Date   

Re: SPDX RDF visualization

Yev Bronshteyn
 

Hi, Michael,

 

I don’t know much about RDF graphing tools, but here’s a trick to make any tool you already have produce a better graph.

 

You can use this sparql query to reduce an SPDX document to an RDF where every relationship is reduced to a single triple:

 

prefix spdx: <http://spdx.org/rdf/terms#>

 

construct { ?sub ?pred ?obj }

where {

     ?sub spdx:relationship ?rel .

     ?rel spdx:relationshipType ?pred .

     ?rel spdx:relatedSpdxElement ?obj .

}      

 

 

Here’s how you can apply this query with Apache Jena:

 

1.       Load your spdx document into Jena’s triple store:

tdbloader --loc=data mydoc.rdf

 

In the example above, “data” is an empty directory where you have write access (where Jena will build its datastore) and mydoc.rdf is your SPDX document.

               

2.       Apply the query, which in this example is loaded into “relConcat.sparql”. Pipe the results into a file.


tdbquery --loc=data --query=../relConcat.sparql --results=RDF

 

 

The resulting RDF should be a much more straightforward graph of all the relationsips.

 

From: <spdx-bounces@...> on behalf of "STAIR, MICHAEL A" <ms1784@...>
Date: Wednesday, September 21, 2016 at 2:16 PM
To: "spdx@..." <spdx@...>
Subject: SPDX RDF visualization

 

Hello,

 

I was wondering if anyone can suggest a tool to visually in a graph (ideally interactive) SPDX RDF files, specifically to follow relationships? I am currently using gruff (http://franz.com/agraph/gruff/) , but it’s a little tedious. Thanks.

 

Mike

_____________________________
Michael Stair
Principal Member of Technical Staff
AT&T Chief Security Office (CSO)
301.865.3877
mstair@...


SPDX RDF visualization

STAIR, MICHAEL A
 

Hello,

 

I was wondering if anyone can suggest a tool to visually in a graph (ideally interactive) SPDX RDF files, specifically to follow relationships? I am currently using gruff (http://franz.com/agraph/gruff/) , but it’s a little tedious. Thanks.

 

Mike

_____________________________
Michael Stair
Principal Member of Technical Staff
AT&T Chief Security Office (CSO)
301.865.3877
mstair@...


Canceled: SPDX General Meeting

Philip Odence
 

Cancelling the October meeting as it conflicts with LinuxCon Europe.

We will have a special presentation for the November meeting on OpenChain.


*******


Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed


MEETING MINUTES FOR REVIEW: 
http://spdx.org/wiki/meeting-minutes-and-decisions


Re: SPDX Tool Contributions

Gary O'Neall
 

Hi Michael,

Glad to hear of your interest in contributing to the tools. We can discuss on the next tech call, but feel free to contribute issues and pull requests on GitHub. The only request is on the pull requests to include a statement that you contributions are made available under the Apache 2.0 license.

Thanks,
Gary

On September 1, 2016 12:17:58 PM CDT, "STAIR, MICHAEL A" <ms1784@...> wrote:

Hello,

 

I attended the general meeting today but had some issues with my audio so was unable to ask a few questions. Is attending the technical team meeting the appropriate way to discuss contributing to the tools (including bug fixes)?

 

Michael Stair



Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.


Re: SPDX Tool Contributions

Kate Stewart
 

Hi Michael, 
    Yes, feel free to join us on the weekly call (Tuesday at 1pm Eastern)

or send email to spdx-tech@... with your questions.

Bug fixes most welcome!   :-)

Kate 


On Thu, Sep 1, 2016 at 12:17 PM, STAIR, MICHAEL A <ms1784@...> wrote:

Hello,

 

I attended the general meeting today but had some issues with my audio so was unable to ask a few questions. Is attending the technical team meeting the appropriate way to discuss contributing to the tools (including bug fixes)?

 

Michael Stair


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx



SPDX Tool Contributions

STAIR, MICHAEL A
 

Hello,

 

I attended the general meeting today but had some issues with my audio so was unable to ask a few questions. Is attending the technical team meeting the appropriate way to discuss contributing to the tools (including bug fixes)?

 

Michael Stair


Re: Meeting Minutes

Kate Stewart
 

Thanks Gary,    Sorry I had to leave mid way through the report. 

Couple of minor adjustments to the minutes.

On Thu, Sep 1, 2016 at 10:40 AM, <gary@...> wrote:

Greetings all,

 

Below is the minutes from today’s general meeting.  Meeting minutes are also available on the Wiki at http://wiki.spdx.org/view/General_Meeting/Minutes/2016-09-01

 

Please let me know if you see any errors or omissions.

 

Thanks,
Gary

 

General Meeting/Minutes/2016-09-01

·         Attendance: 6

·         Lead by Gary O'Neall

·         Minutes of August meeting approved

Tech Team Report - Kate

·         SPDX 2.1 all comment incorporated

·         PDF should be available today

·         Will follow-on with HTML later

·         1 1/2 month feedback cycle


The review window for SPDX 2.1 spec is now closed.    Its been open for a 1.5 months, and feedback has tailed off.

·         Tech office hours - should publish to general

·         There will be a tools bake-off in Berlin on 6 Oct

·         All tools providers are encouraged to attend or send in SPDX documents

·         There will not be a west coast bake-off - the West Coast tools providers are encouraged to submit SPDX documents to the Berlin bake-off

Outreach Team Report - Jack

·         Getting reading to go live with the new site

·         Jack is working with the Linux Foundation to schedule a go-live date

·         All updates to the new site have been completed

Legal Team Report - Jilayne

·         Going through the XML conversion of the license list

·         Action items for closing on the XML conversion is published

·         Decided to do the next license list update around the end of Oct. which will use the new XML file format

Cross Functional Topics - Gary

·         Discussion on whether the new XML license master list format is intended for external tools or to be used internal only to the Legal Team in producing the license list

·         Gary recalled a discussion where we decided the first release of the XML format would be internal only

·         Consensus that one of the overall goal of the XML format is to enable better tooling - the issue is only related to the phasing of the XML format implementation

·         Some of the issues to external tool use would be the inconsistency in the element and property names with the SPDX specification

·         Request that the technical team be involved if the XML format is to be used externally

·         Will be discussed on the legal call

Attendees

·         Gary O'Neall

·         Kate Stewart

·         Jilayne Lovejoy

·         Michael Stair

·         Scott Sterling

·         Paul Madick

 

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

 


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx




--
Kate Stewart
Sr. Director of Strategic Programs,  The Linux Foundation
Mobile: +1.512.657.3669
Email / Google Talk: kstewart@...


Meeting Minutes

Gary O'Neall
 

Greetings all,

 

Below is the minutes from today’s general meeting.  Meeting minutes are also available on the Wiki at http://wiki.spdx.org/view/General_Meeting/Minutes/2016-09-01

 

Please let me know if you see any errors or omissions.

 

Thanks,
Gary

 

General Meeting/Minutes/2016-09-01

·         Attendance: 6

·         Lead by Gary O'Neall

·         Minutes of August meeting approved

Tech Team Report - Kate

·         SPDX 2.1 all comment incorporated

·         PDF should be available today

·         Will follow-on with HTML later

·         1 1/2 month feedback cycle

·         Tech office hours - should publish to general

·         There will be a tools bake-off in Berlin on 6 Oct

·         All tools providers are encouraged to attend or send in SPDX documents

·         There will not be a west coast bake-off - the West Coast tools providers are encouraged to submit SPDX documents to the Berlin bake-off

Outreach Team Report - Jack

·         Getting reading to go live with the new site

·         Jack is working with the Linux Foundation to schedule a go-live date

·         All updates to the new site have been completed

Legal Team Report - Jilayne

·         Going through the XML conversion of the license list

·         Action items for closing on the XML conversion is published

·         Decided to do the next license list update around the end of Oct. which will use the new XML file format

Cross Functional Topics - Gary

·         Discussion on whether the new XML license master list format is intended for external tools or to be used internal only to the Legal Team in producing the license list

·         Gary recalled a discussion where we decided the first release of the XML format would be internal only

·         Consensus that one of the overall goal of the XML format is to enable better tooling - the issue is only related to the phasing of the XML format implementation

·         Some of the issues to external tool use would be the inconsistency in the element and property names with the SPDX specification

·         Request that the technical team be involved if the XML format is to be used externally

·         Will be discussed on the legal call

Attendees

·         Gary O'Neall

·         Kate Stewart

·         Jilayne Lovejoy

·         Michael Stair

·         Scott Sterling

·         Paul Madick

 

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

 


FW: Thursday SPDX General Meeting

Philip Odence
 

No special guest star this month, so plan on a <30minute meeting.

 

Note: I only just realized that I neglected to publish the minutes from the August meeting, so I am including at the bottom.

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Business Team Report – Jack

 

Cross Functional Issues – Phil

 

 

 

 

 

 

 

 

General Meeting/Minutes/2016-08-04

< General Meeting‎ | Minutes

Jump to: navigation, search

   Attendance: 12

   Lead by Phil Odence

   Minutes of July meeting approved

 

Contents [hide

          1 Special Guest - Alexios Zavras, Intel

          2 Tech Team Report - Kate

          3 Outreach Team Report - Jack

          4 Legal Team Report - Jilayne

          5 Cross Functional Topics - Phil

          6 Attendees

Special Guest - Alexios Zavras, Intel[edit]

   His role is open source compliance at Intel, based in Munich

                   Now at open source tech center

                   Will be talking about his previous role with Intel Mobile Comms

   Mobile Comms

                   Based in Germany

                   Germans are very process-oriented, well-documented

   His role was SW legal compliance.

                   Ensuring all software legally compliant across all kinds of software

                   They treat all compliance issues as a bug, just like any problem in the software

                   Alexis learned of SPDX and was very pleased and excited about it

                                   Didn’t manage to get everything SPDX based

                                   Started slowly

                                   SPDX is very valuable at many levels

                                                   Even just the license list and standard way of expressing was very helpful

                                                   Quickly standardized on SPDX notations and it started appearing in their documentation etc

                                   Included in training that was mandatory for SW devs and later extended to marketing, legal, biz dev

                                                   Everyone who touches software had to take on-line course with a deeper course available for some

                                   Have developed number of tools, tightly coupled with dev environment

                                                   All developed internally

                                                   very tightly controlled, eg can’t check out code without a ticket

                                                   Tool chain includes license compliance

                                   Central team provides compliance services to dev

                                                   too much for all devs to worry about

                                                   Fits with org structure

                                                   Internal teams reviews all code

                                   Started small, then more widespread and more automated

                                                   Today every release goes though this license compliance check

                                                   Requires ‘stamp of approval’ from central team

                                   To make the central team more efficient

                                                   Save all results

                                                   Including many of the SPDX fields

                                                   Saved in database

                                   Last step, not yet taken, is to generate an SPDX doc for each release

                                                   Just held up by organizational issues, technically feasible

                                                   Being worked on

                                                   Have started getting the request from customers

                                                                   Not mentioning SPDX by name, have not seen that yet,

                                                                   but asking for data that SPDX covers, files, license, etc

                                                                   (both are with Euro customers)

                                   When they generate SPDX

                                                   Permissive license require attribution

                                                   They’ve had an issue with that going back 5 years

                                                   Their policy to handle is to deliver all OSS in source form

                                                   So, therefore include attribution in comments

                                                   They include a list of open source and model licenses, but the attribution is all in source code

                                   Example- Modem company

                                                   Intel provides chips and software in binary form

                                                   Packaging: With binary they include

                                                                   all source for open source in binary

                                                                   And, list of conditions for any 3td party proprietary code

                                   Are they being asked for security vulnerabilities associated with components

                                                   Not yet, but they are thinking about it with respect to naming (CPEs, etc)

   AZ- “Thanks for the wonderful work. It’s really helpful.”

 

Tech Team Report - Kate[edit]

   Spec

                   Collecting feedback

                   Addressing as it comes it

   Gary has taken a pass at updating tools

   In the polishing stage

                   One more round of feedback

                   Into publishing mode as of Tuesday

   Bake Offs

                   Possible SF 9/27 and Europe at LCon

                   Needs to be nailed down in the next couple week.

Outreach Team Report - Jack[edit]

   Website

                   Still working this week

                   Will review at next week’s meeting

                   Should be close with go live; shooting for Linux Con NA

                   Still looking for some improvements that will require work from the Linux Foundation team

                                   No show stoppers

                   Will send out link for review

Legal Team Report - Jilayne[edit]

   XML review

                   Still plugging away

                   Timeline set

   2.5 release

                   Just a few licenses

                   Aiming for end of Oct

                   See Legal Team meeting mins for detail

                   Could use all the help they can get; lots to do

                                   To review new XML master format for every license

 

Cross Functional Topics - Phil[edit]

   Guest stars

                   Always looking for more

 

Attendees[edit]

   Phil Odence, Black Duck

   Alexios Zavras, Intel

   Kate Stewart, Linux Foundation

   Jilayne Lovejoy, ARM

   Scott Sterling, Palamida

   Robin Gandhi, UNO

   Jack Manbeck, TI

   Yev Bronshteyn, Black Duck

   Matt Germonprez, UNO

   Michael Herzog- nexB

   Georg Link, UNO

   Mike Dolan, Linux Foundation

              NewPP limit report CPU time usage: 0.009 seconds Real time usage: 0.011 seconds Preprocessor visited node count: 23/1000000 Preprocessor generated node count: 28/1000000 Post‐expand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Highest expansion depth: 2/40 Expensive parser function count: 0/100 Saved in parser cache with key spdx_mwiki:pcache:idhash:1048-0!*!*!!en!*!* and timestamp 20160830122940 and revision id 3956

 


Thursday SPDX General Meeting

Philip Odence
 

Please join us this week. Alexios Zavras will begin the meeting with an informal presentation on Intel’s use and plans for SPDX.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

 

Administrative Agenda

Attendance

 

 

Guest Presentation – Alexios Zavras

 

Technical Team Report – Kate 

 

Legal Team Report – Jilayne

 

Business Team Report – Jack

 

Cross Functional Issues - Phil


Re: call in about an hour :)

J Lovejoy
 

Thanks for the update, Tom, and for updating your email address on the mailing lists :)

Congrats!

Jilayne


SPDX Legal Team co-lead
opensource@...

On Jul 7, 2016, at 11:53 AM, Vidal, Thomas <TVidal@...> wrote:

Hi, Just wanted to update you all that my last day at AGMB is tomorrow. As of next week, I will be a partner in the firm of Pryor Cashman LLP<http://www.pryorcashman.com/>. The SPDX-legal list, you will be happy to note, has already been updated.



Thomas H. Vidal

Pryor Cashman LLP

1801 Century Park East<x-apple-data-detectors://2/1>

Los Angeles, CA 90067<x-apple-data-detectors://2/1>

tvidal@...<mailto:tvidal@...>

tel. (310) 556-9608<tel:(310)%20556-9608>

fax. (310) 556-9670<tel:(310)%20556-9670>



Sincerely,



Tom

On Jul 7, 2016, at 9:09 AM, J Lovejoy <opensource@...<mailto:opensource@...>> wrote:

Agenda:

1) check in on XML files review / go over any questions that have come up

2) discuss other tasks related to switch to XML format, such as:
- license exceptions (still need to be added to XML format?)
- how to deal with deprecated licenses?
- process flow for new license list format

3) any other open items?


Jilayne
SPDX Legal Team co-lead
opensource@...<mailto:opensource@...>


_______________________________________________
Spdx-legal mailing list
Spdx-legal@...<mailto:Spdx-legal@...>
https://lists.spdx.org/mailman/listinfo/spdx-legal

________________________________

***CONFIDENTIALITY NOTICE***
This email contains confidential information which may also be legally privileged and which is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are hereby notified that forwarding or copying of this email, or the taking of any action in reliance on its contents, may be strictly prohibited. If you have received this email in error, please notify us immediately by reply email and delete this message from your inbox.


Re: call in about an hour :)

Tom Vidal
 

Hi, I didn't mention this on the call, but I wanted to update you all that my last day at AGMB is tomorrow. As of next week, I will be a partner in the firm of Pryor Cashman LLP<http://www.pryorcashman.com/>. The SPDX-legal list, you will be happy to note, has already been updated.



Thomas H. Vidal

Pryor Cashman LLP

1801 Century Park East

Los Angeles, CA 90067

tvidal@...<mailto:tvidal@...>

tel. (310) 556-9608

fax. (310) 556-9670



Sincerely,



Tom

On Jul 7, 2016, at 9:09 AM, J Lovejoy <opensource@...<mailto:opensource@...>> wrote:

Agenda:

1) check in on XML files review / go over any questions that have come up

2) discuss other tasks related to switch to XML format, such as:
- license exceptions (still need to be added to XML format?)
- how to deal with deprecated licenses?
- process flow for new license list format

3) any other open items?


Jilayne
SPDX Legal Team co-lead
opensource@...<mailto:opensource@...>


_______________________________________________
Spdx-legal mailing list
Spdx-legal@...<mailto:Spdx-legal@...>
https://lists.spdx.org/mailman/listinfo/spdx-legal

________________________________

***CONFIDENTIALITY NOTICE***
This email contains confidential information which may also be legally privileged and which is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are hereby notified that forwarding or copying of this email, or the taking of any action in reliance on its contents, may be strictly prohibited. If you have received this email in error, please notify us immediately by reply email and delete this message from your inbox.


SPDX July General Meeting Minutes

Philip Odence
 


General Meeting/Minutes/2016-07-07

  • Attendance: 13
  • Lead by Phil Odence
  • Minutes of June meeting approved


Special Guest - Sam Ellis, ARM[edit]

  • Sam works in ARM’s Cambridge HQ
    • SW Engineer/Mgr
    • No legal training
    • Has gotten involved just as part as his job
    • Now acts as bridge between dev and legal teams
  • They use a license scanning tool
    • That’s the implementation of SPDX
    • Keen on the license list for name consistency
    • And using SPDX basis of repository of data about open source in products
  • Dev process
    • Similar to most
    • Are careful to separate out open source archive
      • Basis of license scanning
      • Develop an SPDX tag format report for each product
  • Legal Approval Process
    • They use a custom tool internally
    • When open source comes into the company, they assess risk
    • Recently put a new system in place
      • Asks the type of questions that SPDX captures
        • Package name, licenses, copyright notices, where downloaded, etc.
      • Goal is to to eventually import/export SPDX for this purposes
    • Tracks OSS use cases
  • Two systems using
    • Approval process
    • Data from the build
    • Will eventually try to compare to ensure sync
      • Can be hard to maintain, particularly when removing stuff.
  • Sam’s projects use and exceptionally large amount of OSS
    • Need to explain to customers
    • Ideally would like to auto-gen the list of licenses they publish
      • Practical Problem: They don’t want to declare all
        • For example, disjunctive license, may only want declare one
  • Would like to ship SPDX
    • Need to work out how much to declare
    • They get a lot of queries
      • Concern is does providing more info, generate more queries
    • * Certainly they feel that SPDX is the right format
  • Observations
    • Tag file is large - 130 MB for one product
      • Too large to ship, but could include on website
      • Too much info to be comprehensible
    • People who need to use, don’t have the tools
      • Need something that can open and filter/summarize
  • Learning
    • In the past have developed one big SPDX file
    • Probably a mistake, should have broken it down
  • Discussion
    • Tooling- perhaps the convertor to spreadsheet
    • Supply chain partners are really interested in use cases, not just what’s in product
    • Any sharing SPDX docs within company yet? - No, not yet.


Tech Team Report - Kate/Gary[edit]

  • Spec
    • 2.1 draft is out for review
      • open until the end of the month
      • assuming no show stoppers, that should be it
  • Tooling
    • Started updating for 2.1 last week
    • External references implementation taking more time than anticipated
    • Tooling first pass should be ready with 2.1 release timeframe
    • Gary is keen for feedback on our tools and any issues in implementing other tools

Outreach Team Report - Jack[edit]

  • Website
    • Very close to wrapping up
    • Looking at final review next week


Legal Team Report - Jilayne[edit]

  • XML templates
    • Review continuing
    • Call today will checkpoint where we are and remaining work
  • 2.5 list release
    • Should be live in the next day or two
    • Not too many new licenses


Cross Functional Topics - Phil[edit]

  • Guest stars
    • Always looking for more
  • LinuxCon
    • Looks light nothing official 


Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Scott Sterling, Palamida
  • Robin Gandhi, UNO
  • Jack Manbeck, TI
  • Yev Bronshteyn, Black Duck
  • Gary O’Neill, SourceAuditor 
  • Mark Gisi, Wind River 
  • Dave Marr, Qualcomm
  • Matt Germonprez, UNO
  • Michael Herzog- nexB
  • Sam Ellis, ARM


Thursday's SPDX General Meeting

Philip Odence
 

Please join us this week. Sam Ellis will kick the meeting off with a presentation on ARM’s use of and plans for SPDX.


GENERAL MEETING

Meeting Time: Thurs, July 7, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed

Administrative Agenda
Attendance

Guest Presentation – Sam Ellis, ARM

Technical Team Report – Kate 


Legal Team Report – Jilayne


Business Team Report – Jack


Cross Functional Issues - Phil


SPDX 2.1 Specification - please provide any final input before July 29, 2016

Kate Stewart
 

Greetings,
     The tech team is winding up the remaining minor changes, and has
declared the SPDX 2.1 specification ready for wider public review.
The review window will end on July 29th, and if there are no show stoppers,
we'll be releasing 2.1 after that. 

Highlights of this version are,  more expressive and accurate handling
of external references,   ability to accurately reference snippets and syntax
for embedding SPDX license list short identifiers in source files.

A .pdf version of the 2.1 draft version of the specification has been 
attached for your convenience.

What we're still working on:
- area's highlighted in yellow - some wording discussions ongoing.
- figuring out how to handle external references to debian (hope to settle it this week)
- update license list to 2.5 when its released.
- summary information.
- clean up some formatting weirdnesses in final document and moving it to git

How can you help?
- please read through the new sections on the .pdf or google document (see below) 
  and make sure they are understandable.
- please start implementing tools and let us know if we've overlooked something.

Any minor syntax, grammar, style etc. changes - please create a comment in the google document. 

If you spot a major flaw,   please open a bugzilla bug at: https://bugs.linuxfoundation.org under
project SPDX,  version 2.1.

Thank you for your help!

Kate Stewart,  on behalf of the spdx-tech team. 


SPDX June General Meeting Minutes

Philip Odence
 

Dave Marr did a great job presenting the importance of SPDX to Qualcomm. Please let me know if you or colleagues would be willing to give a brief, high level talk on how SPDX is being thought about and used (or planned to be used) in the field. Thanks!




General Meeting/Minutes/2016-06-02

  • Attendance: 14
  • Lead by Phil Odence
  • Minutes of May meeting approved

Special Guest - Dave Marr, Qualcomm[edit]

  • SPDX is a critical piece of getting well and getting good at managing open source
  • Open source overall
    • Requires cross functional participation
    • Some very intellectual interesting aspects
    • Management
      • really requires a lot of uninteresting, rote work
      • Necessary to get it right
    • Opportunity for automation
      • Requires standard practices
      • Customer focus required
        • Focus on internal customers too, requires mindset shift
        • Delivering code with compliance problems is like delivering bad code
        • Qualcomm engineers all take Dave’s training
          • The more specific instructions the better
      • SPDX connection
        • Information must be in a factorable form
        • Standardization is key
      • Process required to yield the output
        • That’s the hard part
        • Can’t have drag on engineering processes
        • So need automation and “plumbing”
      • Direction
        • Aiming for seamlessness
        • Suppliers need to be brought into this
        • If everyone provides SPDX, there’s still the need to efficiently consume and manage through the dev process
        • Solution needs to handle version control and compilation
        • The dream is a way to move the SPDX files along with the code and to handle refactoring to the ultimately the SPDX files for products the ship are available and largely accurate. 
      • How to get there?
        • Tricky to improve the plane while still flying
      • Does annotation in SPDX help?
        • So far they struggle with achieving behavioral change in engineering
        • Works best when product managers drive
        • Annotations are good for simple use case
      • Looking at hooks into version control systems?
        • Yes, and this might be the ultimate approach
        • At least part of the solution
        • One source of truth is required -- and as contained within the version control system


Tech Team Report - Kate[edit]

  • Spec
    • 2.1 very close to getting pushed out
      • two appendices need a little work, but that’s it
      • Kate can provide link to review for everyone
      • Somewhat waiting for Gary’s return from vaca
    • Live on the new website
  • Tools
    • Starting to update for 2.1


Outreach Team Report - Jack[edit]

  • Website
    • Still working it through
    • Lots to talk about in team call today
    • Still a few functional issues, need to resolve with LF folks


Legal Team Report - Paul[edit]

  • Primary focus getting all the licenses into GitHub
      • for maintenance 
      • and more future utility
    • all license have been converted
      • going thru manually
  • New licenses
    • knocking them down as they come in
    • little backlog at this point


Cross Functional Topics - Phil[edit]

  • Guest stars
    • Sam Ellis, Dave Marr, one more in pipeline


Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Jack Manbeck, TI
  • Scott Sterling, Palamida
  • Paul Madick, Dimension Data
  • Robin Gandhi, UNO
  • Alexios Zavras, Intel
  • Pierre LaPointe, nexB 
  • Michael Herzog- nexB
  • Mike Dolan, Linux Foundation
  • Matt Germonprez, UNO
  • Yev Bronshteyn, Black Duck
  • Matija Suklje, FSFE


SPDX Special Guest Star Announcement and Thursday General Meeting Reminder

Philip Odence
 

This month, Dave Marr from Qualcomm will talk about his company’s use of SPDX. It will surely be interesting, so please join us.


GENERAL MEETING

Meeting Time: Thurs, June 2, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed

Administrative Agenda
Attendance

Guest Presentation – Dave Marr 

Technical Team Report – Kate 


Legal Team Report – Jilayne


Business Team Report – Jack


Cross Functional Issues - Phil


SPDX May General Meeting Minutes

Philip Odence
 


General Meeting/Minutes/2016-05-05

  • Attendance: 9
  • Lead by Phil Odence
  • Minutes of April meeting approved


Tech Team Report - Kate/Gary[edit]

  • Spec
    • Getting to final stages
    • Collab Summit issues have been addressed
    • People working on the spec have reviewed
    • Then will go out for broader review in a couple weeks
    • Transitioning documentation to Git
  • 2.1 Tools
    • Tool dev is finding some inconsistencies in tool
      • e.g. No license, no assertion 

Outreach Team Report - Jack[edit]

  • Website
    • Still trying to finish off
    • Important call today


Legal Team Report - Jilayne/Paul[edit]

  • Special Call today
    • Working on XML files today
    • What review will look like
    • So work can be easily divided
  • License review tasks at hand-
    • 300 license need review (no more than 30 person-hours)
    • This is a rough look to make sure machine conversion hasn’t made obvious mistakes
    • Hoping to have done for next release of license list, end of Jun
    • Will make the call early in June.
  • Regular business of Legal Team
    • Some normal license approvals
    • Issue of Public Domain re-raised and discussed
      • Back burnered for future discussion
      • May involve a standard govt header

Cross Functional Topics - Phil[edit]

  • Google SoC
    • Will not participate this year
  • Uber Conf
    • Need to find how our account was originally created
    • Kate building new one
  • Guest stars
    • Sam Ellis, Dave Marr, one more in pipeline
  • OSI Meeting

Attendees[edit]

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Mark Gisi, Wind River 
  • Jack Manbeck, TI
  • Scott Sterling, Palamida
  • Gary O’Neill, SourceAuditor 
  • Paul Madick, Dimension Data
  • Robin Gandhi, UNO


Reminder: Thursday SPDX General Meeting

Philip Odence
 

For the week, it will just be the normal agenda, so the meeting is likely to run only 30 minutes. 
We have guest speakers lined up for the next several meetings.


GENERAL MEETING

Meeting Time: Thurs, May 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Optional dial in number: 877-297-7470
Alternate number: 512-910-4433
No PIN needed


Administrative Agenda
Attendance


Technical Team Report – Kate 


Legal Team Report – Jilayne


Business Team Report – Jack


Cross Functional Issues - Phil


Re: SPDX License List v2.4 released

Sam Ellis <Sam.Ellis@...>
 

Yes, I confirm it’s fixed.

 

From: Gary O'Neall [mailto:gary@...]
Sent: 21 April 2016 17:38
To: Sam Ellis; 'J Lovejoy'; 'Zavras, Alexios'
Cc: 'SPDX-legal'; 'SPDX-general'
Subject: RE: SPDX License List v2.4 released

 

Hi Sam,

 

I believe this was resolved a couple weeks back.

 

I just checked and I did not see any error.  You may want to try clearing the browser cache and see if the error still occurs.


Gary

 

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Sam Ellis
Sent: Friday, April 8, 2016 10:05 AM
To: J Lovejoy; Zavras, Alexios
Cc: SPDX-legal; SPDX-general
Subject: RE: SPDX License List v2.4 released

 

I see an error reported at the top of this page:

 

https://spdx.org/licenses/Artistic-2.0

 

The error is:

 

error on line 213 at column 22: Entity 'copy' not defined

 

I obtained this URL by searching for “spdx perl artistic license 2.0” in google.

 

Interestingly there is no error here:

 

https://spdx.org/licenses/Artistic-2.0.html

 

Do we deliberately provide two URLs for each license?

 

From: spdx-legal-bounces@... [mailto:spdx-legal-bounces@...] On Behalf Of J Lovejoy
Sent: 08 April 2016 17:36
To: Zavras, Alexios
Cc: SPDX-legal; SPDX-general
Subject: Re: SPDX License List v2.4 released

 

Thanks for catching this Alexios - you are right as to where the error is coming from… 

 

I’ll work with Gary to fix this.

 

Jilayne

 

SPDX Legal Team co-lead
opensource@...

 

On Apr 8, 2016, at 6:52 AM, Zavras, Alexios <alexios.zavras@...> wrote:

 

This license is empty: http://spdx.org/licenses/NLOD-1.0.html

I assume because the reference (at least in the Excel file) is to “NLOD-1..txt” instead of “NLOD-1.0.txt”.

 

-- zvr

 

From: spdx-legal-bounces@... [mailto:spdx-legal-bounces@...] On Behalf Of J Lovejoy
Sent: Tuesday, April 05, 2016 12:41 AM
To: SPDX-legal <spdx-legal@...>; SPDX-general <spdx@...>
Subject: SPDX License List v2.4 released

 

Hi All,

 

Version 2.4 of the SPDX License List is now available in the usual places.  We added 9 new licenses for this release, including some international licenses and newly-approved by the OSI.http://spdx.org/licenses/

 

You will also notice a new look to the license list pages - this is part of the new website revamp.  You will see the new look on the rest of the pages soon!

 

Thanks,

Jilayne

 

 

SPDX Legal Team co-lead
opensource@...

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Christian Lamprechter
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

541 - 560 of 1608