foundation · Gary O’Neall, SourceAuditor · Matthew Crawford, ARM · Jilayne Lovejoy, ARM · Jack Manbeck, TI · Steve Winslow, LF · Mark Atwood, Amazon
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
No guest presentation this month, so anticipate a shorter meeting.
(I’m open to ideas for guest presentations.)
GENERAL MEETING
Meeting Time: Thurs, Oct 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-09-06
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
Re: Thursday SPDX General Meeting Reminder
On 4 Sep 2018 10:45 p.m., "Phil Odence" <phil.odence@...> wrote:
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
This month’s guest speaker is Mark Gisi. Many of you know Mark from his big contributions over the years to SPDX and OpenChaiun. He has a really interesting topic to share. I’m disappointed that I have a conflict. One of the other SPDX Core Team Members will host. Phil Odence
Abstract ----------- The union of SPDX data and a blockchain ledger is a match made in heaven. This union enables us to provide both *accountability* and *access* to SPDX data for manufactured products that are comprised on software components contributed by dozens of suppliers. We will present a use case of how we track SPDX data (along with source code and notices) across the manufacturing supply chain of a device running the Zephyr operating system runtime. Bio ---- Mark Gisi, Directory of Intellectual Property and Open Source at Wind River Systems, has been managing Open Source policies and programs for the past 12 years. Mark contributes to the Linux Foundation’s SPDX project, OpenChain Project and the Hyperledger Project’s SParts (Software Parts) lab initiative. Mark holds a MS degree in Computer Science and a BS degree in Mathematics.
GENERAL MEETING
Meeting Time: Thurs, Sept 6, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-08-02
Guest Presentation – Mark
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|