Date   

Thursday SPDX General Meeting Reminder

Philip Odence
 

Please join us for a special presentation by Krys Nuvadga an SPDX 2017 Google Summer of Code student participant. He is a student of the University of Buea, Cameroon.

 

Krys is working on the License Coverage Grader tool.  This tool takes an SPDX document and pointer to the original source files, and determine a "grade" to quantify how complete the licensing information is at the file level for the code represented by the SPDX document.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Sept 7, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval:  https://wiki.spdx.org/view/General_Meeting/Minutes/2017-08-03

 

 

Guest Presentation – Krys

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 

 

 

 

 

 


"License Clearance in Software Product Governance"

Kate Stewart
 

Just spotted a very nice reference to SPDX in Dirk Riehle's paper, and thought those on the list might find the paper interesting as well. 

http://dirkriehle.com/publications/2017-2/license-clearance-in-software-product-governance/

The first step is to have a standard format for a bill of materials that expresses what is included in a component. For this, the Linux Foundation has sponsored the creation of the Software Package Data Exchange (SPDX) standard [27] and tools for processing the standard [19].
SPDX is rapidly evolving. SPDX compliant documents provide information about what is contained within a software package, including the license information of a contained component, who created the component, its version, etc.


Kate 


SPDX Aug General Meeting Minutes

Philip Odence
 

Here are the minutes

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2017-08-03

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 

General Meeting/Minutes/2017-08-03

General Meeting‎ | Minutes

  • Attendance: 10
  • Lead by Phil Odence
  • Minutes of July meeting approved 

 

Contents

 [hide

Guest Presentation - Rohit[edit]

  • Studying computer science in India
    • Working with SPDX for a number of months
    • Great experience in learning about how open source works
    • And, was surprised to learn about license issues
  • Project- On line SPDX tools
    • move existing tools to web interfaces
    • started with simple UI
      • and, of course, used open source
      • java and python
      • needed a java VM
      • finally found a project that worked for him
  • Three tools
    • Validation tool
    • Converter tool
    • Comparison tool
  • Vailidation Tool
    • Very simple UI
    • Basically just upload a file
    • Returns result of SPDX compatibility errors
    • Works for both tag value and RDF
  • Comparison Tool
    • takes two file inputs (for comparison)
    • after files uploaded, they go through validation
    • If so, they are compared
    • output is Excel sheet, saved on the server, user gets download link
  • Conversion Tool
    • conversions between format types
    • user selects type of conversion
    • returns required format
      • similar to spreadsheet, stored on server with download link
  • Next steps
    • creating API so other applications can call
    • benefit is that java tool prereqs don’t need to be called
  • Rohit went through a very short demo but will set up a more detailed one with the Tech Team

 

Tech Team Report - Kate/Gary[edit]

  • Spec
    • Got through all of the topics in the Google Doc
    • Making good progress
  • 2.2 v 3.0 discussion
    • Still open to input on burning use cases that aren’t covered
    • Please feel free to provide input 
  • Tooling
    • most of the focus has been on GSoC
      • everyone is making great progress 
      • evaluation last week and everyone passed!
    • Progress on Python libraries
    • Helping legal team with tooling

 

Legal Team Report - Jilayne/Paul[edit]

  • Uptick in activity on XML review
    • Brad and Alexios have been great
    • This has been a longstanding need, so great to see progress
  • Discussion about Linus’ note on Linux and GPL
    • Will be added to license list
  • On the plate now: Lots of chatter on email list about implications of adding “+” operator
    • background
      • used to have two different licenses to handle “only” and “or later”
      • now using an operator
      • left “GPL only”
    • It’s created some problems
      • current meaning of GPL-2
      • problems with standard header
    • reached a conclusion about how to handle going forward
    • Best option
      • deprecate plus operator
      • go back to two different licenses
        • doesn’t really apply to other licenses anyway
        • we believe, but still open for discussion
    • big topic on legal call today
  • License comparison tool, web-based
  • API thought from Phil
    • Assuming we publish APIs for hosted tools, we will need to specify terms of use.

 

Outreach Team Report - Jack[edit]

  • Jack unavailable. His email input:
    • Update from my side is that we are still working on fleshing out and documenting the program tools that can scan licenses and generate/read spdx documents.
    • Kate- Also talking about how to come up with a test suite for tools to make sure tools correctly read/generate SPDX

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Rohit Lodha, Google Summer of Code
  • Gary O’Neall, SourceAuditor
  • Uday Shankar, Black Duck
  • Alexios Zavras, Intel
  • Matija Suklje, FSFE
  • Kate Stewart, Linux Foundation
  • Bradlee Edmondson, Harvard
  • Jilayne Lovejoy, ARM
  • Michael Herzog- nexB

 

 


Reminder about SPDX General Meeting on Thursday with guest presenter.

Philip Odence
 

Please join us for a special presentation by Rohit Lodha, another of our Google Summer of Code particpants. I’ll introduce Rohit and his project (on which he will upate us) in his own words:

I a third year student pursuing B.E Computer Science at Birla Institute of Technology and Science, Pilani, India (BITS Pilani). I love developing websites and have a huge interest in Python. 
During the summer, I worked on building Online Validation Tool. The aim of the project is to make an easy all-in-one portal to upload, parse, validate, compare, convert and search SPDX license list and documents using SPDX Java tools. It involves use of Java-Python bridge to use SPDX java tool for its various method.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval https://wiki.spdx.org/view/General_Meeting/Minutes/2017-07-06

 

 

Guest Presentation – Rohit

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 

 


Re: MarkDown conversion of specification live on SPDX GitHub

Matija Šuklje
 

Die 12. 07. 17 et hora 15.25.22 scripsis:
@all: Got asked this a couple times – Why Gitbook and not an alternative
like Pandoc?
[…]
@Matjia: I should have been clearer in the limitation wording. Should have
change “Simplified lay-out as MarkDown” to “Simplified lay-out as MarkDown
and GitBook“
That makes a lot of sense. And again, huge kudos for all the time you invested
in this migration and above all with gathering more contributions in mind.

If none of the ToC plugins work, we could try to modify one, or as a last
resort, simply make the chapters hierarchy flat. What do you think?


cheers,
Matija
--
gsm: tel:+386.41.849.552
www: http://matija.suklje.name
xmpp: matija.suklje@...
sip: sip:matija_suklje@...


Re: MarkDown conversion of specification live on SPDX GitHub

W. Trevor King
 

On Wed, Jul 12, 2017 at 03:25:22PM +0000, Steenbergen, Thomas wrote:
@Jack @Trevor: Yes, it’s possible to build multiple versions on the
gh-pages branch but uncommon way of working and think this may
confuse users. Topic was discussed in yesterday’s technical meeting
current agreement was to have official releases on spdx.org. I am
thinking to extend current Gulp build script with 2 new tasks 1) a
task to automate deployment of an official release to spdx.org 2) a
task to deploy any new release tag to GitHub
Releases<https://github.com/spdx/spdx-spec/releases>
This works. And for folks who want to pass references around and who
do not need the GitBook additions, you can use GitHub's source browser
and it's default Markdown rendering. For example, [1,2].

Cheers,
Trevor

[1]: https://github.com/spdx/spdx-spec/blob/231b27009182d92d6ec06582c71ad307d10dc0a6/chapters/appendix-IV-SPDX-license-expressions.md#3-exception-with-operator
[2]: https://github.com/spdx/spdx-spec/blame/231b27009182d92d6ec06582c71ad307d10dc0a6/chapters/appendix-IV-SPDX-license-expressions.md#L90

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


Re: MarkDown conversion of specification live on SPDX GitHub

Thomas Steenbergen
 

Hi,

 

Sorry did not find the time to reply to this thread earlier…

 

@all: Got asked this a couple times – Why Gitbook and not an alternative like Pandoc? My choice in GitBook was driven since I wanted to reduce the threshold for contributions. GitBook offered a defined format + structure, nice HTML output and a nice all-in-one solution including a WYSIWYG editor with GitHub upload (limited Git knowledge required). Could build this with PanDoc as well, have done so before but would have been more work and harder for others to maintain.

 

@Matjia: I should have been clearer in the limitation wording. Should have change “Simplified lay-out as MarkDown” to “Simplified lay-out as MarkDown and GitBook“

ToC simplification is because GitBook by default does not allow anchors in its ToC. I have tested several of the ToC plugins you link to but ones I tried either only worked in HTML or had issues. Will complete testing ToC plugins and ten pick one.

 

As part of fixing broken links I also inserting HTML anchors in MarkDown, hope I find the time to finish this change with next few days and push it to GitHub. My plan is to submit some pull requests to GitBook 4.x to fix some of the limitations I found.

 

@Jack @Trevor: Yes, it’s possible to build multiple versions on the gh-pages branch but uncommon way of working and think this may confuse users.  Topic was discussed in yesterday’s technical meeting current agreement was to have official releases on spdx.org. I am thinking to extend current Gulp build script with 2 new tasks 1) a task to automate deployment of an official release to spdx.org 2) a task to deploy any new release tag to GitHub Releases

 

Regards,

 

Thomas Steenbergen

Principal Engineer Open Source Governance and Policy

 

HERE Deutschland GmbH, Place of Business: Invalidenstraße 116, 10115 Berlin, Germany – Commercial Register: Amtsgericht Charlottenburg, HRB 106443B - USt-IdNr.: DE 812 845 193 - Managing Directors: Michael Bültmann, Robertus A.J. Houben

 

From: <spdx-bounces@...> on behalf of Brad Edmondson <brad.edmondson@...>
Reply-To: "brad.edmondson@..." <brad.edmondson@...>
Date: Monday 10 July 2017 at 22:54
To: "W. Trevor King" <wking@...>
Cc: "opensource@..." <opensource@...>, "spdx@..." <spdx@...>
Subject: Re: MarkDown conversion of specification live on SPDX GitHub

 

+1 for continuous build (I think that's what gulp is), and it gives you linkable tags for free. Very nice.


--

Brad Edmondson, Esq.
512-673-8782 | brad.edmondson@...

 

On Mon, Jul 10, 2017 at 1:41 PM, W. Trevor King <wking@...> wrote:

On Thu, Jul 06, 2017 at 02:38:24PM +0000, Manbeck, Jack via Spdx wrote:
> I want to link to the HTML spec from the website. Is it possible to
> label the 2.1 version so only that shows up on a link?

Once appoach to that would be having gulp build master and and all
tags (that have Markdown content), instead of just building master.
For example:

  https://spdx.github.io/spdx-spec/

would be the master build,

  https://spdx.github.io/spdx-spec/2.1.1-rc1/

would be a build of the 2.1.1-rc1 tag if/when that tag is made,

  https://spdx.github.io/spdx-spec/2.1.1/

would be abuild of the 2.1.1 release if/when that tag is made, etc.
I'm happy to help with tooling for this if it sounds useful.

Cheers,
Trevor

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

 


Re: MarkDown conversion of specification live on SPDX GitHub

Brad Edmondson
 

+1 for continuous build (I think that's what gulp is), and it gives you linkable tags for free. Very nice.

--
Brad Edmondson, Esq.
512-673-8782 | brad.edmondson@...

On Mon, Jul 10, 2017 at 1:41 PM, W. Trevor King <wking@...> wrote:
On Thu, Jul 06, 2017 at 02:38:24PM +0000, Manbeck, Jack via Spdx wrote:
> I want to link to the HTML spec from the website. Is it possible to
> label the 2.1 version so only that shows up on a link?

Once appoach to that would be having gulp build master and and all
tags (that have Markdown content), instead of just building master.
For example:

  https://spdx.github.io/spdx-spec/

would be the master build,

  https://spdx.github.io/spdx-spec/2.1.1-rc1/

would be a build of the 2.1.1-rc1 tag if/when that tag is made,

  https://spdx.github.io/spdx-spec/2.1.1/

would be abuild of the 2.1.1 release if/when that tag is made, etc.
I'm happy to help with tooling for this if it sounds useful.

Cheers,
Trevor

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx



Re: MarkDown conversion of specification live on SPDX GitHub

W. Trevor King
 

On Thu, Jul 06, 2017 at 02:38:24PM +0000, Manbeck, Jack via Spdx wrote:
I want to link to the HTML spec from the website. Is it possible to
label the 2.1 version so only that shows up on a link?
Once appoach to that would be having gulp build master and and all
tags (that have Markdown content), instead of just building master.
For example:

https://spdx.github.io/spdx-spec/

would be the master build,

https://spdx.github.io/spdx-spec/2.1.1-rc1/

would be a build of the 2.1.1-rc1 tag if/when that tag is made,

https://spdx.github.io/spdx-spec/2.1.1/

would be abuild of the 2.1.1 release if/when that tag is made, etc.
I'm happy to help with tooling for this if it sounds useful.

Cheers,
Trevor

--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


FW: Modeling Legal Text: A Tool Demonstration

Robin Gandhi
 

All,
I’m forwarding this on behalf of Robin from UNO. As you know, UNO has been highly supportive of SPDX. The research Robin is discussing is outside of the scope of SPDX, but may be of interest to some.
Phil

On 7/6/17, 4:15 PM, "Robin Gandhi" <rgandhi@...> wrote:

Webinar:
Join the call: https://www.uberconference.com/robinagandhi
Optional dial in number: 585-632-5623 PIN: 86451
**Best to join using a computer as I will using screen share for the demonstration.**

When:
Meeting Time: Thurs, July 13, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Note:
Hello all,
Please consider attending this conference call to provide feedback on a method to model legal text and its use for compliance analysis. The discussion will demonstrate associated tool support and discuss related model semantics.

Here is an abstract from a recent paper that our team authored:

Modular Norm Models: A Frame-Semantic Approach
Abstract— Norms in contractual agreements include claim-rights and corresponding duties. Analysis of norms expressed in voluminous legal text can benefit from the automation and traceability of logic-based models. Such norm models help reason about available rights and required duties based on the satisfiability of situations, a state-of-affair, in a given scenario. But model extraction from natural language needs subject matter expertise. Compliance reasoning in complex scenarios using large norm model networks is also difficult. We outline a novel method for modular norm model extraction and reasoning. For extraction, using the theory of frame-semantics we construct two foundational norm templates that cover Hohfeld’s concepts of claim-right and its jural correlative, duty. Template instantiations from legal text result in a re- peatable method for extraction of modular norm models. For reasoning, we introduce the notion of a super-situation. Super- situations contain other norm models. Compliance results from a modular norm are propagated to its containing super-situation, which in turn participates in other modular norms. This modularity allows on-demand incremental modeling and reasoning using simpler model primitives than previous approaches. We show our method on a variety of contractual statements in privacy and open source software domains.

Here is the Github repository with some demonstration links: https://github.com/robinagandhi/modularnorms


SPDX July General Meeting Minutes

Philip Odence
 

Thanks to Anna for sharing he GSOC work.

 

 

 

General Meeting/Minutes/2017-07-06

General Meeting‎ | Minutes

  • Attendance: 12
  • Lead by Phil Odence
  • Minutes of June meeting approved 

 

Contents

 [hide

Guest Presentation - Anna Buhman[edit]

  • Goals: Integrate GitHub with SPDX
    • Auto Generation
    • And kept up to date
    • Therefore easier to use
  • Uses
    • Repo admin sets up
    • Or non admin or someone outside could generate as well
    • Perhaps on a portion of the code
  • How it works
    • Scans using an open source scanner with every change
    • Creates doc and a pull request for updated doc which human must approve
      • anticipates needing some human modifications
    • Above is working today
  • Future modifications
    • Rather than replacing, combing with old version to retain human mods
    • Email notification of new docs
    • User-selectable license scanner
  • Project comments
    • Learning lots about different kinds of software
      • Example, learning about controlling GitHub with Python code
    • SPDX seemed very complicated at first
    • But understanding licensing she understands the requirements
    • Work so far is on GitHub in the SPDX area; Wiki too
  • Questions:
    • How to keep from overwriting human modifications?
      • Compare section by section and default to original giving a human the choice
    • When will a demo be available?
      • Maybe on a future call

 

Tech Team Report - Kate/Gary[edit]

  • Spec source is now on GitHub, versioned, etc,
    • Big thanks to Thomas Steenbergen
    • Working out permissions/process modifications
    • Looking at how to link to from spdx.org
  • Have been working through the topics for the next rev
  • Tooling
    • Summer of Code students have been giving updates
      • Gitter account set up wth lots of good conversations
      • Great progress overall

 

Legal Team Report - Jilayne/Paul[edit]

  • Good last few calls
  • XML Format
    • Gary set up a we to view previews
    • Down to last few files
  • Discussion about Linus’ note about GPL
    • Linus tried to clarify what it applied to our not
      • explicit about user space not subject to being a derivative work
    • Not calling it a license exception, per se, but will likely be treated as we treat exceptions
    • Not a clear way to represent; working on that now
    • There had been two versions, but that was cleaned up
  • Some chatter on mailing list about how we identify “only” as in GPL 2.0 Only
    • Problem: We are explicit about “or later” but not about “only”
    • Working with FSF who would prefer: GPL-2.0-Only
    • Considering modifications to the expression language

 

Outreach Team Report - Jack[edit]

  • Michael working on umbrella project page for Git
    • Idea is to be an SPDX home for developers
  • Working on a write up of goals for tools etc. 
    • Kate working on it.

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jack Manbeck, TI
  • Gary O’Neall, SourceAuditor
  • Anna Buhman, UNO
  • Paul Madick, Dimension Data
  • Michael Herzog- nexB
  • Thomas Steenbergen, HERE
  • Bradlee Edmondson, Harvard
  • Jilayne Lovejoy, ARM
  • Robin Gandhi, UNO
  • Georg Link, UNO

 

 


Re: MarkDown conversion of specification live on SPDX GitHub

Manbeck, Jack
 

Thomas,

 

This is excellent work. I want to link to the HTML spec from the website. Is it possible to label the 2.1 version so only that shows up on a link?

 

-        Jack

 

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Steenbergen, Thomas
Sent: Monday, July 03, 2017 4:53 PM
To: spdx@...
Cc: opensource@...
Subject: MarkDown conversion of specification live on SPDX GitHub

 

 

Hi all,

 

Wanted to let you all know that after several months in the making I pushed my MarkDown conversion of the SPDX specification 2.1 to  https://github.com/spdx/spdx-spec/

 

Benefits

 

·         Working on GitHub and using MarkDown should make it easier for people to contribute either via Git, editing files online or by filling issue

·         Specification now be build as HTML, PDF, ePUB or Mobipocket

·         HTML version is now mobile friendly and PDF has a table of contents

·         Every change on master branch is automatically build and deployed as HTML to https://spdx.github.io/spdx-spec/ (using Travis CI)

 

Limitations

·         Simplified lay-out as MarkDown has some limitations compared to Google Docs. See for example table of contents – no section included due not being able to directly link to sections within different chapters

 

To Do

·         Write CONTRIBUTING.md  - explain to contributors how they can participate in shaping future version of the specification. Propose we discuss best workflow in the next call.

·         Minor issues - broken links, lay-out issues or spelling mistakes in original specification

·         Introduce workaround for MarkDown shortcomings in HTML version

·         Automate publishing of PDF, ePUB, Mobipocket to GitHub Releases for a new version of specification

·         Upgrade to GitBook 4.x when it becomes available

 

All fixes will be made on the development/2.1.1 branch. If you find something feel free to send me an email or raise an issue.

 

Regards,

 

Thomas Steenbergen

Principal Engineer Open Source Governance and Policy

 

HERE Deutschland GmbH, Place of Business: Invalidenstraße 116, 10115 Berlin, Germany – Commercial Register: Amtsgericht Charlottenburg, HRB 106443B - USt-IdNr.: DE 812 845 193 - Managing Directors: Michael Bültmann, Robertus A.J. Houben

 

 

 

 


Re: MarkDown conversion of specification live on SPDX GitHub

Kate Stewart
 

Great work Thomas!

Thank you very much for your efforts to get our current (and future) specifications
into a more community friendly format!  :-)

Kate

On Mon, Jul 3, 2017 at 3:53 PM, Steenbergen, Thomas <thomas.steenbergen@...> wrote:

 

Hi all,

 

Wanted to let you all know that after several months in the making I pushed my MarkDown conversion of the SPDX specification 2.1 to  https://github.com/spdx/spdx-spec/

 

Benefits

 

·         Working on GitHub and using MarkDown should make it easier for people to contribute either via Git, editing files online or by filling issue

·         Specification now be build as HTML, PDF, ePUB or Mobipocket

·         HTML version is now mobile friendly and PDF has a table of contents

·         Every change on master branch is automatically build and deployed as HTML to https://spdx.github.io/spdx-spec/ (using Travis CI)

 

Limitations

·         Simplified lay-out as MarkDown has some limitations compared to Google Docs. See for example table of contents – no section included due not being able to directly link to sections within different chapters

 

To Do

·         Write CONTRIBUTING.md  - explain to contributors how they can participate in shaping future version of the specification. Propose we discuss best workflow in the next call.

·         Minor issues - broken links, lay-out issues or spelling mistakes in original specification

·         Introduce workaround for MarkDown shortcomings in HTML version

·         Automate publishing of PDF, ePUB, Mobipocket to GitHub Releases for a new version of specification

·         Upgrade to GitBook 4.x when it becomes available

 

All fixes will be made on the development/2.1.1 branch. If you find something feel free to send me an email or raise an issue.

 

Regards,

 

Thomas Steenbergen

Principal Engineer Open Source Governance and Policy

 

HERE Deutschland GmbH, Place of Business: Invalidenstraße 116, 10115 Berlin, Germany – Commercial Register: Amtsgericht Charlottenburg, HRB 106443B - USt-IdNr.: DE 812 845 193 - Managing Directors: Michael Bültmann, Robertus A.J. Houben

 

 

 


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx



Re: MarkDown conversion of specification live on SPDX GitHub

Matija Šuklje
 

Die 03. 07. 17 et hora 20.53.18 Steenbergen, Thomas scripsit:
Wanted to let you all know that after several months in the making I pushed
my MarkDown conversion of the SPDX specification 2.1 to
https://github.com/spdx/spdx-spec/
Brilliant! Thank you.

Limitations

· Simplified lay-out as MarkDown has some limitations compared to
Google Docs. See for example table of contents – no section included due
not being able to directly link to sections within different chapters
ToC with sections or subchapters of whatever depth should be doable and not
an issue with MarkDown itself, but with whatever software generates the
HTML/PDF/ePub/… from MarkDown.

There seems to be several ToC plugins for GitBook:
https://plugins.gitbook.com/browse?q=toc

e.g. this one:
https://plugins.gitbook.com/plugin/simple-page-toc
has a `maxDepth` option, with which you can select how deep it should go. The
default seems to be 3 levels (i.e. subsubsection).

For in-sentence references this would probably work:
https://stackoverflow.com/questions/5319754/cross-reference-named-anchor-in-markdown

Potentially useful for footnotes as well:
https://plugins.gitbook.com/plugin/footnote-string-to-number

· Introduce workaround for MarkDown shortcomings in HTML version
AFAIK simply using HTML tags is always a workaround in MarkDown.


cheers,
Matija
--
gsm: tel:+386.41.849.552
www: http://matija.suklje.name
xmpp: matija.suklje@...
sip: sip:matija_suklje@...


MarkDown conversion of specification live on SPDX GitHub

Thomas Steenbergen
 

 

Hi all,

 

Wanted to let you all know that after several months in the making I pushed my MarkDown conversion of the SPDX specification 2.1 to  https://github.com/spdx/spdx-spec/

 

Benefits

 

·         Working on GitHub and using MarkDown should make it easier for people to contribute either via Git, editing files online or by filling issue

·         Specification now be build as HTML, PDF, ePUB or Mobipocket

·         HTML version is now mobile friendly and PDF has a table of contents

·         Every change on master branch is automatically build and deployed as HTML to https://spdx.github.io/spdx-spec/ (using Travis CI)

 

Limitations

·         Simplified lay-out as MarkDown has some limitations compared to Google Docs. See for example table of contents – no section included due not being able to directly link to sections within different chapters

 

To Do

·         Write CONTRIBUTING.md  - explain to contributors how they can participate in shaping future version of the specification. Propose we discuss best workflow in the next call.

·         Minor issues - broken links, lay-out issues or spelling mistakes in original specification

·         Introduce workaround for MarkDown shortcomings in HTML version

·         Automate publishing of PDF, ePUB, Mobipocket to GitHub Releases for a new version of specification

·         Upgrade to GitBook 4.x when it becomes available

 

All fixes will be made on the development/2.1.1 branch. If you find something feel free to send me an email or raise an issue.

 

Regards,

 

Thomas Steenbergen

Principal Engineer Open Source Governance and Policy

 

HERE Deutschland GmbH, Place of Business: Invalidenstraße 116, 10115 Berlin, Germany – Commercial Register: Amtsgericht Charlottenburg, HRB 106443B - USt-IdNr.: DE 812 845 193 - Managing Directors: Michael Bültmann, Robertus A.J. Houben

 

 

 


July SPDX General Meeting Reminder

Philip Odence
 

Please join us for a special presentation from Ana Buhman, one of our Google Summer of student coders. Anna is in the CS master’s program and the University of Nebraska Omaha where she did her undergrad as well. She will talk about her work with GitHub and SPDX. She is creating a facility which will automatically create and maintain an SPDX document along with any evolving GitHub project. Very exciting stuff!

 

GENERAL MEETING

 

Meeting Time: Thurs, July 6, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval https://wiki.spdx.org/view/General_Meeting/Minutes/2017-06-01  

 

 

Guest Presentation – Anna Buhman

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

Phil

 

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

 

 

 

 


SPDX June General Meeting Minutes

Philip Odence
 

General Meeting/Minutes/2017-06-01

General Meeting‎ | Minutes

  • Attendance: 9
  • Lead by Phil Odence
  • Minutes of May meeting approved 

 

Contents

 [hide

Tech Team Report - Kate/Gary[edit]

  • Good progress on getting spec to GitHub
    • Should have a new version within the next month
    • Will be adapting processes to new source
  • Substantively working though list of items for next release
    • Still up in the air whether we will go to a 2.2 or directly to 3.0
      • Need to resolve by Aug
      • 2.2 candidates- clean up appendices for license list work, a few additional fields
    • 3.0 will imply compatibility issues
    • Timeframe depends on above, but likely 2018 in any case
  • Summer of Code
    • A number of students have started
    • Participation in Tech Calls
    • One just starting to commit to GitHub
  • Tooling
    • Moving apace
  • News- Someone from IBM reported at OSCON that they are using SPDX short identifiers internally

Legal Team Report - Jilayne/Paul[edit]

  • Lots of activity
  • XML work still underway; Gary supporting with tooling
  • Other large threads
    • Discussion about how to deal with licenses that have been translated
      • There is a default policy with which we’ve been consistent
      • Re-looking into this in light of new XML stuff and need for automated matching
      • JL started a Wiki page to pull together all the proposals
    • Kate/JL reached out to FSF
      • For rallying support
      • Issue: how we represent license and “or later” with the syntax sometimes goes unnoticed
        • Perhaps recasting as a separate v2 only license is a better way to handle
        • But there are implications we need to think through

 

Outreach Team Report[edit]

  • Basically we are still working on a proposal for how to allow tools to get a badge or certification for working with SPDX documents 
  • and an umbrella project  for Github for all of our projects out there.
  • Kate- also looking to create an archive of past projects which are no longer active
  • Backoff at LinuxCon Europe (October in Prague) is likely.
    • Working on test suite to be available for this.

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Paul Madick, Dimension Data
  • Michael Herzog- nexB
  • Jilayne Lovejoy, ARM
  • Kate Steward, Linux Foundation
  • Bradlee Edmondson, Harvard
  • Gary O’Neall, SourceAuditor
  • Alexios Zavras, Intel
  • Mike Dolan, Linux Foundation

 

 


Thursday SPDX General Meeting Reminder

Philip Odence
 

 

GENERAL MEETING

 

Meeting Time: Thurs, May June 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval https://wiki.spdx.org/view/General_Meeting/Minutes/2017-05-04

 

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

 

 


Welcome SPDX Google Summer of Code Students

Gary O'Neall
 

Please join me in welcoming our Google Summer of Code students Anna Buhman, Nuvadga Christian Tete, Rohit Lodha, and Aleksandr Lisianoi to the SPDX community.

 

Anna, Nuvadga, Rohit and Aleksandr will be collaborating with the SPDX tech team in improving our tooling, adding Github integration, creating a license coverage grading tool and implemented the long awaited online validation tools.

 

This month, the students will be focused on community bonding with the actual projects beginning on May 30.

 

More information on the Google Summer of Code can be found at https://summerofcode.withgoogle.com/

 

Gary

 

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

 


Minutes from SPDX May General Meeting

Philip Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2017-05-04

 

 

 

General Meeting/Minutes/2017-05-04

General Meeting‎ | Minutes

  • Attendance: 10
  • Lead by Phil Odence
  • Minutes of April meeting approved 

 

Contents

 [hide

Guest Presentation- Philippe[edit]

  • ScanCode
    • Open source project
    • Tool to enable developers to find the license and origin of components they are using
  • Features
    • Accurate
      • Scanned Linux kernel and results were superior to two other tools that were tested
    • Handles source and binaries
    • Well tested and community maintained
    • Easy to improve license detection
  • How it works
    • Input: Simple test files
    • Performs a diff against a large number of licenses and mentions
    • Handles packages via package manager.
    • Uses natural language parser for copyrights
    • Output in SPDX (or JSON)
  • Two pieces ScanCode Toolkit and Code Manager
  • Other projects in code.org

 

Tech Team Report - Kate/Gary[edit]

  • Restarted discussions about feature needs for next release
    • Looking at:
      • Philippe’s results
      • Debian
      • Other testing results
    • Wiki page has ideas for next release or two
      • Feel free to add there or via email
  • Also looking at putting together a test suite
    • Set of packages 
    • Results to be compared
  • Google SoC
    • Select three proposals
    • Students being notified about now
    • Next steps
      • Community bonding
      • Working with Students
      • Will provide status

 

Outreach Team Report - Jack[edit]

  • Working on Umbrella project
    • A wrapper around all the repositories for tools
  • Discussion of a tool certification project
    • Aiming to have done in Q1 18 timeframe
    • Initial testing at LinuxCon Europe. Prague in Oct
  • Call for Papers this week for NA LinuxCon, LA in August

 

Legal Team Report - Jilayne[edit]

  • Down to 24 licenses to review
  • Proposal for how to handle non-English licenses
    • Have handled some ad hoc
    • Need a broader policy
    • Will have implications for license matching guidelines

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Gary O’Neill, SourceAuditor 
  • Philippe Ombrédanne- nexB
  • Brad Edmondson, Harvard
  • Jilayne Lovejoy, ARM
  • Jack Manbeck, TI
  • Robin Gandhi, UNO
  • Kevin Nelson, Optum
  • Dennis Clark, Palamida

 

 

481 - 500 of 1600