Date   

Re: Help converting Fedora license IDs to SPDX format

J Lovejoy
 

Hi Richard (x2)!

Richard H - great to hear you are using the SPDX License List for identifying licenses in AppStream for a number of reasons. Your responses below are all correct in terms of understanding the SPDX License List, so I’ll only add a bit more info in regards to the issues you have come across.

As Phil mentioned in his response, the SPDX legal team is currently working through the Fedora Good License list (https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses) in order to identify where the SPDX License List is missing a license that is on the Fedora list. The inclination is to add any such licenses and try to align the SPDX short identifier with whatever Fedora had been using. However, for the reasons you and Richard F identified (e.g. I’ll call it the “MIT bucket,” identifying that Fedora uses to describe similar licenses) not all the short identifiers will align. I suspect we will end up with a “equivalency” document as part of the SPDX License List reference materials, for convenience. In any case, the next release of the SPDX License List is currently schedule to coincide with the release of 2.0 of the spec, so at that point you will see many additions to this end.

In regards to the exceptions, this is also something we are currently working on. As of 2.0, license exceptions will be treated as a modifier to the base license to better enable capturing the various exceptions that exist in the wild. An explanation of this change, as well as the bigger picture in regards to creating a better way to express complex licensing info for files was recently summarized here: http://article.gmane.org/gmane.comp.licenses.spdx.legal/855/match=expression

If you are not on the legal mailing list, please join!! (http://lists.spdx.org/mailman/listinfo/spdx-legal)

<<I have responded to both the general and legal mailing lists here, but subsequent discussion should move to the legal list only, where it will get more direct responses/discussion :)

Thanks!

Jilayne

SPDX Legal Team co-lead
opensource@...

On May 2, 2014, at 8:03 AM, Richard Hughes <hughsient@...> wrote:

On 2 May 2014 14:41, Richard Fontana <rfontana@...> wrote:
Also (based on what little documentation on AppStream that I looked at) it is unclear what the purposes are in the case of AppStream.
So, for AppStream the idea is to explain the licenses in the
user-facing software center, e.g. gnome-software or apper for KDE.
This would mean you could click on a link that says "GPLv3+" and get
sent to http://spdx.org/licenses/GPL-3.0+ rather than just having a
license string to look at and perhaps Google.

My knowledge of SPDX itself is limited, but if you look at:
http://spdx.org/spdx-license-list/matching-guidelines you will see
that SPDX is using license identifiers in an entirely different way
from how Fedora uses RPM metadata license identifiers.
Right. The idea is that you can define "upstream" what licenses your
software is using, rather than relying on the packager to work it out
and apply broad classification during the packaging step. I'm really
only doing this for applications not explicitly specifying what SPDX
licences they are using.

A good example, though not on your list probably because you assume it
is not problematic, is "MIT". For SPDX, this means
http://spdx.org/licenses/MIT#licenseText subject to the points made in
the SPDX matching guidelines.
Right.

For Fedora, however, "MIT" is supposed
to mean a wide range of different license texts (which SPDX would
surely treat as distinct, non-matching licenses) that were determined
by the Fedora Project to be what I myself might verbosely call "X
Window Project-descended license family licenses, particularly as
distinguished from BSD-family licenses" if I had to call it anything.
Yes, this is the fudge-factor I was talking about. Ideally we would
have all these MIT-variants as separate SPDX license IDs.

So for the ones you list, first of all for most of these there isn't
any SPDX license identifier anyway even if you ignore the issue I just
talked about, since the SPDX list is, at least at present, not meant
to be a comprehensive list of all licenses ever encountered in, say, a
conventional Linux distribution, but rather those that are "commonly
found". In your list, none of those are "commonly found" in that sense
except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to
correspond to SPDX AGPL-3.0, but not the "with exceptions" part which
has no SPDX license identifier counterpart.
Right.

(By contrast there are
some GPLv2 and GPLv3 SPDX license identifiers that include some
commonly-found permissive exceptions.)
Agreed, I didn't know whether the "with exceptions" AGPL thing
could/should be broken down any further for SPDX.

This is what Fedora "MIT" means some of the time but not all
of the time.
Yes, it's not ideal at all, but the data I'm presenting is more of an
interesting titbit of information about the application rather than a
comprehensive legal explanation. Apps are still free to specify a
special license ID of "libtiff with extensions" but it just won't be
hyperlinked in the front end tool.

Richard
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Help converting Fedora license IDs to SPDX format

Richard Hughes
 

On 2 May 2014 14:41, Richard Fontana <rfontana@...> wrote:
Also (based on what little documentation on AppStream that I looked at) it is unclear what the purposes are in the case of AppStream.
So, for AppStream the idea is to explain the licenses in the
user-facing software center, e.g. gnome-software or apper for KDE.
This would mean you could click on a link that says "GPLv3+" and get
sent to http://spdx.org/licenses/GPL-3.0+ rather than just having a
license string to look at and perhaps Google.

My knowledge of SPDX itself is limited, but if you look at:
http://spdx.org/spdx-license-list/matching-guidelines you will see
that SPDX is using license identifiers in an entirely different way
from how Fedora uses RPM metadata license identifiers.
Right. The idea is that you can define "upstream" what licenses your
software is using, rather than relying on the packager to work it out
and apply broad classification during the packaging step. I'm really
only doing this for applications not explicitly specifying what SPDX
licences they are using.

A good example, though not on your list probably because you assume it
is not problematic, is "MIT". For SPDX, this means
http://spdx.org/licenses/MIT#licenseText subject to the points made in
the SPDX matching guidelines.
Right.

For Fedora, however, "MIT" is supposed
to mean a wide range of different license texts (which SPDX would
surely treat as distinct, non-matching licenses) that were determined
by the Fedora Project to be what I myself might verbosely call "X
Window Project-descended license family licenses, particularly as
distinguished from BSD-family licenses" if I had to call it anything.
Yes, this is the fudge-factor I was talking about. Ideally we would
have all these MIT-variants as separate SPDX license IDs.

So for the ones you list, first of all for most of these there isn't
any SPDX license identifier anyway even if you ignore the issue I just
talked about, since the SPDX list is, at least at present, not meant
to be a comprehensive list of all licenses ever encountered in, say, a
conventional Linux distribution, but rather those that are "commonly
found". In your list, none of those are "commonly found" in that sense
except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to
correspond to SPDX AGPL-3.0, but not the "with exceptions" part which
has no SPDX license identifier counterpart.
Right.

(By contrast there are
some GPLv2 and GPLv3 SPDX license identifiers that include some
commonly-found permissive exceptions.)
Agreed, I didn't know whether the "with exceptions" AGPL thing
could/should be broken down any further for SPDX.

This is what Fedora "MIT" means some of the time but not all
of the time.
Yes, it's not ideal at all, but the data I'm presenting is more of an
interesting titbit of information about the application rather than a
comprehensive legal explanation. Apps are still free to specify a
special license ID of "libtiff with extensions" but it just won't be
hyperlinked in the front end tool.

Richard


Re: Help converting Fedora license IDs to SPDX format

Richard Fontana
 

On Fri, May 02, 2014 at 12:53:30PM +0100, Richard Hughes wrote:
Hi all,

I hope I'm asking in the right place, if not please disregard this
message. When writing AppStream metadata I'm required to convert the
existing Fedora license tag to an SPDX-compatible string so it can be
made into a hyperlink and be clickable. Most license IDs are either
the same, or map between one and the other with a small fudge factor,
but I'm having problems finding SPDX licences for a few Fedora IDs.

The fedora license ID's that probably should map to something (ideas welcome!):

* Afmparse
* AGPLv3 with exceptions
* AGPLv3+ with exceptions
* libtiff
* mecab-ipadic
* Mup
* OpenPBS
* softSurfer
* Teeworlds
* TORQUEv1.1
* UCD
* Vim
* XSkat
* Baekmuk
* Bitstream Vera
* Crystal Stacker
* Liberation
* MgOpen
* mplus

There are a few things that don't make sense, e.g.
* Public Domain
* Copyright only
* Freely redistributable without restriction
* Redistributable, no modification permitted

If anyone knows of any existing SPDX IDs suitable for any of the
above, I'd be very grateful. Thanks.
I think the problem is that you are dealing with three different
notions of license identifiers, two of which are superficially the
same in that AppStream has decided to use SPDX identifiers for its own
purposes, if I understand correctly. Also (based on what little
documentation on AppStream that I looked at) it is unclear what the
purposes are in the case of AppStream.

My knowledge of SPDX itself is limited, but if you look at:
http://spdx.org/spdx-license-list/matching-guidelines you will see
that SPDX is using license identifiers in an entirely different way
from how Fedora uses RPM metadata license identifiers.

A good example, though not on your list probably because you assume it
is not problematic, is "MIT". For SPDX, this means
http://spdx.org/licenses/MIT#licenseText subject to the points made in
the SPDX matching guidelines. For Fedora, however, "MIT" is supposed
to mean a wide range of different license texts (which SPDX would
surely treat as distinct, non-matching licenses) that were determined
by the Fedora Project to be what I myself might verbosely call "X
Window Project-descended license family licenses, particularly as
distinguished from BSD-family licenses" if I had to call it anything.

So for the ones you list, first of all for most of these there isn't
any SPDX license identifier anyway even if you ignore the issue I just
talked about, since the SPDX list is, at least at present, not meant
to be a comprehensive list of all licenses ever encountered in, say, a
conventional Linux distribution, but rather those that are "commonly
found". In your list, none of those are "commonly found" in that sense
except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to
correspond to SPDX AGPL-3.0, but not the "with exceptions" part which
has no SPDX license identifier counterpart. (By contrast there are
some GPLv2 and GPLv3 SPDX license identifiers that include some
commonly-found permissive exceptions.)

So when you say "I'm required to convert the existing Fedora license
tag to an SPDX-compatible string so it can be made into a hyperlink
and be clickable", this is only meaningful if what you mean by "Most
license IDs are either the same, or map between one and the other with
a small fudge factor" is understood with my point about, e.g. the
significant distinction between SPDX "MIT" and Fedora "MIT" in
mind. And what would "MIT" hyperlink to -- the OSI version of the MIT
license? This is what Fedora "MIT" means some of the time but not all
of the time.

- Richard


Re: Help converting Fedora license IDs to SPDX format

Philip Odence
 

Richard,
I¹m moving you from the general SPDX list to the legal team. We are
actually in the middle of marching through the Fedora licenses and are
happy to work with you on this. You should be hearing shortly from someone
on our legal team.
Best,
Phil Odence
SPDX Chair

On 5/2/14, 7:53 AM, "Richard Hughes" <hughsient@...> wrote:

Hi all,

I hope I'm asking in the right place, if not please disregard this
message. When writing AppStream metadata I'm required to convert the
existing Fedora license tag to an SPDX-compatible string so it can be
made into a hyperlink and be clickable. Most license IDs are either
the same, or map between one and the other with a small fudge factor,
but I'm having problems finding SPDX licences for a few Fedora IDs.

The fedora license ID's that probably should map to something (ideas
welcome!):

* Afmparse
* AGPLv3 with exceptions
* AGPLv3+ with exceptions
* libtiff
* mecab-ipadic
* Mup
* OpenPBS
* softSurfer
* Teeworlds
* TORQUEv1.1
* UCD
* Vim
* XSkat
* Baekmuk
* Bitstream Vera
* Crystal Stacker
* Liberation
* MgOpen
* mplus

There are a few things that don't make sense, e.g.
* Public Domain
* Copyright only
* Freely redistributable without restriction
* Redistributable, no modification permitted

If anyone knows of any existing SPDX IDs suitable for any of the
above, I'd be very grateful. Thanks.

Richard
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Help converting Fedora license IDs to SPDX format

Richard Hughes
 

Hi all,

I hope I'm asking in the right place, if not please disregard this
message. When writing AppStream metadata I'm required to convert the
existing Fedora license tag to an SPDX-compatible string so it can be
made into a hyperlink and be clickable. Most license IDs are either
the same, or map between one and the other with a small fudge factor,
but I'm having problems finding SPDX licences for a few Fedora IDs.

The fedora license ID's that probably should map to something (ideas welcome!):

* Afmparse
* AGPLv3 with exceptions
* AGPLv3+ with exceptions
* libtiff
* mecab-ipadic
* Mup
* OpenPBS
* softSurfer
* Teeworlds
* TORQUEv1.1
* UCD
* Vim
* XSkat
* Baekmuk
* Bitstream Vera
* Crystal Stacker
* Liberation
* MgOpen
* mplus

There are a few things that don't make sense, e.g.
* Public Domain
* Copyright only
* Freely redistributable without restriction
* Redistributable, no modification permitted

If anyone knows of any existing SPDX IDs suitable for any of the
above, I'd be very grateful. Thanks.

Richard


Thursday SPDX General Meeting

Philip Odence
 

REMINDER – Call for talks
Although LinuxCon NA is a few months off (Chicago, Aug 20) we are just one week from the deadline for submitting talks (May 2). “SPDX” is specifically mentioned under suggested topics, and we would love to get a few submissions. Jack tapped me to co-submit an update on SPDX 2.0 and we are talking about doing a hands on session with tools, but there’s certainly room for other topics. In particular, it would be interesting to get some talks on usage. The crowd would be really interested to understand what you are doing in your company with SPDX.  If you don’t feel you have a full 40 minutes worth but would like to talk, let me and Jack know and perhaps we can pull together 3 or 4 mini presentations. 

Here’s the link for submitting:


GENERAL MEETING

Meeting Time: Thurs, May 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- Note, minutes have not yet been posted.


Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil




Call for Talks...SPDX to rock LinuxCon

Philip Odence
 

Although LinuxCon NA is a few months off (Chicago, Aug 20) we are just one week from the deadline for submitting talks (May 2). “SPDX” is specifically mentioned under suggested topics, and we would love to get a few submissions. Jack tapped me to co-submit an update on SPDX 2.0 and we are talking about doing a hands on session with tools, but there’s certainly room for other topics. In particular, it would be interesting to get some talks on usage. The crowd would be really interested to understand what you are doing in your company with SPDX.  If you don’t feel you have a full 40 minutes worth but would like to talk, let me and Jack know and perhaps we can pull together 3 or 4 mini presentations. 

Here’s the link for submitting:


Re: TripleCheck 0.4

Lamons, Scott (Open Source Program Office) <scott.lamons@...>
 

Nick,

While I've only spent ~15min with the tool, I was very impressed with the ease of use and the ability to install this and get almost immediate and useful! results. Great work! I'll keep you posted on my findings.

Best Regards,
Scott

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito
Sent: Monday, March 31, 2014 1:02 PM
To: Manbeck, Jack; spdx@...
Subject: RE: TripleCheck 0.4

Hi Jack,

Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software.

Will get back to this message as soon as possible.

With kind regards,
Nuno Brito

On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote:
Nuno,

This is great news. I would like to list the tool on the SPDX website.
If you agree here is a link to the information I need. You can email it
to me direct and I can post it on the business team list if you do not
have access.

http://wiki.spdx.org/view/Business_Team/Tool_Link_Request

best regards,

Jack Manbeck
SPDX Site Admin and Business Team Co-Chair


-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Nuno Brito
Sent: Thursday, March 27, 2014 12:54 PM
To: spdx@...
Subject: TripleCheck 0.4

Dear SPDX group,

I'd like to announce the availability of a new SPDX editor/viewer.

Features:

- Create an SPDX document from:
-- a source code folder on disk
-- a zipped file on the network

- User interface:
-- Desktop UI
-- Access from a web browser

- Java based (tested under Windows and Linux)
- Tree navigation of files and folders
- Search features (name, hash, similar files)
- Basic SPDX editing features
- Metrics calculation (LOC, size, number of files)
- Basic license detection (detects GPL, LGPL, ...) headers in source
code
- Learning function (supports plugins, new licenses, ...)

The tool is freeware, code is released under the open source EUPL.

These are the first editions, many defects are present that we'll be
addressing in the upcoming months. If you have any requests or would
like to report a defect, just write us back an email.


At the moment only the tag/value format is supported. On our context
there wasn't much demand for supporting the XML version. An SPDX
document generated by our tool writes more information that what the
standard prescribes. For example, we include the hashes for other
algorithms because they help us finding trails of specific files across
the web.


This tool is useful if you need a quick way to visually generate an
SPDX document from a set of files on your disk. We were already
developing this kind of tools in the past for forensic analysis
purposes, moved recently to embrace the SPDX format.


For more details and download, please visit
http://www.triplecheck.de/download/


With kind regards,
Nuno Brito
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: TripleCheck 0.4

Nuno Brito
 

Hi Jack,

I'd like to follow-up on this message if possible, the points from the requirement list were quoted to place my answers in context.


The tool must currently support SPDX (i.e. it is not a planned release).
Checked.


You have a page on your website that describes how the tool supports SPDX. This will be the link you provide in the Required Information below.
Checked.


Whether this is a community or commercial tool.
Community. Contributions from other developers interested in submitting additional license detection rules and fix defects are warmly welcome through github or email.

To clarify, I use this software on commercial practice to "scratch my own itch" [1] in the open source way of doing things.


A small logo which can be displayed. This is optional. If provided it must meet the following criteria
Attached to this message you find a TripleCheck with 251x122px as specified in the criteria


A short teaser of one or two sentences that describes your tool. No more than 160 characters including spaces
Straight-forward free tool to create SPDX reports right from your desktop.


A long description which can be up to a couple of paragraphs. Try not to get too verbose. You will have a link to your website for lengthy explanations.
The TripleCheck reporter is the ideal tool for a quick overlook of the licensing compliance status for a given set of source code files in your desktop computer (Windows, Linux, Mac OSX). If some license or copyright is not detected by the tool, you can easily add new rules by yourself. We are building a community around open source tooling and your help is welcome to grow the open database of licensing rules. Look for us on GitHub.


An http link to your site for access to the tool and information on how it supports SPDX.
http://www.triplecheck.de/download/



The current version of the tool is 0.6 so perhaps is better to omit version references and just call the tool "TripleCheck reporter". If there is anything else needed, please do let me know.

Just in case, I have prepared a short video showcasing the tool that you find at http://youtu.be/nljP6hC8xbc


With kind regards,
Nuno Brito

[1] http://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar#Lessons_for_creating_good_open_source_software

---
email: nuno.brito@...
phone: +49 615 146 03187

On 2014-03-31 20:44, Manbeck, Jack wrote:
Nuno,
This is great news. I would like to list the tool on the SPDX website.
If you agree here is a link to the information I need. You can email
it to me direct and I can post it on the business team list if you do
not have access.
http://wiki.spdx.org/view/Business_Team/Tool_Link_Request
best regards,
Jack Manbeck
SPDX Site Admin and Business Team Co-Chair


Re: Special SPDX General Meeting & V2.0 Overview this Thursday

Lamons, Scott (Open Source Program Office) <scott.lamons@...>
 

Gary,

 

Thanks for the great presentation today on SPDX 2.0 modeling.   I really like the evolutionary approach (i.e. adding the relationship functionality on top of what’s already in the 1.2 spec with minimal deprecation).   This will make migration much easier and it makes a lot of sense from a business perspective.  

 

And I appreciate you taking it down to a reasonably non-technical level!

 

Regards,

Scott

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Gary O'Neall
Sent: Wednesday, April 02, 2014 12:55 PM
To: 'Philip Odence'; spdx@...
Subject: RE: Special SPDX General Meeting & V2.0 Overview this Thursday

 

Greetings all.

 

Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call.   In the tech team we are starting to transition from working on the model to the specification itself.  I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.

 

Gary

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Tuesday, April 1, 2014 11:20 AM
To: spdx@...
Subject: Special SPDX General Meeting & V2.0 Overview this Thursday

 

For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.

 

AND, 

 

The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 

 

Administrative Agenda

Attendance

Approve Minutes- 

 

Technical Team Report - Kate

 

 

Legal Team Report - Jilayne

 

 

Business Team Report – Jack

 

 

Cross Functional Issues – Phil

V2.0 Overview- Gary O'Neall

 

 

 


Re: Special SPDX General Meeting & V2.0 Overview this Thursday

Gary O'Neall
 

Greetings all.

 

Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call.   In the tech team we are starting to transition from working on the model to the specification itself.  I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.

 

Gary

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Tuesday, April 1, 2014 11:20 AM
To: spdx@...
Subject: Special SPDX General Meeting & V2.0 Overview this Thursday

 

For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.

 

AND, 

 

The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 

 

Administrative Agenda

Attendance

Approve Minutes- 

 

Technical Team Report - Kate

 

 

Legal Team Report - Jilayne

 

 

Business Team Report – Jack

 

 

Cross Functional Issues – Phil

V2.0 Overview- Gary O'Neall

 

 

 


Special SPDX General Meeting & V2.0 Overview this Thursday

Philip Odence
 

For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.

AND, 

The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.


GENERAL MEETING

Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil
V2.0 Overview- Gary O'Neall




Re: TripleCheck 0.4

Nuno Brito
 

Hi Jack,

Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software.

Will get back to this message as soon as possible.

With kind regards,
Nuno Brito

On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote:
Nuno,

This is great news. I would like to list the tool on the SPDX website.
If you agree here is a link to the information I need. You can email it
to me direct and I can post it on the business team list if you do not
have access.

http://wiki.spdx.org/view/Business_Team/Tool_Link_Request

best regards,

Jack Manbeck
SPDX Site Admin and Business Team Co-Chair


-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Nuno Brito
Sent: Thursday, March 27, 2014 12:54 PM
To: spdx@...
Subject: TripleCheck 0.4

Dear SPDX group,

I'd like to announce the availability of a new SPDX editor/viewer.

Features:

- Create an SPDX document from:
-- a source code folder on disk
-- a zipped file on the network

- User interface:
-- Desktop UI
-- Access from a web browser

- Java based (tested under Windows and Linux)
- Tree navigation of files and folders
- Search features (name, hash, similar files)
- Basic SPDX editing features
- Metrics calculation (LOC, size, number of files)
- Basic license detection (detects GPL, LGPL, ...) headers in source
code
- Learning function (supports plugins, new licenses, ...)

The tool is freeware, code is released under the open source EUPL.

These are the first editions, many defects are present that we'll be
addressing in the upcoming months. If you have any requests or would
like to report a defect, just write us back an email.


At the moment only the tag/value format is supported. On our context
there wasn't much demand for supporting the XML version. An SPDX
document generated by our tool writes more information that what the
standard prescribes. For example, we include the hashes for other
algorithms because they help us finding trails of specific files across
the web.


This tool is useful if you need a quick way to visually generate an
SPDX document from a set of files on your disk. We were already
developing this kind of tools in the past for forensic analysis
purposes, moved recently to embrace the SPDX format.


For more details and download, please visit
http://www.triplecheck.de/download/


With kind regards,
Nuno Brito


Re: TripleCheck 0.4

Manbeck, Jack
 

Nuno,

This is great news. I would like to list the tool on the SPDX website. If you agree here is a link to the information I need. You can email it to me direct and I can post it on the business team list if you do not have access.

http://wiki.spdx.org/view/Business_Team/Tool_Link_Request

best regards,

Jack Manbeck
SPDX Site Admin and Business Team Co-Chair

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito
Sent: Thursday, March 27, 2014 12:54 PM
To: spdx@...
Subject: TripleCheck 0.4

Dear SPDX group,

I'd like to announce the availability of a new SPDX editor/viewer.

Features:

- Create an SPDX document from:
-- a source code folder on disk
-- a zipped file on the network

- User interface:
-- Desktop UI
-- Access from a web browser

- Java based (tested under Windows and Linux)
- Tree navigation of files and folders
- Search features (name, hash, similar files)
- Basic SPDX editing features
- Metrics calculation (LOC, size, number of files)
- Basic license detection (detects GPL, LGPL, ...) headers in source code
- Learning function (supports plugins, new licenses, ...)

The tool is freeware, code is released under the open source EUPL.

These are the first editions, many defects are present that we'll be addressing in the upcoming months. If you have any requests or would like to report a defect, just write us back an email.


At the moment only the tag/value format is supported. On our context there wasn't much demand for supporting the XML version. An SPDX document generated by our tool writes more information that what the standard prescribes. For example, we include the hashes for other algorithms because they help us finding trails of specific files across the web.


This tool is useful if you need a quick way to visually generate an SPDX document from a set of files on your disk. We were already developing this kind of tools in the past for forensic analysis purposes, moved recently to embrace the SPDX format.


For more details and download, please visit http://www.triplecheck.de/download/


With kind regards,
Nuno Brito

--
email: nuno.brito@...
phone: +49 615 146 03187

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Unsubscribe

Lori Holmes <lori@...>
 

 


Re: Google Summer of Code 2014: There are 4 student applications but no mentors registered

mjherzog
 

SPDX Listers

I have sent Till the email addresses for Gary and Matt and notified them....Michael Herzog

On 3/28/2014 5:25 PM, Till Kamppeter wrote:
Hi,

I am Till Kamppeter, leader of OpenPrinting, and org admin for the GSoC
at the Linux Foundation.

We got 4 student applications on SPDX at the Linux Foundation.
Unfortunately no suitable mentor has signed up and no one of us is able
to evaluate these applications.

On the project ideas list

http://www.linuxfoundation.org/collaborate/workgroups/gsoc/gsoc-2014-spdx-projects

Gary O'Neall and Matt Germonprez appear as available mentors but no
e-mail addresses to contact them.

if you are not Gary or Matt, please forward this to them. It is very
important.

Gary, Matt (or if someone else wants to volunteer), if you are reading
this, please register as mentor going to

http://www.google-melange.com/gsoc/homepage/google/gsoc2014

Near the bottom is photo with many people on it and under it the text

Mentors & Administrators
Registration with participating organizations is now open.

and an orange button labeled "Start connection". Click the button,
follow the instructions, and choose "The Linux Foundation" as your
mentoring organization.

As soon as I see your request I will approve it and then you have access
to the applications. If you want to mentor a student, set the switch
"Wish to mentor" in this application to "YES". I will assign you then
and accept that application, making it eligible for getting a student
slot in this GSoC.

Tell me also which applications are not usable so that I can mark them
as to be ignored.

I have to know the number of applications to accept before April 7. So
register as soon as possible so that you have time to read and evaluate
the applications and also to interact with the students.

Thanks in advance.

Till
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Google Summer of Code 2014: There are 4 student applications but no mentors registered

Till Kamppeter <till.kamppeter@...>
 

Hi,

I am Till Kamppeter, leader of OpenPrinting, and org admin for the GSoC
at the Linux Foundation.

We got 4 student applications on SPDX at the Linux Foundation.
Unfortunately no suitable mentor has signed up and no one of us is able
to evaluate these applications.

On the project ideas list

http://www.linuxfoundation.org/collaborate/workgroups/gsoc/gsoc-2014-spdx-projects

Gary O'Neall and Matt Germonprez appear as available mentors but no
e-mail addresses to contact them.

if you are not Gary or Matt, please forward this to them. It is very
important.

Gary, Matt (or if someone else wants to volunteer), if you are reading
this, please register as mentor going to

http://www.google-melange.com/gsoc/homepage/google/gsoc2014

Near the bottom is photo with many people on it and under it the text

Mentors & Administrators
Registration with participating organizations is now open.

and an orange button labeled "Start connection". Click the button,
follow the instructions, and choose "The Linux Foundation" as your
mentoring organization.

As soon as I see your request I will approve it and then you have access
to the applications. If you want to mentor a student, set the switch
"Wish to mentor" in this application to "YES". I will assign you then
and accept that application, making it eligible for getting a student
slot in this GSoC.

Tell me also which applications are not usable so that I can mark them
as to be ignored.

I have to know the number of applications to accept before April 7. So
register as soon as possible so that you have time to read and evaluate
the applications and also to interact with the students.

Thanks in advance.

Till


Unsubscribe

Lori Holmes <lori@...>
 

 


TripleCheck 0.4

Nuno Brito
 

Dear SPDX group,

I'd like to announce the availability of a new SPDX editor/viewer.

Features:

- Create an SPDX document from:
-- a source code folder on disk
-- a zipped file on the network

- User interface:
-- Desktop UI
-- Access from a web browser

- Java based (tested under Windows and Linux)
- Tree navigation of files and folders
- Search features (name, hash, similar files)
- Basic SPDX editing features
- Metrics calculation (LOC, size, number of files)
- Basic license detection (detects GPL, LGPL, ...) headers in source code
- Learning function (supports plugins, new licenses, ...)

The tool is freeware, code is released under the open source EUPL.

These are the first editions, many defects are present that we'll be addressing in the upcoming months. If you have any requests or would like to report a defect, just write us back an email.


At the moment only the tag/value format is supported. On our context there wasn't much demand for supporting the XML version. An SPDX document generated by our tool writes more information that what the standard prescribes. For example, we include the hashes for other algorithms because they help us finding trails of specific files across the web.


This tool is useful if you need a quick way to visually generate an SPDX document from a set of files on your disk. We were already developing this kind of tools in the past for forensic analysis purposes, moved recently to embrace the SPDX format.


For more details and download, please visit http://www.triplecheck.de/download/


With kind regards,
Nuno Brito

--
email: nuno.brito@...
phone: +49 615 146 03187


CollabSummit rides

Philip Odence
 

This is a late thought, but perhaps helpful. I put up a “ride board” on the wiki for anyone who might have some room or need a ride to/from. 


641 - 660 of 1544