|
Re: [EXTERNAL] Re: [spdx-tech] [spdx] Need Help for contrubuting in GSOC 2019
#spdx
varshak333@...
Hey Can i know which languages are used in backend of spdx? On Thu, Jan 10, 2019 at 10:35 PM varsha kukreja <varshak333@...> wrote:
|
|
|
|
Re: Need Help for contrubuting in GSOC 2019
#spdx
Kate Stewart
Hi Varshak, Welcome! Glad you're interested in participating in our community. I am copying the spdx-tech mail list where we discuss the GSoC efforts. Ideas we've come up with so far are listed on: https://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeas, but we're in active idea gathering mode this week, so suggestions are welcome as well. Kate On Thu, Jan 10, 2019 at 7:36 AM <varshak333@...> wrote: I would like to contribute to the open source community ..I have majorly worked on backend on 2 college sponsored projects and working currently on a project by Government Organization. I have fair knowledge in Javascript, NodeJs, Typescript, Spring Boot, Laravel , Docker and apache thrift. It woukd be great if could if someone could help me get started --
Kate Stewart Sr. Director of Strategic Programs, The Linux Foundation Mobile: +1.512.657.3669 Email / Google Talk: kstewart@... |
|
|
|
Need Help for contrubuting in GSOC 2019
#spdx
varshak333@...
I would like to contribute to the open source community ..I have majorly worked on backend on 2 college sponsored projects and working currently on a project by Government Organization. I have fair knowledge in Javascript, NodeJs, Typescript, Spring Boot, Laravel , Docker and apache thrift. It woukd be great if could if someone could help me get started
|
|
|
|
SPDX January General Meeting Minutes
Phil Odence
< General Meeting | Minutes · Attendance: 15 · Lead by Phil Odence · Minutes of Dec meeting approved
Contents[hide] · 1 Guest Presentation, JC Herz · 2 Tech Team Report - Kate/Gary · 3 Legal Team Report - Jilayne Guest Presentation, JC Herz[edit]· Background · Years of working with companies and DOD in open source · The Issues/concerns · License issues- SPDX handles well · Concerns about security close on the heels · Compliance is an additional step- Jumping through the hoops to document · SEVA Software Evidence Archive · Elements · Serves S-BOM function · Augments with content that needs to travel with software · Therefore allowing compliance work to be automated · Freeing up valuable resources to do what they are supposed to do · Can apply to a single component or a full application, so SEVA doesn’t distinguish · Format Issue · Customers required XML, beyond SEVA JSON · To be useable by a highly secure facility, data has to be hardened for which XML is better suited · Can be constrained and format can be verified (and extended) · SPDX and SEVA Overlap · License Info · For the most part SPDX handles beautifully · Government also needs to distinguish government open source · A little more information about state of software (e.g. pre-release) · Security extra needs · Some concern about spurious vulnerabilities · Answer is to extend a BoM to include patch info, etc · End of life indicator · They take SPDX familiar thing and provide some extensibility · How to name “supplier”? · Working with Kate · OSS organization for example · A bank’s black list · Vulnerabilities · Key requirement for vulnerabilities info in SBOM, although just a link might make more sense · Reason is “audit” function. What you knew when. So needs a time stamp. · Bureaucratic are not going to change in favor of something that makes more sense for developers · Concerns that this will get worse over time · Other Side - Logistics · Moving and shipping of SW/chain of custody- Where did it come from exactly · Not something OSS community has had to worry about · Bad mirror issue, for example. · Signed? Timestamp? Delivery date and time for software. · Something like FedEx analogy · Package URL helps identify · Q&A · What can SPDX group do? · JC thinks that they should open source SEVA · Could contribute to LinuxF perhaps · Understand and need to balance needs of OSS consumers and dev communities · Don’t want to burden them · Automate · Challenge- How to distinguish enterprise quality OSS vs. pet projects
Tech Team Report - Kate/Gary[edit]· Tools · Starting to plan for GSoC submissions with Gary/Kate · Steve has been trained on releasing License list, so Gary now has backup · Steve has been working on some new tools for summarizing the SPDX_license_ids based on a new SPDX go library - currently its just supporting TV, but he hopes to add in the other formats · Specification · Gary & James have been working through SeVA XML and working through how it can be added. Legal Team Report - Jilayne[edit]· License List · V3.4 out before Christmas · Big success to not have to scramble through holidays · Release notes in the GitHub repo · Instructions for requesting now live in Repo as well · Leverage GSOC work has been automated. · New frontier- Getting open hardware licenses on list · Expanding definition of what goes on the list
Outreach Team Report[edit]· None this month Attendees[edit]· Phil Odence, Black Duck/Synopsys · Kate Stewart, Linux Foundation · Jilayne Lovejoy · Steve Winslow, LF · Alexios Zavras, Intel · Luis Villa, Tidelift · Jams Neushal, Neushul Solutions · Matthew Crawford, ARM · Kevin Nelson, Optim Tech UHG · Dennis Clark, NexB · Thomas Steenbergen, HERE · Bradlee Edmondson, Harvard · Gary O’Neall, SourceAuditor · Nicholas Toussaint, Orange · JC Herz, Ionchannel
|
|
|
|
Re: Jan 3 SPDX General Meeting Reminder
Phil Odence
Apologies for the extra email, but someone kindly pointed out an error on my part. The correct time for the General Meeting is 16:00 UTC. Meeting Time: Thurs, Jan 3, 8am PT / 10 am CT / 11am ET / 16:00 UTC.
From: "podence@..." <podence@...>
Re-reminding now that most folks are back from the holidays.
From: "podence@..." <podence@...>
Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.
A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications.
Here's what she’ll be talking about- “Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)” In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components.
GENERAL MEETING
Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Guest Speaker – JC Herz
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
FW: Jan 3 SPDX General Meeting Reminder
Phil Odence
Re-reminding now that most folks are back from the holidays.
From: "podence@..." <podence@...>
Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.
A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications.
Here's what she’ll be talking about- “Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)” In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components.
GENERAL MEETING
Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Guest Speaker – JC Herz
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
Jan 3 SPDX General Meeting Reminder
Phil Odence
Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.
A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications.
Here's what she’ll be talking about- “Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)” In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components.
GENERAL MEETING
Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Guest Speaker – JC Herz
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
Meeting Minutes from December General Meeting
Gary O'Neall
Meeting minutes from this month’s general meeting have been published at https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06
Regards,
------------------------------------------------- Gary O'Neall Principal Consultant Source Auditor Inc. Mobile: 408.805.0586 Email: gary@...
|
|
|
|
SPDX Nov General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-11-01
General Meeting/Minutes/2018-11-01< General Meeting | Minutes · Attendance: 6 · Lead by Phil Odence · Minutes of Oct meeting approved
Contents[hide] · 1 Tech Team Report - Kate/Gary · 2 Legal Team Report - Jilayne · 3 Outreach Team Report - All Tech Team Report - Kate/Gary[edit]· Spec · Ceva discussions · Looking at fields that we might incorporate · Security · Evidence · Idea is to bring in as a separate section · Good Progress · Some discussions with NTIA Group as well · SWID · May start using the security mailing list soon · Tooling · Multiple formats · Challenges solves · XML, JSON, YAML, Tag value, RDF · Attention back to updating tooling with spec · Some concern about file sizes with certain packages/formats · May simply be an issue of LOTS of files · Generating License List · Didn’t work perfectly · Giving another run · Updating tooling for license submittal/editing · A few bugs need to be worked around
Legal Team Report - Jilayne[edit]· There’s a fair backlog of issues to work through · Ongoing process · 3.1 Is out · Started new practice of release notes · Tooling and new request system has to be nailed down · People are going through multiple paths/processes · Need to standardize · Tooling is close · Need a few more text fields · All submissions seem to come from Gary · License inclusion guidelines · Inbound request regarding open hardware languages · Already included open data license · May need to revisit inclusion guidelines · OSI discussion about naming issues with SPDX · Need to find opportunity for better collaboration
Outreach Team Report - All[edit]· Seems to be a lot more use of SPDX in the wild than we are aware of · How do we run down and catalog? · Wonder if it’s time for another poll · Last poll results: https://spdx.org/sites/cpstandard/files/pages/files/spdx_survey_results_may_2013.zip
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Kate Stewart, Linux Foundation · Gary O’Neall, SourceAuditor · Andrew Katz, Orcro · Jilayne Lovejoy · Steve Winslow, LF
|
|
|
|
Re: Today SPDX General Meeting Reminder
Paul Madick
Hi Phil,
I have a conflict today so will miss the meeting. I will be on the legal call after.
Best,
Paul
-------- Original message --------
From: Phil Odence <phil.odence@...>
Date: 11/1/18 12:48 AM (GMT-08:00)
To: spdx@...
Subject: [spdx] Today SPDX General Meeting Reminder
No guest presentation this month, so anticipate a shorter meeting.
(I’m open to ideas for guest presentations.)
GENERAL MEETING
Meeting Time: Thurs, Nov 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
itevomcid |
|
|
|
Today SPDX General Meeting Reminder
Phil Odence
No guest presentation this month, so anticipate a shorter meeting.
(I’m open to ideas for guest presentations.)
GENERAL MEETING
Meeting Time: Thurs, Nov 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
OpenChain Recap - Week of 22nd October - Open Source Summit Europe
Shane Coughlan <coughlan@...>
It was a huge week last week. Quick recap of the major items below.
tl;dr - Toshiba is a Platinum Member, SUSE is OpenChain Conformant, Sony and Fujitsu shared knowledge We had two slide decks shared via the OpenChain Workshop (see bottom of mail). These boil down to two data points: (1) Fujitsu is actively using SPDX and wants to work with everyone else using this standard for describing information in software packages. (2) Sony has identified that it is important to include Sales/Marketing in the discussions around OpenChain and open source compliance. This builds on prior identification of the importance of making sure Procurement can understand OpenChain. For (1), I am going to hand over to Kate and the team at SPDX to discuss collaboration with Ueba San at Fujitsu. All in CC. For (2), we have a clear understanding that we need to formulate onboarding/introduction material for: (i) Procurement (ii) Sales/Marketing Nathan (chair of onboarding), would it make sense for us to open a couple of Google Docs to collaborate on this? == Big News == Toshiba Joins the OpenChain Project as a Platinum Member: “OpenChain is not just a project for OSS license compliance, it also helps to improve mutual trust and effective communication between open source developers and users,” says Tetsuji Fukaya, Director of the Corporate Software Engineering and Technology Center of Toshiba Corporation. “Open source is publicly recognized as an essential part of digital transformation and widely used in numerous products. In order to use open source appropriately, we think that license compliance alone is not enough. Mutual trust between developers and users is also essential. OpenChain will be key to achieve both. For that reason, we feel proud of being part of the OpenChain Project.” https://www.linuxfoundation.org/press-release/2018/10/toshiba-joins-the-openchain-project-as-a-platinum-member/ SUSE Joins the OpenChain Community of Conformance: “For more than 25 years, SUSE has created and engaged with open source communities as a foundation for its enterprise solutions,” said Thomas Di Giacomo, SUSE CTO. “We always engage with the community to better meet customer needs, and our OpenChain certification is another indication to enterprises that we are committed to making their experience with open source software more reliable and cost effective.” https://www.linuxfoundation.org/press-release/2018/10/suse-joins-the-openchain-community-of-conformance/ == OpenChain Workshop Contributions == Improvements in meta spdxscanner through FOSSology - Ueba San: https://www.slideshare.net/ShaneCoughlan3/improvements-in-meta-spdxscanner-through-fossology-ueba-san Two aspects for OpenChain BoF session - Ueda San: https://www.slideshare.net/ShaneCoughlan3/two-aspects-for-openchain-bof-session-ueda-san Regards Shane -- Shane Coughlan General Manager, OpenChain e: coughlan@... p: +81 (0) 80 4035 8083 w: www.openchainproject.org Professional profile: http://www.linkedin.com/in/shanecoughlan Get my free book on open source compliance here: https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance |
|
|
|
SPDX Sept General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04
General Meeting/Minutes/2018-10-04< General Meeting | Minutes · Attendance: 8 · Lead by Phil Odence · Minutes of Sept meeting approved
Contents[hide] · 1 Tech Team Report - Kate/Gary · 2 Legal Team Report - Jilayne · 3 Outreach Team Report - Jack Tech Team Report - Kate/Gary[edit]· Spec · Focus on multiple formats · How do deal with XML, JSON, YAML · Proposal to link to software heritage identifies · SW heritage- presentation came out recently on how code should be ID’ed in repos · Seems to make sense to extend references to point to · General agreement on last tech call · Tooling · Got integrated on line tools up · License submittal · XML editor · Beta quality, ready to go. http://spdxtools.sourceauditor.com · GSOC has worked very well · Should thank Google · Post on Website · Could use some social media · Topic for Outreach · May want to point projects to FSF software reuse site which advocates SPDX · Would be a good credibility builder · The link is on the site, but not easy to find · Other Groups · NTIA- Government group defining a BoM standard · Prototype work in health care · Fingers crossed that they will use SPDX · SWID · Active discussion · Mapping fields between SPDX an SW · Other groups may be able to use our use cases · They are wrestling with what is a components · Also, how a company can keep their own supplementary license list · Can do via a SPDX doc that is just licenses and make external reference to · Steve W will help out Legal Team Report - Jilayne[edit]· New license backlog · Trying to clear out for next release · Looking forward to new tooling · Could use testing help · Need some Python help on the tools · Mostly fixing up formatting stuff Outreach Team Report - Jack[edit]· Little activity · Regrouping
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Kate Stewart, Linux Foundation · Gary O’Neall, SourceAuditor · Matthew Crawford, ARM · Jilayne Lovejoy, ARM · Jack Manbeck, TI · Steve Winslow, LF · Mark Atwood, Amazon
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
No guest presentation this month, so anticipate a shorter meeting.
(I’m open to ideas for guest presentations.)
GENERAL MEETING
Meeting Time: Thurs, Oct 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-09-06
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
L. Philip Odence
|
|
|
|
Re: Thursday SPDX General Meeting Reminder
On 4 Sep 2018 10:45 p.m., "Phil Odence" <phil.odence@...> wrote: |
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
This month’s guest speaker is Mark Gisi. Many of you know Mark from his big contributions over the years to SPDX and OpenChaiun. He has a really interesting topic to share. I’m disappointed that I have a conflict. One of the other SPDX Core Team Members will host. Phil Odence
Abstract ----------- The union of SPDX data and a blockchain ledger is a match made in heaven. This union enables us to provide both *accountability* and *access* to SPDX data for manufactured products that are comprised on software components contributed by dozens of suppliers. We will present a use case of how we track SPDX data (along with source code and notices) across the manufacturing supply chain of a device running the Zephyr operating system runtime. Bio ---- Mark Gisi, Directory of Intellectual Property and Open Source at Wind River Systems, has been managing Open Source policies and programs for the past 12 years. Mark contributes to the Linux Foundation’s SPDX project, OpenChain Project and the Hyperledger Project’s SParts (Software Parts) lab initiative. Mark holds a MS degree in Computer Science and a BS degree in Mathematics.
GENERAL MEETING
Meeting Time: Thurs, Sept 6, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-08-02
Guest Presentation – Mark
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Re: OpenChain @ Open Source Summit 2018 (Vancouver) on August 28th
Shane Coughlan <coughlan@...>
Dear all
toggle quoted message
Show quoted text
This is the final schedule for the OpenChain workshop at Open Source Summit North America today: 13:00 - Welcome and Status Update 13:10 - Work Team - Conformance 13:30 - Adjacent Project Status Overviews - SPDX - FOSSology - Clearly Defined 14:00 - Networking Break 14:30 - Forward Planning - Strategy and Tactics 15:00 - Work Team - Specification 15:50 - Networking Break 16:20 - Work Team - Curriculum 16:40 - Work Team - Onboarding 17:00 - Close Join us between 1:00 – 5:00 pm at Room 205, Vancouver Convention Centre West Regards Shane On Aug 27, 2018, at 3:10, Shane Coughlan <coughlan@...> wrote: |
|
|
|
OpenChain @ Open Source Summit 2018 (Vancouver) on August 28th
Shane Coughlan <coughlan@...>
Dear all
This is a reminder that there will be an OpenChain workshop at Open Source Summit North America this week. We are coordinating with our friends at the SPDX Project, who also have a workshop on the 28th, to ensure people can attend key parts of both. Here are our details: OpenChain Mini Summit Date: Tuesday, August 28 Time: 1:00 – 5:00 pm Location: Room 205, Vancouver Convention Centre West Registration Costs: Complimentary Here is our schedule: 13:00 - Welcome and Status Update 13:10 - Work Team - Conformance 13:30 - Forward Planning - Strategy and Tactics 14:00 - Networking Break 14:30 - Adjacent Project Status Overviews - SPDX - FOSSology - Clearly Defined 15:00 - Work Team - Specification 15:50 - Networking Break 16:20 - Work Team - Curriculum 16:40 - Work Team - Onboarding 17:00 - Close Public announcement here: https://www.openchainproject.org/news/2018/08/17/openchain-workshop-open-source-summit-north-america There will be an informal OpenChain social gathering at 6pm in the Mosaic Grill in the Hyatt Regency at 6pm. Spaces are limited to 20 people. We only have a couple of spots (literally) left so RSVP is strongly advised. I look forward to seeing you in Vancouver! Regards Shane -- Shane Coughlan General Manager, OpenChain e: coughlan@... p: +81 (0) 80 4035 8083 w: www.openchainproject.org Professional profile: http://www.linkedin.com/in/shanecoughlan Get my free book on open source compliance here: https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance |
|
|
|
August SPDX General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-08-02
General Meeting/Minutes/2018-08-02< General Meeting | Minutes · Attendance: 12 · Lead by Phil Odence · Minutes of July meeting approved Contents[hide] · 1 Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi · 2 Tech Team Report - Kate/Gary · 3 Legal Team Report - Jilayne/Paul · 4 Outreach Team Report - Jack Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi[edit]· Idea- Automatically generating SPDX docs as part of CI process · Scope · Focused on Travis CI, NPM and Python · Demo · Add an install and SPDX build script to build script · And some statements to push the SPDX docs to the repo · Future extensions · Pushing to GItHub as a commit · Other CI systems · Has been designed generically enough to be extensible to other languages and environments
Tech Team Report - Kate/Gary[edit]· Tooling · Mostly GSoC work · License XML Editor · Gary posting new version today http://spdxtools.sourceauditor.com · If you want to test, make it clear that these are tests, to make clear in the pull requests · Spec work · Working for consistency in external identifiers · Interest coming up from security community · SWID · NTIA conference that featured SPDX · Working in interop and SPDX standardization · Looking at spinning up a security subgroup · Interest from US House and Senate in a SW BoM and SPDX is on the docket · NIST and other organizations are involved in the background
Legal Team Report - Jilayne/Paul[edit]· 3.2 is out · Some clean up of old issues in process · Request to that legal folks try out Tushar’s tool · Exceptions · The term is imperfect as it handles some items that are not “exceptions” per se · Patent grants, for example · Considering changing the term to be more neutral and inclusive · “Modifiers” maybe? · Will send an email to a wide audience get people thinking about it and set up a special meeting
Outreach Team Report - Jack[edit]· Website · Making more sense of the License List and Documents section · Shane Coughlin, from Open Chain, is getting involved · Outreach to companies · New time for Outreach calls is 7pm EDT · (Shane is in Japan) · OSS Summit · Backoff on the Tuesday · And a session on Consuming SPDX
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Ndip Tanyi, Alberta University · Tushar Mittal, GSoC Student · Gary O’Neall, SourceAuditor · Yash Nisar, GSoC Student · Jack Manbeck, TI · Steve Winslow, LF · Jilayne Lovejoy, ARM · Paul Madick, Dimension Data · Mike Dolan, Linux Foundation · Matije Suklje, Liferay · Mark Atwood, Amazon
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
This month’s guest speaker is one of our Google Summer of Code Students, Ndip Tanyi. Originally from Cameroon where he did his undergraduate. He is currently enrolled in a masters degree in computer science at Alberta University. He is passionate about computer code and innovation as a whole.
Ndip will be speaking about his project, a build tool for SPDX file generation. The idea is to create plug-ins to support generating valid SPDX docs in continuous integration environments.
GENERAL MEETING
Meeting Time: Thurs, Aug, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-07-11
Guest Presentation – Ndip
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Cross Functional Issues –All
|
|
|