Date   

Minutes from April SPDX General Meeting

Philip Odence
 

 

General Meeting/Minutes/2017-04-06

General Meeting‎ | Minutes

  • Attendance: 12
  • Lead by Phil Odence
  • Minutes of March meeting approved 

 

Contents

 [hide

Tech Team Report - Kate/Gary[edit]

  • Prepping for Google Summer of Code
    • 10 proposals
    • At least 3 or 4 are very promising, only 1 or 2 that aren’t that great
      • Examples: 
        • On-line validation tool (already engaged with community)
        • Automating SPDX gen in GitHub (already thought out architecture)
        • License grade
    • Mentors lined up for 2-4 slots we’ve requested
    • Will pick appropriate number based on slots

 

Outreach Team Report - Jack[edit]

  • Creating a developer-friendly area in Git for SPDX
    • Versions of the spec
    • Information exchange
      • following example of nexB creating an umbrella repo for the nexB family of repos
  • Talking about what we expect people to do
    • So we can make more definitive statements
    • for different market segments sort of
    • Will guide website

 

Legal Team Report - Jilayne[edit]

  • XML markup
    • Made some recent decisions
    • Down to less that 60 licenses
    • Still work to do and volunteers needed
  • Reception
    • Seeing interest on GitHub
    • Getting useful feedback on particulars of licenses
  • Challenge
    • Juggling two lists until next release
    • Unclear where to log updates
    • Enduring until next release
    • May make sense to post “Bear with us” message
      • in GitHub
      • and current repo
  • Timing
    • uncertain as it depends on getting the work done
    • plus a week or two of Gary once XML is done
  • Brad presented to ABA
    • Put a lot of time into slides
    • Should be posted on website

 

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Paul Madick, Dimension Data
  • Jilayne Lovejoy, ARM
  • Jack Manbeck, TI
  • Michael Herzog- nexB
  • Mark Gisi, Wind River 
  • Alexios Zavras, Intel
  • Thomas Steenbergen, HERE
  • Matije Suklje, LF
  • Gary O’Neill, SourceAuditor 
  • Dave Marr, Qualcomm

 



Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here.


Today's SPDX General Meeting

Philip Odence
 

Apologies for the late reminder.

With no guest speaker the month, we will try to keep the meeting to 30 minutes.

Phil

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 6, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval   http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02

 

  

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 



Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here.


March SPDX General Meeting Notes

Philip Odence
 

http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02

 

 

 

General Meeting/Minutes/2017-03-02

General Meeting‎ | Minutes

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of Feb meeting approved 

 

Contents

 [hide

Special Presentation- Mark Charlebois / Rashmi Chitrakar, Qualcomm[edit]

  • Mark from corp R&D, Rashmi from the open source group
  • Mark works on Dronecode
    • Goal is to build with Yocto
    • Want to provide good license info
    • At the outset Yocto build only supported SPDX 1.0 and uses FOSSology for scanning
      • Yocto is a distribution that comes with recipes for custom builds 
    • Motivation
      • reducing scan times was key
      • FOSSology was taking as much as 6 days
      • Introducing LiD to address
  • (Deck is available)
  • Yocto
    • has a number of build stages
    • current integration was inserted after patch stage to only scan what’s patched
    • but that doesn’t allow for reusability
    • So, the approach was to scan upstream sources and focus scan on only patches
    • Uses Yocto archiver
  • FOSSology integration
    • Mark was not able to even get it going
    • Old, did not seem well maintained
  • New integration
    • Implements approach to 
    • Leverage newer SPDX capabilities 
      • Relationships between files
      • Usage info (e.g. dynamic library)
    • Allows for parallelizing across machines
    • Can flag discrepancies (e.g. two different licenses declared)
    • Goal
      • create a federated commons of pre-scanned code
      • so, everyone’s work is cut by, say, 90% (as they only need to scan their customer 10%) 
  • LiD
    • Main Features of Scanners
      • They have access to FOSSology tools (Nomos, Monk)
      • Evaluated using Qualcomm code for testing
      • Nomos was pretty good at detecting license language (94%)
      • Monk, only about 25%
      • Used SPDX license list as source for license matching
    • Goal
      • Aiding in license compliance
      • Hope was to generate SPDX
  • Main functions
    • Scans source code to ID license language
    • Natural Language Process “Bag of words” approach
    • Jakarta index shows how well it matches
    • Levenstein measures to determine where to start/end
    • Output- color coded matches (and deviations)
    • Matched about as well as Noms
    • Accuracy
      • Right license
      • Right region
    • Better than Nomos at extracting full text; Monk really fell short
    • Can be tuned
      • Based on LiD Scores (1-perfect)
        • Scores of above .6 were pretty good, but user can adjust
      • Nomos, being REGEX based is very computationally expensive.
  • Will be available on GitHub
    • But available already
  • Q&A
    • What’s going on with Debian?
    • It’s being tested on Debian, not a lot of feedback yet

 

Tech Team Report - Kate[edit]

  • Spec
    • Have been working on reference examples
      • Filling in how to do examples 
    • Spec being converted to docbooks for style
      • Mobile-friendly
    • Getting the spec up on GitHub so changes can be tracked, pull requests, etc
      • Eventually we’ll move there from Bugzilla for issue tracking
    • FacetoFace in Tahoe
      • Jilayne did a great presentation that is available as video, Kate’s as well
      • JSON format discussion
  • Tools
    • Talked through plans at Face to Face

 

Outreach Team Report - Jack[edit]

  • Accepted for Google Summer of Code
    • Starting to get interest
  • Short meeting last week
    • Talked about feedback from Matt’s project surveying companies
    • Need to decide if we will do a survey
    • Jack says we really need to look at the Ecosystem
      • Define user types and what to tell them they should do
      • Need to paint a picture of what success is with SPDX
      • Some feedback from site “I’m a developer, what do I do?”
  • Considering whether we need someone on the outreach team who is more OSS community-focused
    • Perhaps looking at “SPDX lite” (wrong word) sort of approach, and easy way to get started

 

Legal Team Report - Jilayne/Paul[edit]

  • Good meetings at Tahoe
    • 2 hour working session 
      • Action plan for XML conversion
      • How to completely connect the dots and organize upcoming task
  • Today’s call will follow up
  • Brad Edmondson developing deck and presenting to ABA group

 

Attendees[edit]

  • Mark Charlebois, Qualcomm
  • Rashmi Chitrakar, Qualcomm
  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Philippe Ombrédanne- nexB
  • Paul Madick, Dimension Data
  • Jilayne Lovejoy, ARM
  • Jack Manbeck, TI
  • Michael Herzog- nexB
  • Mark Gisi, Wind River 
  • Thomas Steenbergen, HERE

 


[ANNOUNCE] SPDX has been accepted as a mentoring organization for the Google Summer of Code 2017

Philippe Ombredanne
 

A good news came in yesterday: SPDX has been accepted as a mentoring
organization for the Google Summer of Code 2017 thanks to Gary's hard
work. I look forward to contribute as an admin and mentor!

See https://summerofcode.withgoogle.com/organizations/6438746388955136/

Practically we should expect to have a couple or a few students
allocated to work and contribute to SPDX tools and technologies and
this is a great validation and recognition of the project and the
community efforts.

The next important date for the GSOC is March 20, 2017 when students
can start applying and submit their project proposals.

You can see all the accepted orgs here:
https://summerofcode.withgoogle.com/organizations/
The Linux foundation open printing project is also an accepted organization.

As a side note, http://aboutcode.org which is nexB's FOSS master
project has also been accepted as a mentoring organization and we have
several SPDX-related projects ideas there too:
https://github.com/nexB/aboutcode/wiki/GSOC-2017

--
Cordially
Philippe Ombredanne


Thursday SPDX General Meeting Reminder; Guest Speakers Announcement

Philip Odence
 

Joining us for this month’s meeting will be Mark Charlebois and Rashmi Chitraker from Qualcomm. They will talk about current state of License scanning in Yocto, integrating LiD into Yocto and improving the scanning integration with Yocto. They will also talk about the LiD scanner and how it compares to Fossology.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, March 2, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval  http://wiki.spdx.org/view/General_Meeting/Minutes/2017-02-02

 

Guest Presentation – Mark/Rashmi

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

 


Thursday SPDX General Meeting Reminder

Philip Odence
 

All, I have a conflict, so Gary will be chairing this month’s meeting. Thanks, Gary!

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Feb 2, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval  http://wiki.spdx.org/view/General_Meeting/Minutes/2017-01-05

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Business Team Report – Jack

 

Cross Functional Issues –All

 

 

 


Re: Yocto/OE SPDX Presentation at OSLS

Manbeck, Jack
 

Craig,

 

Thanks. Were excited to see what you have.  We would also love to have you join our tooling discussions. Let me follow up with you, as we are juggling the schedule at the moment.

 

Best regards,

 

Jack Manbeck

 

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Northway, Craig
Sent: Tuesday, January 24, 2017 12:49 PM
To: spdx@...
Cc: Charlebois, Mark
Subject: Yocto/OE SPDX Presentation at OSLS

 

Hi SPDX Team,

 

Mark Charlebois and I will be presenting at OSLS on our recent efforts to produce SPDX to support the Dronecode project. We have started work to integrate one of our internal license scanning tools, LiD, into Yocto/OE based on the existing Fossology bitbake integration. We plan to make our license scanning tool and our Yocto/OE integration available. We'll be presenting both on our scanning tool, and what we've learnt about how to best manage and author recipes to support license scanning and SPDX generation. You'll find details on us and our presentation here:

 

 

I am also keen on joining any relevant SPDX tooling discussions on Thursday of the summit to discuss how we can collaborate further in this space.

 

Thanks,

Craig

 

 


Yocto/OE SPDX Presentation at OSLS

Craig Northway
 

Hi SPDX Team,

Mark Charlebois and I will be presenting at OSLS on our recent efforts to produce SPDX to support the Dronecode project. We have started work to integrate one of our internal license scanning tools, LiD, into Yocto/OE based on the existing Fossology bitbake integration. We plan to make our license scanning tool and our Yocto/OE integration available. We'll be presenting both on our scanning tool, and what we've learnt about how to best manage and author recipes to support license scanning and SPDX generation. You'll find details on us and our presentation here:


I am also keen on joining any relevant SPDX tooling discussions on Thursday of the summit to discuss how we can collaborate further in this space.

Thanks,
Craig



Re: Open Source Leadership Summit (formerly known as Collab Summit)

Kate Stewart
 

Yes.    We've got Thurs(16th)11:15am-5pm reserved for SPDX.

More next week....  :-)

Kate

On Thu, Jan 5, 2017 at 5:54 PM, J Lovejoy <opensource@...> wrote:
Hi Jack,

Kate is still out, but I believe we have a room on Thursday reserved :)


Jilayne


On Jan 5, 2017, at 2:39 PM, Manbeck, Jack <j-manbeck2@...> wrote:

Jilayne,
 
We spoke with Kate about it on the outreach call before the end of the year. She was checking with the Linux Foundation to see what the plans were. I agree a meeting room for one day would be good.
 
-        Jack
 
 
 
From: spdx-bounces@....org [mailto:spdx-bounces@lists.spdx.org] On Behalf Of J Lovejoy
Sent: Thursday, January 05, 2017 2:46 PM
To: SPDX-general
Subject: Open Source Leadership Summit (formerly known as Collab Summit)
 
Hi All,
 
I should have thought to raise this on the General call today, but do we have a room or plan to have some F2F working session at this year’s Open Source Leadership Summit (formerly Collab Summit) - http://events.linuxfoundation.org/events/open-source-leadership-summit on Feb 14-16 in Lake Tahoe, CA?  We usually do, but it’s a better earlier in the year, so not quite on the radar yet!
 
We discussed it briefly on the legal call and agreed it would be good to have a F2F, but not sure what the plan is for having something official set up.  As people need to make travel plans soon, thought I’d reach out via email.  I am planning on being there, FWIW.
 
Cheers,
Jilayne
 

SPDX Legal Team co-lead
opensource@...



_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx




--
Kate Stewart
Sr. Director of Strategic Programs,  The Linux Foundation
Mobile: +1.512.657.3669
Email / Google Talk: kstewart@...


Re: Open Source Leadership Summit (formerly known as Collab Summit)

J Lovejoy
 

Hi Jack,

Kate is still out, but I believe we have a room on Thursday reserved :)


Jilayne


On Jan 5, 2017, at 2:39 PM, Manbeck, Jack <j-manbeck2@...> wrote:

Jilayne,
 
We spoke with Kate about it on the outreach call before the end of the year. She was checking with the Linux Foundation to see what the plans were. I agree a meeting room for one day would be good.
 
-        Jack
 
 
 
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of J Lovejoy
Sent: Thursday, January 05, 2017 2:46 PM
To: SPDX-general
Subject: Open Source Leadership Summit (formerly known as Collab Summit)
 
Hi All,
 
I should have thought to raise this on the General call today, but do we have a room or plan to have some F2F working session at this year’s Open Source Leadership Summit (formerly Collab Summit) - http://events.linuxfoundation.org/events/open-source-leadership-summit on Feb 14-16 in Lake Tahoe, CA?  We usually do, but it’s a better earlier in the year, so not quite on the radar yet!
 
We discussed it briefly on the legal call and agreed it would be good to have a F2F, but not sure what the plan is for having something official set up.  As people need to make travel plans soon, thought I’d reach out via email.  I am planning on being there, FWIW.
 
Cheers,
Jilayne
 

SPDX Legal Team co-lead
opensource@...



Re: Open Source Leadership Summit (formerly known as Collab Summit)

Manbeck, Jack
 

Jilayne,

 

We spoke with Kate about it on the outreach call before the end of the year. She was checking with the Linux Foundation to see what the plans were. I agree a meeting room for one day would be good.

 

-        Jack

 

 

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of J Lovejoy
Sent: Thursday, January 05, 2017 2:46 PM
To: SPDX-general
Subject: Open Source Leadership Summit (formerly known as Collab Summit)

 

Hi All,

 

I should have thought to raise this on the General call today, but do we have a room or plan to have some F2F working session at this year’s Open Source Leadership Summit (formerly Collab Summit) - http://events.linuxfoundation.org/events/open-source-leadership-summit on Feb 14-16 in Lake Tahoe, CA?  We usually do, but it’s a better earlier in the year, so not quite on the radar yet!

 

We discussed it briefly on the legal call and agreed it would be good to have a F2F, but not sure what the plan is for having something official set up.  As people need to make travel plans soon, thought I’d reach out via email.  I am planning on being there, FWIW.

 

Cheers,

Jilayne

 

SPDX Legal Team co-lead
opensource@...

 


Open Source Leadership Summit (formerly known as Collab Summit)

J Lovejoy
 

Hi All,

I should have thought to raise this on the General call today, but do we have a room or plan to have some F2F working session at this year’s Open Source Leadership Summit (formerly Collab Summit) - http://events.linuxfoundation.org/events/open-source-leadership-summit on Feb 14-16 in Lake Tahoe, CA?  We usually do, but it’s a better earlier in the year, so not quite on the radar yet!

We discussed it briefly on the legal call and agreed it would be good to have a F2F, but not sure what the plan is for having something official set up.  As people need to make travel plans soon, thought I’d reach out via email.  I am planning on being there, FWIW.

Cheers,
Jilayne

SPDX Legal Team co-lead
opensource@...



January SPDX General Meeting Minutes

Philip Odence
 

http://wiki.spdx.org/view/General_Meeting/Minutes/2017-01-05

 

 

 

General Meeting/Minutes/2017-01-05

< General Meeting‎ | Minutes

Jump to: navigation, search

  • Attendance: 14
  • Lead by Phil Odence
  • Minutes of Dec meeting approved

 

Contents [hide] 

  • 1 Special Presentation- Georgia (Zeta) Kapitsaki
  • 2 Cross Functional Topics - Phil
  • 3 Tech Team Report - Kate/Gary
  • 4 Legal Team Report - Jilayne/Paul
  • 5 Outreach Team Report - Jack
  • 6 Attendees

Special Presentation- Georgia (Zeta) Kapitsaki[edit]

  • Goals of work
    • Automate license specification and selection
    • Helping smaller companies and independent developers
    • Helping with combining licenses
      • Created a graph of compatibility for this purpose
      • Based on analysis by computer scientists (not reviewed by lawyers
  • Selected SPDX because it was the only standard way to represent
  • Analysis
    • Use RDF version of SPDX
    • Parse and find the different licenses
    • Based on compability graph to determine whether the license combinations are OK
    • Can analyze multiple docs to determine compatibility as well
  • Implementation
    • Based tools on SPDX community tools; implemented Java
    • Started with v1.1; needs upgrading
    • Had a problem with finding real files and so used on line FOSSology tools to create
  • Process
    • Uses graph, but graph could be used manually independent of SPDX
    • Find compatible/incompatible licenses
    • Determines problems and flags compatibility problems
  • Available on GitHub
  • Question
    • Are you looking at type of file when analyzing compatibility? Make files for example
      • No they analyze all licenses
      • Would be a direction for the future
      • Might also us dependency information
    • How did you determine which files were compatible and incompatible
      • Did their own analysis
      • Perhaps allow configuration of compatibility

 

Cross Functional Topics - Phil[edit]

  • ANNUAL GOALS
    • Roll out github-maintainable XML license templates
    • Define an approach to creating notice files from an SPDX doc
    • Develop a web-based license match tool
    • Implement tool to score a project’s licensing quality
    • Gain Apache/Eclipse Foundation adoption
    • Sponsor a Google Summer of Code Project
    • Conduct a supply chain management survey
    • Build “whole product” around the spec—what is required for adoption
    • Deploy existing SPDX group tools on web
    • Develop a git plug-in to generate an SPDX doc

 

Tech Team Report - Kate/Gary[edit]

  • Spec
    • Focus has been on support for implementations
      • Best practice
      • Tools
        • Pseudo code for notices generation
  • Moving git repo from LF over to GitHub at end of January

Legal Team Report - Jilayne/Paul[edit]

  • License list release
    • No Q4 license list release
    • Next one in next few days
  • Transition to Github list will be around end of January

Outreach Team Report - Jack[edit]

  • No meeting yet this year
  • Look at Leadership Conference
  • Approach to Summer of Code
  • Create survey
  • Working on supporting docs

 

 

Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Paul Madick, Dimension Data
  • Gary O’Neill, SourceAuditor
  • Georg Link, UNL
  • Mark Gisi, Wind River
  • Jack Manbeck, TI
  • Alexios Zavras, Intel
  • Matt Germonprez, UNO
  • Robin Gandhi, UNO
  • Dave Marr, Qualcomm
  • Sayonnha Mandal, UNO
  • Georgia Kapitsaki, U of Cyprus
  • NewPP limit report CPU time usage: 0.009 seconds Real time usage: 0.010 seconds Preprocessor visited node count: 23/1000000 Preprocessor generated node count: 28/1000000 Post‐expand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Highest expansion depth: 2/40 Expensive parser function count: 0/100 Saved in parser cache with key spdx_mwiki:pcache:idhash:1072-0!*!*!!en!*!* and timestamp 20170105165343 and revision id 4072

 


Thursday SPDX General Meeting Reminder (with special guest)

Philip Odence
 

This will be a particularly interesting General Meeting. In addition to our normal team reporting, we will have two special topics:

·         A presentation from Georgia (Zeta) Kapitsaki on her research using SPDX at the Univ of Cyprus

·         Review of 2017 annual goals for SPDX by the Core Team

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Jan 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

Minutes Approval http://wiki.spdx.org/view/General_Meeting/Minutes/2016-12-01

 

Special Presentation– Georgia (Zeta) Kapitsaki

License compatibilities and relevant tool in the framework of SPDX

 

Cross Functional Issues – Phil/All

Annual Goals

·         Roll out github-maintainable XML license templates

·         Define and approach to creating notice files from an SPDX doc

·         Develop a web-based license match tool

·         Implement tool to score a project’s licensing quality

·         Gain Apache/Eclipse Foundation adoption

·         Sponsor a Google Summer of Code Project

·         Conduct a supply chain management survey

·         Build “whole product” around the spec—what is required for adoption

·         Deploy existing SPDX group tools on web

·         Develop a github plug-in to generate an SPDX doc

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Business Team Report – Jack

 

 

 

Topic: License compatibilities and relevant tool in the framework of SPDX

Licensing decisions for new Open Source Software are not always straightforward. However, the license that accompanies the software is important as it largely affects its subsequent distribution and reuse. License information for software products is captured - among other data - in the Software Package Data Exchange (SPDX) files. I will talk briefly about our research work and our tool for the validation of SPDX files regarding proper license use. Software packages described in SPDX format are examined in order to detect license violations that may occur when a  product combines different software sources that carry different and potentially contradicting licenses. The SPDX License Validation Tool (SLVT) gives the opportunity to check the compatibility of one or more SPDX files. 

 

Brief biography:

Assistant Professor at the Department of Computer Science of the University of Cyprus (UCY) and faculty member of the Software Engineering and Internet Technologies (SEIT) laboratory in UCY. She received her PhD from the National Technical University of Athens, Greece (2009). Her research interests include: software engineering, service-oriented computing, open source software reuse and privacy enhancing technologies. She has published over 40 papers in international conferences and journals, has participated in conference organisation (e.g. ICSR 2016) and has served as a TPC member and referee in repudiated journals and conferences. She has been involved in EU FP6 and FP7 projects and has worked as a software engineer in the industry.

 

 

 

 

 


FW: Minutes from SPDX Dec General Meeting

Philip Odence
 

http://wiki.spdx.org/view/General_Meeting/Minutes/2016-12-01

 

 

 

 

General Meeting/Minutes/2016-12-01

< General Meeting‎ | Minutes

Jump to: navigation, search

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of Nov meeting approved

 

Contents [hide] 

  • 1 Tech Team Report - Kate/Gary
  • 2 Legal Team Report - Jilayne/Paul
  • 3 Outreach Team Report - Jack
  • 4 Cross Functional Topics - Phil
  • 5 Attendees

Tech Team Report - Kate/Gary[edit]

  • Spec
    • Has been focusing on coding up best practices for creating a Notices file
      • Will need some input from the Legal Team, probably a joint meeting
      • Output will be pseudo-code which could be the basis for a tools (basis is sparkle queries)
    • 2.1 is out there; no current bugs reported
      • Kate gave a presentation on 2.1 in Yokahama; will get to Jack for posting on website
  • Tooling
    • All upgraded to 2.1
    • No bugs reported
    • Python library being upgraded
      • Useful for implementing SPDX in a Python-based sw tool
  • 2017 Goals Brainstorm
    • Tooling to make quality of licensing more visible
      • Mark G started this work
      • The idea is to grade a project, based on SPDX file, for how complete the licensing is
  • Looking to get plug-ins adopted into communities
    • Apache and Eclipse
  • Web based tools
    • Current java tools involve installing java environment
    • e.g. Past a license into a webpage and have it matched to an SPDX template
  • Discuss pros/cons of moving to single format
    • JSON- Happy medium between tag value and RDF
  • Write a git plug-in for generating SPDX docs
    • Could then grade
  • Another Google Summer of Code Project

Legal Team Report - Jilayne/Paul[edit]

  • How to leverage git hub for document maintenance
  • xml work
    • Still plugging away
    • Need to assess where we are in Thursday’s call
  • License list
    • No Sept release
    • Some requests have trickled in
  • 2017 Goals Brainstorm
    • Big thing is getting the XML templates up
    • Getting up and running on GitHub
    • Make sure notice files work is accurate
    • Upgrading the license expressions language
    • Supportive of license match Web App

 

Outreach Team Report - Jack[edit]

  • A few meetings have been missed
  • Website is up
  • Outlining documentation needs
  • 2017 Goals Brainstorm
    • Do a survey of companies using supply chains - understand what they are doing wrt gathering license data
      • Could use other existing groups such as Open Chain

 

Cross Functional Topics - Phil[edit]

Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Paul Madick, Dimension Data
  • Gary O’Neill, SourceAuditor
  • Tarek Jamal, ARM
  • Mark Gisi, Wind River
  • Jack Manbeck, TI
  • Alexios Zavras, Intel
  • Michael Herzog- nexB
  • Philippe Ombrédanne- nexB

 


Thursday SPDX General Meeting

Philip Odence
 

Special Discussion, 2017 Goals- Please bring your thoughts about goals for next year. After each update, team leads will facilitate some brainstorming on this subject. The Core Team will finalize and announce formal goal at the January 5 General Meeting. 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Dec 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Business Team Report – Jack

 

Cross Functional Issues – Phil

 

 

 

 

 


Minutes from November SPDX General Meeting

Philip Odence
 

Thanks again to Lei from Fujitsu for an interesting presentation!

 

 

General Meeting/Minutes/2016-11-03

< General Meeting‎ | Minutes

Jump to: navigation, search

         Attendance: 12

         Lead by Phil Odence

         Minutes of Sept meeting approved (Oct meeting was cancelled due to LinuxCon Europe)

 

Contents [hide] 

                        1 Special Guest - Lei Mao Hui, Fujitsu

                        2 Tech Team Report - Kate/Gary

                        3 Legal Team Report - Jilayne/Paul

                        4 Outreach Team Report - Jack

                        5 Cross Functional Topics - Phil

                        6 Attendees

Special Guest - Lei Mao Hui, Fujitsu[edit]

         Lei

         Working for Fujitu

         Developing on house Distro

         Spoke at ALS and Linux Conference about experience with SPDXX

         Reason Fujitsu needs SPDX

         Want an SPDX file for all their packages

         Customers ofter require license info

         Released under GPL3, but includes software under other license as well. Many!

         MIT, BSD, GPL2, etc.

         SPDX is good for this purpose

         So they added into production Development

         Yocto SPDX

         Lucky for them that Yocto supports SPDX

         But the activity on Yocto SPDX has been slow

         Found some issues when using

         Only supports SPDX 1.1

         Doesn’t do a great job even with that

         Is complex to use; takes a long time

         May introduce license conflicts

         In the end you can download the SPDX

         Fujitsu’s contributions to Yocto SPDX

         So they did some work to improve:

         Created a patch to upgrade to SPDX 1.2

         Unfortunately was never accepted into Yocto

         Would like to upgrade to SPDX 2.0

         And to improve performance

         Has been working on some of the SPDX open source tools

         including DoSocks developed by UNO

         Lei has been continuing to submit improvements to Yocto

         Improved performance

         Currently discussing more improvements with Yocto

         Will be continuing to improve and to upgrade to SPDX 2.1

         Question

         Has yocto been receptive?

         Yocto has not been active or focused on SPDX.

         Some people have been interested

         Not sure why they are not interested

         Kate will help and follow up

Tech Team Report - Kate/Gary[edit]

         Spec

         SPDX 2.1 is now released and official

         Starting to focus on use cases and tooling

         last call was a joint call with the Legal Team

         Templetazation focus

         Agreed on interfaces between teams

         Tooling

         Incorporated results from the bake off

         Overall, everyone at the bake off got good feedback, leading to improvement of all tools

         XML Format

         Legal Team has been working on new format for license templates

         Makes it easier for multiple contributors

         Working now on making it consumable for external tools

         Really good progress

         Should have draft standards in the next month or two.

 

Legal Team Report - Jilayne/Paul[edit]

         Joint Call with Tech Team

         Worked on syncing tag names to be consistent with spec

         Went really well

         License List

         Business as usual with new licenses

         More license requests for licenses in other languages

         Probably need to have a discussion about how to handle consistently

 

Outreach Team Report - Jack[edit]

         Website

         New site is up

         Jack’s in process of posting new stuff

         Next agenda

         Working on new docs, templates, etc

         Mostly to help explain aspects of how to use

         Trying to assemble list of topics and then prioritize

         Very open to ideas

 

Cross Functional Topics - Phil[edit]

         Future topic - Will be a discussion of license in different languages

         Legal Team will come forward with a strawman. A few months out.

         Guest stars

         Always looking for more

 

Attendees[edit]

         Phil Odence, Black Duck

         Lei Mao Hui, Fujitsu

         Kate Stewart, Linux Foundation

         Jilayne Lovejoy, ARM

         Yev Bronshteyn, Black Duck

         Scott Sterling, Palamida

         Paul Madick, Dimension Data

         Gary O’Neill, SourceAuditor

         Tarek Jamal, ARM

         Mark Gisi, Wind River

         Jack Manbeck, TI

         Alexios Zavras, Intel

         NewPP limit report CPU time usage: 0.009 seconds Real time usage: 0.010 seconds Preprocessor visited node count: 23/1000000 Preprocessor generated node count: 28/1000000 Post‐expand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Highest expansion depth: 2/40 Expensive parser function count: 0/100 Saved in parser cache with key spdx_mwiki:pcache:idhash:1065-0!*!*!!en!*!* and timestamp 20161103153915 and revision id 4059

 


SPDX General Meeting Late Reminder

Philip Odence
 

The call is kicking off now. The highlight will be a presentation from Lei at Fujitsu. Please join us.

Sorry for the late reminder


Re: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

Sam Ellis <Sam.Ellis@...>
 

Hi,

 

Whilst preparing for SPDX bakeoff I noticed a few issues with my interpretation of the specification that may be worth discussion.

 

Firstly a number of fields in tag files contain arbitrary text enclosed within <text>...</text> tags. I found examples where the text I am including within these tags does itself contain HTML/XML tags from the source document. The inclusion of non-SPDX tags within the <text> tags makes it hard to spot the end of the </text>. This raises the question of whether the text within <text> tags ought to be escaped in some way? I did not find anything on this point in the SPDX specification (apologies if I missed anything).

 

Secondly, I noticed that in the tag field PackageLicenseInfoFromFiles I am including license exceptions, for example:

 

PackageLicenseInfoFromFiles: Classpath-exception-2.0

 

However, I think my use is incorrect. The spec says a license identifier is needed here, and a license exception identifier is not a license identifier. I cannot alternatively use "license WITH exception" here because this is an expression not a license identifier. This raises the question, how should exceptions be represented in PackageLicenseInfoFromFiles, if at all?

 

I appreciate your thoughts on these issues.

 

From: spdx-tech-bounces@... [mailto:spdx-tech-bounces@...] On Behalf Of Kate Stewart
Sent: 22 September 2016 19:58
To: spdx-tech@...; SPDX-general
Subject: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

 

Hi, 

The SPDX tech team will be hosting an SPDX Tools BakeOff at LinuxCon Europe on 6 October 2016.  Participation can be remote by phone or in person. The Bake-off (also known by some as a Plugfest) will focus on comparing SPDX Documents generated with SPDX specification 2.1 features along with answering any questions people may have about the new revision.

For more information on how to participate,  please read Background info for the SPDX 2.1 Bake-off in LinuxCon Europe.    

If you have questions, please send email to spdx-tech@...

Thanks on behalf of the SPDX tech team,   Gary & Kate

 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

Kate Stewart
 

Hi Bradley,


On Thu, Sep 22, 2016 at 5:30 PM, Bradley M. Kuhn <bkuhn@...> wrote:
Kate,

Kate Stewart wrote at 11:58 (PDT):
> For more information on how to participate, please read Background info
> for the SPDX 2.1 Bake-off in LinuxCon Europe.

I and my colleagues sadly don't have a tool to participate in the bake-off
this year, but in preparation for the future, and out of general curiosity:

What are the licensing requirements are for software tools to enter the
bake-off?  (i.e., do the tools have to be under a specific set of licenses
to participate?  What are the rules in this regard?)

There are no licensing requirements for tools themselves to participate in the bake-off,
the only requirement is that they are able to produce (and ideally consume) valid
SPDX files.   

We're pleased that FOSSology is going to participate for the first time in one
of our bake-off's in Berlin, which is a tool I believe you use already.      

We've also got listed the community supported tools as well as the commercial tools 
we know about on our web site, if you want to see the possible participants.   
All tools (even if they are not listed on the site) are welcome. 

Hope this helps,
Kate

501 - 520 of 1591