|
SPDX June Gen Meeting Minutes - AND IMPORTANT SCHEDULING INFO
Phil Odence
The minutes are below. Thanks to Gary for managing.
IMPORTANT SCHEDULING INFO: Due to the US holiday, we will push the July meeting to July 12. Also, I need to reissue meeting invitations from my Synopsys account. Tomorrow, Tuesday, Boston morning time, I will cancel the exiting recurring meeting; in any case please make sure it is deleted from your calendar to avoid confusion. After cancelling the old, I will issue one invitation for the July 12 meeting and another recurring invitation for first Thursday of every month. Thanks, Phil
L. Philip Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-06-07
General Meeting/Minutes/2018-06-07< General Meeting | Minutes · Attendance: · Lead by Gary O'Neall · Minutes of May meeting approved Contents[hide] · 1 Outreach Team Report - Jack Outreach Team Report - Jack· Mail list migration on June 13th. Changing from spdx-biz to spdx-outreach for mail list name. spdx-general will become parent, all of others will be child. If signed up for any child, automatically parent. This will give us a master mail list. · Jack will be sending an email out on June 11th, apprising all of the mail list change. · Room reserved for SPDX plugfest at OSS for Aug 27th. · No update on the web site change. Agreement not to wake them up, and leave alone for now. Legal Team Report - Paul· Regular meetings in progress, knocking down issues happening in github · Meetings with GSoC students to cover requirements Tech Team Report - Gary· GSoC students all started, 2 working with legal team. · still waiting on spdx 2.1.1 to have proper generated .pdf, no comments back yet on updated version published on web. · spdx-spec issues are all tagged in github · most of focus is 2.2 at this point. Cross team - Gary· looking at getting GSoC student - probably Yash to present at next general call. Attendees· Gary O’Neall, SourceAuditor · Jack Manbeck, TI · Kate Stewart, Linux Foundation · Steve Winslow, LF · Paul Madick, Dimension Data · Jilayne Lovejoy, ARM
|
|
|
|
Re: Conversion to new email system complete
Bjoern Buerger <b.buerger@...>
Hi,
Am Wed, 13 Jun 2018 schrieb Manbeck, Jack via Lists.Spdx.Org: The conversion to the new email system is complete.Unfortunately, something really important is missing: lists.spdx.org mail is handled by 10 lb01.groups.io. lists.spdx.org mail is handled by 10 lb02.groups.io. lb01.groups.io has no AAAA record lb02.groups.io has no AAAA record It is 2018, for heaven's sake. Please add IPv6 Support for incoming and outgoing smtp. Ich just tried to subscribe with an IPv6 connected email account and subscription failed. With kind regards, Bjørn -- Pengutronix e.K. | Bjørn Bürger | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim | Phone: +49-5121-206917-5002 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | |
|
|
|
Conversion to new email system complete
Manbeck, Jack
All,
The conversion to the new email system is complete.
Best regards,
Jack Manbeck |
|
|
|
Migration to Groups.io Completed
Johnson Nguyen
Greetings SPDX community!
We are writing to let you know that the migration of your mailing list services to Groups.io is complete. Please be sure to visit lists.spdx.org to overview your current lists and settings. If you’d like to learn more about using Groups.io , please reference their help documentation. If you need assistance with Groups.io, please email helpdesk@... for The Linux Foundation’s helpdesk. |
|
|
|
REMINDER: New mailing list migration for SPDX tomorrow June 13
Manbeck, Jack
All,
Hopefully you have seen the email from the Linux Foundation on the our mailing list migration which will occur tomorrow, June 13th. You can get an overview of the new feature’s here. I have re-printed the email from the LF below which has some specifics about the move, who to contact if you have issues and general information on what Groups.io is.
There should be no impact for the general, technical and legal lists. The business list will change its name to outreach to complete the name change we did earlier. Other than that the migration should be seamless for you.
In addition to the above, whenever anyone signs up for the technical, legal or outreach lists they will be added to the general list (spdx) automatically which will become our main announcement only list (which is how it works today). This means, as part of the migration, if you were not subscribed to the general list you will be. This is a VERY low volume list used only for general announcement’s.
Should you run into any difficulties with the new list after the 13th use the assistance email in the mail below. Should you wish to explore using any of the new integration features of Groups.io please discuss that within the relevant team for which it applies. Also, we may send one test email to each mailing list after the transition which can be deleted by you.
Again, there should be no action required by you as part of this move.
Best regards,
Jack Manbeck
LF email:
<<<<
Greetings SPDX community! The Linux Foundation has connected with a new vendor called Groups.io, which provides mailing list services in a simple but modern interface. Groups.io offers all of the capabilities of our existing Mailman mailing service plus additional community tools that make it an exceptional service solution. We are planning to migrate your existing mailing list archives and user lists to Groups.io on Wednesday June 13th starting at 9:30am PST. The migration will include details on subscriber preferences and owner or moderator privileges. Owners and Moderators: Please be aware pending memberships or posts (and similar pending moderation actions) in Mailman will not be preserved in this migration. We recommend re-checking for any such pending decisions and taking action on them within Mailman one hour prior to the start of the migration window. During the migration window you will still be able to access the archives, however the delivery of messages sent to the mailing lists during this window will be delayed until after the migration of the archives and list members are complete. We will turn off new list signups during the migration window, then this functionality will be restored once it is complete.
FAQs What are the key differences between Mailman and Groups.io? · Groups.io has a modern interface, robust user security model, and interactive, searchable archives · Groups.io provides advanced features including muting threads and integrations with modern tools like GitHub, Slack, and Trello · Groups.io also has optional extras like a shared calendar, polling, chat, a wiki, and more · Groups.io uses a concept of subgroups, where members first join the project “group” (a master list, normally called "main"), then they choose the specific “subgroup” lists they want to subscribe to How do the costs compare? The Linux Foundation can provide project-branded Groups.io accounts to projects for less cost than managing our in-house Mailman systems. How is the experience different for me as a list moderator or participant? In many ways, it is very much the same. You will still find the main group at your existing URL and sub-groups equate to the more focused mailing lists based on the community’s needs. Here is an example of main group and sub-group URL patterns, and their respective emails: https://lists.projectname.org/g/main https://lists.projectname.org/g/devs https://lists.projectname.org/g/ci What is different is Groups.io’s simple but highly functional UI that will make the experience of moderating or participating in the community discussions more enjoyable. Where do I find the settings and owner/moderator tools? If you’d like to learn more about using Groups.io , please reference their help documentation. If you need assistance with Groups.io, please email helpdesk@... for The Linux Foundation’s helpdesk.
Cheers! Brendan OSullivan
Helpdesk Analyst
>>>
|
|
|
|
Re: May SPDX General Meeting Minutes
On četrtek, 03. maj 2018 17:51:26 CEST Phil Odence wrote:
Matije Suklje, LFFlattered, but my affiliation is with Liferay :) Was a very interesting call. I’m miffed that we have some important internal conference call clash directly and 100% every time with the SPDX Legal call. cheers, Matija Šuklje -- gsm: +386 41 849 552 www: http://matija.suklje.name xmpp: matija.suklje@... sip: matija_suklje@... |
|
|
|
Re: Spdx Digest, Vol 93, Issue 2
Kate Stewart
Hi John, Thanks for reaching out! I think this discussion is best handled with the tech team so switching mailing lists, and moving general to bcc. :-) Some of the information you're proposing in SEvA is already handled in the SPDX specification. https://spdx.g which has been in development by supply chain participants for over 8 years now. Its not clear from your proposal if you're planning on using the SPDX license identifiers to capture the licensing information, can you clarify this? Also, have you compared the information you're looking to be captured in SEvA with the fields that are already in place and standardized on in the specification? The next rev of the specification will explicitly permit JSON and YAML, document expression in addition to RDF, tag:value. Prototype translators between formats are already in place if you want to experiment. If there are fields you're looking to see captured, that aren't in place already, Feel free to open an issues on https://github.com/spdx/spd with background how it will be used, and where the information should be derived from. Also, if you'd like to have a more interactive discussion, the tech team meets weekly[1], and we'd be happy to add you on to the agenda to explore collaboration options, just let us know. Looking forward to continuing the discussion. Thanks, Kate SPDX tech team co-lead. On Thu, May 3, 2018 at 11:01 AM, John Scott (Ion) <john.scott@...> wrote:
|
|
|
|
Re: Spdx Digest, Vol 93, Issue 2
John Scott (Ion) <john.scott@...>
Hi All, Sorry for getting on the call late. For comment: https://github.com/ion-channel/SEVA We recently released this Spec. SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below. Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. We could talk about it next month ------------------------------------------- John Scott, President, Ion Channel 240.401.6574 @johnmscott < john.scott@... > On May 3, 2018 at 11:51:32 AM, spdx-request@... (spdx-request@...) wrote:
|
|
|
|
May SPDX General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03
General Meeting/Minutes/2018-05-03< General Meeting | Minutes · Attendance: 12 · Lead by Phil Odence · Minutes of April meeting approved Contents[hide] · 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn · 2 Tech Team Report - Kate/Gary · 3 Outreach Team Report - Jack Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit]· Variant on Leadership Summit Presentation · Don’t need to define SPDX · Will show product for illustrative purposes · Governance Today · Different formats for BoMs · Challenges · Manually updating · Compliance Management · Requires consistent tooling · Goals using SPDX · Automate BoM · Automate Reporting · Single format · Illustration · Replace disparate BoMs with SPDX versions · Load into a single data store (example Apache Jena Fuseki · Query with Sparql · Demo · Aggregating multiple BoMs · Committing change to GItLab · CI/CD- Build and Scan · Generate new SPDX doc for changed project · Sparql queries · Policy checks · Voila
Tech Team Report - Kate/Gary[edit]· Working on outstanding requests for 2.2 · License expression features · Handling cases of annotations and extensions to address · 2.1.1 pdf · Wrestling with tools a bit · GoSoC · Students and mentors in place · Should be hearing from students during community bonding period · Projects lined up · Will present during General Meetings
Outreach Team Report - Jack[edit]· LinuxCon Vancouver · Trying to organize “back off” day before event starts · Website: · Still waiting on LF for moving Website to Wordpress · Content · Looking at a variety of ways · Looking at audio/video recordings · Could include monthly talks · Yev volunteered to do his · Looking for more people involvement in OTeam Legal Team Report - Paul[edit]· Released latest rev of license list · Kudos Jilayne and others · Working out how to manage license submissions in new world · GoSoC student working out automation
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Matthew Crawford, ARM · Yev Bronshteyn, Black Duck/Synopsys · Steve Billings, Black Duck/Synopsys · Gary O’Neall, SourceAuditor · Dave Marr, Qualcomm · Jack Manbeck, TI · Kate Stewart, Linux Foundation · Steve Winslow, LF · Paul Madick, Dimension Data · Matije Suklje, LF · John Scott, Ion Channel
|
|
|
|
Reminder of Thursday's SPDX General Meeting...with guest speaker!
Phil Odence
Speaking this month will be our own Yev; he’ll share a scaled down version of his talk from the Leadership Summit. Hope you can join! Note: Yev will be using some slides and sharing his screen, so, if possible, be in front of your computer.
Automating Governance with SPDX Today’s enterprises often have diverse processes for incorporating, managing, and analyzing their open source components. In this talk, we’ll demonstrate how SPDX provides a common baseline for a variety of governance tools, and how SPDX generation and analysis can be automated to attain real-time, actionable intelligence.
Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. In addition to being a member of the SPDX technical team, he has spoken at a number of technical conferences and user groups contributed to a number of technical blogs.
GENERAL MEETING
Meeting Time: Thurs, May 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05
“Guest” Presentation – Yev
Technical Team Report – Kate
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Cross Functional Issues –All
|
|
|
|
April General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-04-05
General Meeting/Minutes/2018-04-05< General Meeting | Minutes · Attendance: 13 · Lead by Phil Odence / Jack Manbeck · Minutes of March meeting approved Contents[hide] · 3 Outreach Team Report - Jack · 4 Legal Team Report - Jilayne Adoption Update- Kate[edit]· License List Identifiers Update · DEP 5 adopting, LF and others · IDs in Source · U-Boot, selected projects, LF projects including the Kernel · Eclipse, FreeBSD, REUSE.software · Open Gov Partnership · Doc Creation · New formats: YAML, others · Tooling · Open Source · SPDX Tools, FOSSology, ScanCode · Commercial · Wind REiver, Protecode, SourceAuditor, TripleCHeck, WS (license list only), BD · Scan tool accuracy- Different tools get slightly differing results · Formats correctness- worth checking too · Outreach time is working on examples for testing · SPDX tools have compare capabilities · New Tools for Inside Org workflow · SPDX online tools to validate and compare · SW360, ORT, Quartermaster · Between Orgs · Aligning with OpenChain · REUSE by FSFE- Conventions for best practices for how/where to include license info (check out their cute video) · Emerging: Software Parts Ledger · Blockchain Hyperledger (driven by Wind River) · Missing Pieces · Real world reference examples, use studies, build integration
Tech Team Report - Kate[edit]· Looking at google summer of code. That’s apriority right now. We are reviewing proposals from candidates and have eighteen this year! The quality of the proposals seems to be very good. Not sure how many slots google will give us yet (should know next week) but we are asking for 5-6. · We have just enough mentors for the project’s but would welcome any additional ones. No experience needed and you can be teamed up with an experienced mentor. There is much you can do, even non-technical. · The 2.1.1 specification update is pending. All GIT issues are resolved. This is a minor update for mostly types and clarifications and changes to support the specification being in GitHub. Kate is working with Thomas to be able to generate a review version to send out. Expect the review time frame to be 1-2 weeks long. Outreach Team Report - Jack[edit]· We are revamping the main suite for the Use area. What we had was an initial cut. Pages are being broken out and expanded. First section to change will the license identifiers in source (Steve Winlsow from the LF is doing this) followed by the list and documents sections. · SPDX website move. No movement yet. Still waiting on the LF to come back with a new update. They have to get extra help to figure out how to do the license list and rdf pages that we auto generate. · If anyone is going to LinuxCon in Vancouver (August) the call for papers is open. Please submit any you might o have on SPDX. We are also investigating whether we can do another tool bake off and/or a birds of a feather session. Legal Team Report - Jilayne[edit]· 3.1 license list is still pending. Need to make sure all open issues on it are resolved. Anyone wishing to help (which would be greatly appreciated) should join the Legal Calls.
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Matthew Crawford, ARM · Steve Winslow, LF · Dennis Clark, NexB · Kate Stewart, Linux Foundation · Jack Manbeck, TI · Jilayne Lovejoy, ARM · Michael Herzog- nexB · Matije Suklje, LF · Bradlee Edmondson, Harvard · Gary O’Neall, SourceAuditor · Dave Marr, Qualcomm · Philippe Ombrédanne- nexB
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
Our “guest” speaker this week is Kate Stewart, guest in her own home. Over the past year, we've seen a lot of open source projects as well as commercial tools able to interact with SPDX (license ids, 1 line comments, documents). Kate will give an overview of the projects in the SPDX ecosystem that she's aware of, and is interested in learning about any she's missed from other meeting attendees. Best, Phil
GENERAL MEETING
Meeting Time: Thurs, April 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01
Technical Team Report – Phil
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Cross Functional Issues –All
|
|
|
|
Re: agenda for OSLS
J Lovejoy
Quick update/reminder:
toggle quoted message
Show quoted text
There will be no legal team call tomorrow (Thursday) We will be having our F2F in Sonoma, CA Friday. We’ll meet at 9am in Kenwood 2 We will use the usual conference line for those who want to join from afar: Web conference: http://uberconference.com/SPDXTeam Optional dial in number: 415-881-1586 No PIN needed A bit more on and re-order on agenda:
Thanks! Jilayne & Kate
|
|
|
|
SPDX March General Meeting Minutes
Philip Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-03-01
General Meeting/Minutes/2018-03-01< General Meeting | Minutes · Attendance: 6 · Lead by Phil Odence · Minutes of Feb meeting approved Contents[hide] · 1 Tech Team Report - notes sent by Kate · 2 Outreach Team Report - Jack out · 3 Legal Team Report - Bradlee Tech Team Report - notes sent by Kate[edit]· Thomas continues to get closer on 2.1.1 release, most changes from Trevor merged now. · Reviewed PURL proposal and concensus was to adopt for 2.2, after we see it finalize and be picked up by other projects. · PURL is a a generalized way to specify a package. · Discussion of multiple formats being supported (JSON, YAML, etc.), as long as there are translation tools, and we follow the RDF naming, agreement to introduce them in 2.2.
Outreach Team Report - Jack out[edit]· Website migration- No update from the LF · British Computer Society · Open Source Group · March 22 · Alexios presenting on SPDX · https://ossg220318.eventbrite.co.uk/
Legal Team Report - Bradlee[edit]· 3.1 LL release, end of March · Then back to 3 month cadence · Jilayne working with FSF on status of their license evaluation · For Summit Topics · Use of GitHub for licenses and Spec · Philipe ID’ed some licenses in the Kernel that are not in the list · He’s putting together pull requests · There are a number of others, the he believes might be candidate. · He’ll prioritize and will “drip” to the Legal Team · Also some discussion about what to do, if anything, about proprietary licenses · Could be make sense to have a common identifier for commonly used ones · Could conceivably use the same architecture for proprietary · Also discussing a “relaxed” format. · Not necessarily including all the checksums · So could might introduce levels of SPDX compliance (A, AA, AAA…or something) · Discussion of how to get more lawyers involved. · Women lawyers would be particularly welcome
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Alexios Zavras, Intel · Dennis Clark, NexB · Steve Winslow, LF · Bradlee Edmondson, Harvard · Matthew Crawford, ARM
|
|
|
|
Today's SPDX General Meeting Reminder
Philip Odence
They have to stop starting month’s on a Thursday, or I will never remember to get reminders out.
Today’s meeting should be just a quick update. Hope you will be able to join.
Best, Phil
GENERAL MEETING
Meeting Time: Thurs, March 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01
Technical Team Report – Phil
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Cross Functional Issues –All
|
|
|
|
Re: agenda for OSLS
J Lovejoy
oops, forgot one of the topics - added to list below!
toggle quoted message
Show quoted text
|
|
|
|
agenda for OSLS
J Lovejoy
HI all SPDX teams,
Open Source Leadership Summit is coming up next week and the Linux Foundation has been generous enough to reserve a room at the venue the morning after the event ends for our face-to-face working group. We’ll meet on Friday, March 9th, from 9am to lunch. (room name TBD) We have quite a few cross-functional topics lined up, so we’ll meet as a group. Topics will include:
Please let me know if I’ve missed anything or if there is any kind of preferred order of topics. Thanks, Jilayne |
|
|
|
Feb SPDX General Meeting Minutes
Philip Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2018-02-01
General Meeting/Minutes/2018-02-01< General Meeting | Minutes · Attendance: 13 · Lead by Phil Odence · Minutes of Jan meeting approved Contents[hide] · 2 Outreach Team Report - Jack · 3 Legal Team Report - Jilayne Tech Team Report - Kate[edit]· Highlights · Looking at multiple formats supported · Much of January dedicated · JSON and YAML · Some interest in deprecating · Submitted Google SoC project, once again · Have usually been accepted in advance · Should know by next meeting · Can still contribute ideas
Outreach Team Report – Jack [edit]· Website migration · Waiting on date from LF · Need a mechanism for pushing some generated pages (licensing/RDF) · Today’s meeting will be to lay out a roadmap · Linux Leadership Summit · Meetings Friday · Jilayne sending out notice to try to hustle up participation · Anyone who needs an invite can contact Kate · FOSSDEM is this weekend · Will be streamed from Brussels · Legal and Policy track · Jilayne speaking
Legal Team Report - Jilayne[edit]· Major release of license list recently · 3.1 release · Aiming to align 3.2 version with 2.2 spec · Undergoing technical and legal review · Transitioning to taking advantage of GitHub capabilities · Technical stuff on track · Reviewing some new licenses, need naming conventions
Attendees[edit]· Phil Odence, Black Duck/Synpsys · Kate Stewart, Linux Foundation · Mike Dolan, Linux Foundation · Steve Winslow, LF · Jeff Luszcz, Flexera · Jack Manbeck, TI · Denisse Weil, · Robert Musial, Progressive · Gary O’Neall, SourceAuditor · Bradlee Edmondson, Harvard · Matthew Crawford, ARM · Jilayne Lovejoy, ARM · Michael Herzog- nexB
|
|
|
|
SPDX General Meeting Today
Philip Odence
Sorry for the late reminder. I confess that Feb 1 snuck up on me.
GENERAL MEETING
Meeting Time: Thurs, Feb 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2017-12-07
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Cross Functional Issues –All
|
|
|
|
SPDX servers rebooting over the weekend for Spectre/Meltdown remediation.
Kate Stewart
Hi, Just heard from LF IT that our SPDX site & wiki will be rebooting this weekend, as the apply the Meltdown/Spectre remediation. It should just be down for 5 minutes early this weekend, so this is mostly for your information, in case you notice something. Kate |
|
|
