All,

Hopefully you have seen the email from the Linux Foundation on the our mailing list migration which will occur tomorrow, June 13^th. You can get an overview of the new feature’s here. I have re-printed the email from the LF below which has some specifics about the move, who to contact if you have issues and general information on what Groups.io is.

There should be no impact for the general, technical and legal lists. The business list will change its name to outreach to complete the name change we did earlier. Other than that the migration should be seamless for you.

In addition to the above, whenever anyone signs up for the technical, legal or outreach lists they will be added to the general list (spdx) automatically which will become our main announcement only list (which is how it works today). This means, as part of the migration, if you were not subscribed to the general list you will be. This is a VERY low volume list used only for general announcement’s.

Should you run into any difficulties with the new list after the 13^th use the assistance email in the mail below. Should you wish to explore using any of the new integration features of Groups.io please discuss that within the relevant team for which it applies. Also, we may send one test email to each mailing list after the transition which can be deleted by you.

Again, there should be no action required by you as part of this move.

Best regards,

Jack Manbeck

LF email:

<<<< 

Greetings SPDX community!

The Linux Foundation has connected with a new vendor called Groups.io, which provides mailing list services in a simple but modern interface. Groups.io offers all of the capabilities of our existing Mailman mailing service plus additional community tools that make it an exceptional service solution.

We are planning to migrate your existing mailing list archives and user lists to Groups.io on Wednesday June 13th starting at 9:30am PST.

The migration will include details on subscriber preferences and owner or moderator privileges.

Owners and Moderators: Please be aware pending memberships or posts (and similar pending moderation actions) in Mailman will not be preserved in this migration. We recommend re-checking for any such pending decisions and taking action on them within Mailman one hour prior to the start of the migration window.

During the migration window you will still be able to access the archives, however the delivery of messages sent to the mailing lists during this window will be delayed until after the migration of the archives and list members are complete. We will turn off new list signups during the migration window, then this functionality will be restored once it is complete.

FAQs

What are the key differences between Mailman and Groups.io?

·        Groups.io has a modern interface, robust user security model, and interactive, searchable archives

·        Groups.io provides advanced features including muting threads and integrations with modern tools like GitHub, Slack, and Trello

·        Groups.io also has optional extras like a shared calendar, polling, chat, a wiki, and more

·        Groups.io uses a concept of subgroups, where members first join the project “group” (a master list, normally called "main"), then they choose the specific “subgroup” lists they want to subscribe to

How do the costs compare?

The Linux Foundation can provide project-branded Groups.io accounts to projects for less cost than managing our in-house Mailman systems.

How is the experience different for me as a list moderator or participant?

In many ways, it is very much the same. You will still find the main group at your existing URL and sub-groups equate to the more focused mailing lists based on the community’s needs. Here is an example of main group and sub-group URL patterns, and their respective emails:

https://lists.projectname.org/g/main

https://lists.projectname.org/g/devs

https://lists.projectname.org/g/ci

main@...

devs@...

ci@...

What is different is Groups.io’s simple but highly functional UI that will make the experience of moderating or participating in the community discussions more enjoyable.

Where do I find the settings and owner/moderator tools?

If you’d like to learn more about using Groups.io , please reference their help documentation. If you need assistance with Groups.io, please email helpdesk@... for The Linux Foundation’s helpdesk.

Cheers!

Brendan OSullivan

Helpdesk Analyst

The Linux Foundation

>>> 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03

< General Meeting‎ | Minutes

·         Attendance: 12

·         Lead by Phil Odence

·         Minutes of April meeting approved 

Contents

 [hide] 

·         1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn

·         2 Tech Team Report - Kate/Gary

·         3 Outreach Team Report - Jack

·         4 Legal Team Report - Paul

·         5 Attendees

·         Variant on Leadership Summit Presentation

·         Don’t need to define SPDX

·         Will show product for illustrative purposes

·         Governance Today

·         Different formats for BoMs

·         Challenges

·         Manually updating

·         Compliance Management

·         Requires consistent tooling

·         Goals using SPDX 

·         Automate BoM

·         Automate Reporting

·         Single format

·         Illustration

·         Replace disparate BoMs with SPDX versions

·         Load into a single data store (example Apache Jena Fuseki

·         Query with Sparql

·         Demo

·         Aggregating multiple BoMs

·         Committing change to GItLab

·         CI/CD- Build and Scan

·         Generate new SPDX doc for changed project

·         Sparql queries

·         Policy checks

·         Voila

·         Working on outstanding requests for 2.2

·         License expression features

·         Handling cases of annotations and extensions to address

·         2.1.1 pdf

·         Wrestling with tools a bit

·         GoSoC 

·         Students and mentors in place

·         Should be hearing from students during community bonding period

·         Projects lined up

·         Will present during General Meetings

·         LinuxCon Vancouver

·         Trying to organize “back off” day before event starts

·         Website:

·         Still waiting on LF for moving Website to Wordpress

·         Content

·         Looking at a variety of ways

·         Looking at audio/video recordings

·         Could include monthly talks

·         Yev volunteered to do his

·         Looking for more people involvement in OTeam

·         Released latest rev of license list

·         Kudos Jilayne and others

·         Working out how to manage license submissions in new world

·         GoSoC student working out automation

·         Phil Odence, Black Duck/Synopsys

·         Matthew Crawford, ARM

·         Yev Bronshteyn, Black Duck/Synopsys

·         Steve Billings, Black Duck/Synopsys

·         Gary O’Neall, SourceAuditor

·         Dave Marr, Qualcomm

·         Jack Manbeck, TI

·         Kate Stewart, Linux Foundation

·         Steve Winslow, LF

·         Paul Madick, Dimension Data

·         Matije Suklje, LF

·         John Scott, Ion Channel

Speaking this month will be our own Yev; he’ll share a scaled down version of his talk from the Leadership Summit. Hope you can join! Note: Yev will be using some slides and sharing his screen, so, if possible, be in front of your computer.

Automating Governance with SPDX

Today’s enterprises often have diverse processes for incorporating, managing, and analyzing their open source components. In this talk, we’ll demonstrate how SPDX provides a common baseline for a variety of governance tools, and how SPDX generation and analysis can be automated to attain real-time, actionable intelligence.

Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. In addition to being a member of the SPDX technical team, he has spoken at a number of technical conferences and user groups contributed to a number of technical blogs.

L. Philip Odence
General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
M: +1.781.258.9502
www.blackducksoftware.com  

GENERAL MEETING

Meeting Time: Thurs, May 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05

“Guest” Presentation – Yev

Technical Team Report – Kate

Legal Team Report – Jilayne/Paul

Outreach Team Report – Jack

Cross Functional Issues –All

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05

< General Meeting‎ | Minutes

·         Attendance: 13

·         Lead by Phil Odence / Jack Manbeck

·         Minutes of March meeting approved 

Contents

 [hide] 

·         1 Adoption Update- Kate

·         2 Tech Team Report - Kate

·         3 Outreach Team Report - Jack

·         4 Legal Team Report - Jilayne

·         5 Attendees

·         License List Identifiers Update

·         DEP 5 adopting, LF and others

·         IDs in Source

·         U-Boot, selected projects, LF projects including the Kernel

·         Eclipse, FreeBSD, REUSE.software

·         Open Gov Partnership

·         Doc Creation

·         New formats: YAML, others

·         Tooling

·         Open Source

·         SPDX Tools, FOSSology, ScanCode

·         Commercial

·         Wind REiver, Protecode, SourceAuditor, TripleCHeck, WS (license list only), BD

·         Scan tool accuracy- Different tools get slightly differing results

·         Formats correctness- worth checking too

·         Outreach time is working on examples for testing

·         SPDX tools have compare capabilities

·         New Tools for Inside Org workflow

·         SPDX online tools to validate and compare

·         SW360, ORT, Quartermaster

·         Between Orgs

·         Aligning with OpenChain

·         REUSE by FSFE- Conventions for best practices for how/where to include license info (check out their cute video)

·         Emerging: Software Parts Ledger

·         Blockchain Hyperledger (driven by Wind River)

·         Missing Pieces

·         Real world reference examples, use studies, build integration

·         Looking at google summer of code. That’s apriority right now. We are reviewing proposals from candidates and have eighteen this year! The quality of the proposals seems to be very good. Not sure how many slots google will give us yet (should know next week) but we are asking for 5-6.

·         We have just enough mentors for the project’s but would welcome any additional ones. No experience needed and you can be teamed up with an experienced mentor. There is much you can do, even non-technical.

·         The 2.1.1 specification update is pending. All GIT issues are resolved. This is a minor update for mostly types and clarifications and changes to support the specification being in GitHub. Kate is working with Thomas to be able to generate a review version to send out. Expect the review time frame to be 1-2 weeks long.

·         We are revamping the main suite for the Use area. What we had was an initial cut. Pages are being broken out and expanded. First section to change will the license identifiers in source (Steve Winlsow from the LF is doing this) followed by the list and documents sections.

·         SPDX website move. No movement yet. Still waiting on the LF to come back with a new update. They have to get extra help to figure out how to do the license list and rdf pages that we auto generate.

·         If anyone is going to LinuxCon in Vancouver (August) the call for papers is open. Please submit any you might o have on SPDX. We are also investigating whether we can do another tool bake off and/or a birds of a feather session.

·         3.1 license list is still pending. Need to make sure all open issues on it are resolved. Anyone wishing to help (which would be greatly appreciated) should join the Legal Calls.

·         Phil Odence, Black Duck/Synopsys

·         Matthew Crawford, ARM

·         Steve Winslow, LF

·         Dennis Clark, NexB

·         Kate Stewart, Linux Foundation

·         Jack Manbeck, TI

·         Jilayne Lovejoy, ARM

·         Michael Herzog- nexB

·         Matije Suklje, LF

·         Bradlee Edmondson, Harvard

·         Gary O’Neall, SourceAuditor

·         Dave Marr, Qualcomm

·         Philippe Ombrédanne- nexB

Our “guest” speaker this week is Kate Stewart, guest in her own home. Over the past year,  we've seen a lot of open source projects as well as commercial tools able to interact with SPDX (license ids, 1 line comments,  documents).  Kate will give an overview of the projects in the SPDX ecosystem that she's aware of, and is interested in learning about any she's missed from other meeting attendees.

Best, 

Phil

L. Philip Odence
General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
M: +1.781.258.9502
www.blackducksoftware.com  

GENERAL MEETING

Meeting Time: Thurs, April 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

Administrative Agenda

Attendance

Minutes Approval:  https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01

Technical Team Report – Phil

Legal Team Report – Jilayne/Paul

Outreach Team Report – Jack

Cross Functional Issues –All

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01

< General Meeting‎ | Minutes

·         Attendance: 6

·         Lead by Phil Odence

·         Minutes of Feb meeting approved 

Contents

 [hide] 

·         1 Tech Team Report - notes sent by Kate

·         2 Outreach Team Report - Jack out

·         3 Legal Team Report - Bradlee

·         4 Attendees

·         Thomas continues to get closer on 2.1.1 release, most changes from Trevor merged now.

·         Reviewed PURL proposal and concensus was to adopt for 2.2, after we see it finalize and be picked up by other projects.

·         PURL is a a generalized way to specify a package.

·         Discussion of multiple formats being supported (JSON, YAML, etc.),  as long as there are translation tools, and we follow the RDF naming, agreement to introduce them in 2.2.

·         Website migration- No update from the LF

·         British Computer Society

·         Open Source Group

·         March 22

·         Alexios presenting on SPDX

·         https://ossg220318.eventbrite.co.uk/

·         3.1 LL release, end of March

·         Then back to 3 month cadence

·         Jilayne working with FSF on status of their license evaluation

·         For Summit Topics

·         Use of GitHub for licenses and Spec

·         Philipe ID’ed some licenses in the Kernel that are not in the list

·         He’s putting together pull requests

·         There are a number of others, the he believes might be candidate.

·         He’ll prioritize and will “drip” to the Legal Team

·         Also some discussion about what to do, if anything, about proprietary licenses

·         Could be make sense to have a common identifier for commonly used ones

·         Could conceivably use the same architecture for proprietary 

·         Also discussing a “relaxed” format.

·         Not necessarily including all the checksums

·         So could might introduce levels of SPDX compliance (A, AA, AAA…or something)

·         Discussion of how to get more lawyers involved.

·         Women lawyers would be particularly welcome

·         Phil Odence, Black Duck/Synopsys

·         Alexios Zavras, Intel

·         Dennis Clark, NexB

·         Steve Winslow, LF

·         Bradlee Edmondson, Harvard

·         Matthew Crawford, ARM

They have to stop starting month’s on a Thursday, or I will never remember to get reminders out.

Today’s meeting should be just a quick update. Hope you will be able to join.

Best,

Phil

L. Philip Odence
Sr. Director/General Manager Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 201, Burlington, MA 01803-5061
O: +1.781.425.4479, M: +1.781.258.9502, Skype: philip.odence
www.blackducksoftware.com  

GENERAL MEETING

Meeting Time: Thurs, March 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01

Technical Team Report – Phil

Legal Team Report – Jilayne/Paul

Outreach Team Report – Jack

Cross Functional Issues –All

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01

< General Meeting‎ | Minutes

·         Attendance: 13

·         Lead by Phil Odence

·         Minutes of Jan meeting approved 

Contents

 [hide] 

·         1 Tech Team Report - Kate

·         2 Outreach Team Report - Jack

·         3 Legal Team Report - Jilayne

·         4 Attendees

·         Highlights

·         Looking at multiple formats supported

·         Much of January dedicated

·         JSON and YAML

·         Some interest in deprecating

·         Submitted Google SoC project, once again

·         Have usually been accepted in advance

·         Should know by next meeting

·         Can still contribute ideas

·         Website migration

·         Waiting on date from LF

·         Need a mechanism for pushing some generated pages (licensing/RDF)

·         Today’s meeting will be to lay out a roadmap

·         Linux Leadership Summit

·         Meetings Friday

·         Jilayne sending out notice to try to hustle up participation

·         Anyone who needs an invite can contact Kate

·         FOSSDEM is this weekend

·         Will be streamed from Brussels

·         Legal and Policy track

·         Jilayne speaking

·         Major release of license list recently

·         3.1 release

·         Aiming to align 3.2 version with 2.2 spec

·         Undergoing technical and legal review

·         Transitioning to taking advantage of GitHub capabilities

·         Technical stuff on track

·         Reviewing some new licenses, need naming conventions

·         Phil Odence, Black Duck/Synpsys

·         Kate Stewart, Linux Foundation

·         Mike Dolan, Linux Foundation

·         Steve Winslow, LF

·         Jeff Luszcz, Flexera

·         Jack Manbeck, TI

·         Denisse Weil, 

·         Robert Musial, Progressive

·         Gary O’Neall, SourceAuditor

·         Bradlee Edmondson, Harvard

·         Matthew Crawford, ARM

·         Jilayne Lovejoy, ARM

·         Michael Herzog- nexB

Sorry for the late reminder. I confess that Feb 1 snuck up on me.

GENERAL MEETING

Meeting Time: Thurs, Feb 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-12-07  

Technical Team Report – Kate/Gary

Legal Team Report – Jilayne/Paul

Outreach Team Report – Jack

Cross Functional Issues –All

Hello,

If you did not respond to this before, please do now. Thanks

Best regards,

Phil

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

As you may know, the Linux Foundation Leadership Summit is in Sonoma, March 6-8. Additionally, there will be group meetings on the Monday before and Friday after for SPDX and Open Chain respectively.

The call for papers was just published. Please consider submitting a paper. There’s an appetite for talks on SPDX tooling, automation or usage.

http://events.linuxfoundation.org/events/open-source-leadership-summit/program/callforproposals

Please take this 1 minute survey to give a sense of the likelihood or your attending:

https://www.surveymonkey.com/r/NLX7KXN

Best regards,

Phil

BLACKDUCK
L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence
www.blackducksoftware.com  

Happy New Year. No guest speaker this month, therefore should be a fairly short meeting.

GENERAL MEETING

Meeting Time: Thurs, Jan 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-12-07

Technical Team Report – Kate/Gary

Legal Team Report – Jilayne/Paul

Outreach Team Report – Jack

Cross Functional Issues –All