Date   

Re: Exclusion of NONE and NOASSERTION from ABNF

Terin Stock <terinjokes@...>
 

Kate:

I'm unsure of any use case where you would want to mix NONE or
NOASSERTION with either simple-expression or compound-expression in
the same package. You may however want to use these strings when
packaging code that has no license or where you are unsure of the
license.

In ABNF speak was thinking more along the lines of

license-expression = 1*1(simple-expression / compound-expression /
"NONE" / "NOASSERTION")
--
#Terin Stock


On Thu, Jun 11, 2015 at 9:07 AM, Kate Stewart
<kstewart@...> wrote:
Hi Terin,

On Thu, Jun 11, 2015 at 10:52 AM, Terin Stock <terinjokes@...> wrote:

The ABNF in Appendix IV of the 2.0 version of the specification allows for
short form identifiers, LicenseRef values or combinations to form a
license-expression. However the values "NONE" and "NOASSERTION" are not
valid in a license expression, despite their useful and defined meaning in
the specification.

There are tools that validate their license fields using a
license-expression (two such tools being the package managers npm and
composer, in JavaScript and PHP, respectfully), making the values "NONE" and
"NOASSERTION" invalid.

Are these two values excluded from the ABNF on purpose?

Can you give us a real life use case where either "NONE" or "NOASSERTION"
should be used in combination with other licenses?

If there's a compelling use case as to why it should be allowed, that can't
be expressed another way, we can certainly revisit adding it to the
specification if the folk on the legal team agree.

Thanks, Kate


Re: Exclusion of NONE and NOASSERTION from ABNF

Kate Stewart
 

Hi Terin,

On Thu, Jun 11, 2015 at 10:52 AM, Terin Stock <terinjokes@...> wrote:
The ABNF in Appendix IV of the 2.0 version of the specification allows for short form identifiers, LicenseRef values or combinations to form a license-expression. However the values "NONE" and "NOASSERTION" are not valid in a license expression, despite their useful and defined meaning in the specification.

There are tools that validate their license fields using a license-expression (two such tools being the package managers npm and composer, in JavaScript and PHP, respectfully), making the values "NONE" and "NOASSERTION" invalid.

Are these two values excluded from the ABNF on purpose?

Can you give us a real life use case where either "NONE" or "NOASSERTION" should be used in combination with other licenses?   

If there's a compelling use case as to why it should be allowed, that can't be expressed another way, we can certainly revisit adding it to the specification if the folk on the legal team agree. 
 
Thanks,  Kate


Exclusion of NONE and NOASSERTION from ABNF

Terin Stock <terinjokes@...>
 

The ABNF in Appendix IV of the 2.0 version of the specification allows for short form identifiers, LicenseRef values or combinations to form a license-expression. However the values "NONE" and "NOASSERTION" are not valid in a license expression, despite their useful and defined meaning in the specification.

There are tools that validate their license fields using a license-expression (two such tools being the package managers npm and composer, in JavaScript and PHP, respectfully), making the values "NONE" and "NOASSERTION" invalid.

Are these two values excluded from the ABNF on purpose?

--
Terin Stock


Thursday SPDX General Meeting with Special Presentation

Philip Odence
 

This should be a good one! In addition to the standard agenda, Gary O’Neall start us off speaking about some interesting SPDX happenings in the Javascript and Ruby communities:
Progress with SPDX in the JS and Ruby Communities has led to some new contributions in tools which makes it easier for developers of open source software to use the SPDX license list. Gary will talk about a new JSON format for the license list contributed by the communities. The NPM/NodeJS and RubyGems communities have adopted SPDX short names and the license expression language. They are putting tooling in place to check for and allow use of our license information.

GENERAL MEETING

Meeting Time: Thurs, June 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Presentation – Gary

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil


May SPDX General Meeting Minutes

Philip Odence
 

First, SPDX 2.0 has been released and is available on the website. A press release should be doing out very soon, if not today. As soon as that happens Jack will post a blog with a link to the release. Congrats and thanks to all who contributed to both the specification and the new release of the license list.


Best,
Phil

L. Philip Odence
General Manager Audit Services
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence




General Meeting/Minutes/2015-05-07

  • Attendance: 9
  • Lead by Phil Odence
  • Minutes of April meeting approved


Tech Team Report - Kate[edit]

  • 2.0 spec is out after some last minute tweaks
  • Already some ideas for next rev
  • Next foci
    • License classified as None and No Assertion
      • Needs coordination with the Legal Team, targeting Tech Team meeting on May 26
    • Snippets
    • Requirements of other communities
    • Apache tooling
  • Recent requests for on line tools
    • MikeD looking at facilities for running hosted tools on site
    • Need a java appserver

Legal Team Report - Jilayne[edit]

  • Working on consistency in None and No Assertion language
  • Post 2.0- A number of issues pushed out waiting for 2.0
    • Updated priorities page on the Wiki 
    • Starting to get people signed up to drive
    • Topics
      • Standard Headers, some issues that have arisen with new expression language approach
      • “Composite licenses” on list and how to handle
      • Cadence of versions, targeting quarterly


Biz Team Report - Jack[edit]

  • New version an associated materials up on site
    • Press release going out today
    • Blog from Phil and linking to press release
  • Linuxcon- mid August
    • Plugfest
    • 2.0 talk
  • Could really use examples, best practices
  • Biz team putting together a straw man for vision for messaging and collateral
    • Will dedicate a meeting to the discussion
    • Targeting revamping site to include/revlews before Linux


Cross Functional Topics - Phil[edit]

  • Future Presentations for General Meeting
    • TI
    • UNO
    • Would love to get other companies to share
      • GitHub? Gary pursuing next week
      • Samsung, Windriver?
      • Malcolm Bates, attorney in Barcelona running a local interest group
      • Possibly record


Attendees[edit]

  • Phil Odence, Black Duck
  • Jilayne Lovejoy, ARM
  • Mike Dolan, Linux Foundation
  • Mark Gisi, Wind River
  • Jack Manbeck, TI
  • Scott Sterling, Palamida
  • Gary O’Neill, SourceA
  • Kate Stewart, Linaro
  • Hassib Khanafer, Protecode


Thurs, SPDX General Meeting Reminder

Philip Odence
 

This should be a brief one. My aim has been to line up special topics or guest speakers for General Meetings, but I’ve not lined up one for this month. Please let me know if you would be willing to provide a 15 minute overview of what your organization is doing with SPDX. And/or if you know of another company that might have a good story to tell, please let me know.
Best,
Phil



GENERAL MEETING

Meeting Time: Thurs, May7, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil


SPDX April General Meeting Minutes

Philip Odence
 




General Meeting/Minutes/2015-04-02

  • Attendance: 10
  • Lead by Jilayne


Biz Team Report - Jack[edit]

  • Working with Linux Foundation to get press release for 2.0 together; need to come up with better way to represent increase in number of licenses in a meaningful way
    • timing for press release: perhaps around ApacheCon, which is in two weeks. Jack to check with Jennifer
  • Google Summer of Code - no spots for Linux Foundation due to Google rotating foundations instead of annual representation. Some other LF projects are doing fund-raising to pay for interns.
  • Starting next call: think about and plan some re-vamping of spdx.org website; have some ideas, but want to get it going so that it’s more interactive or by roles. 

Legal Team Report - Jilayne[edit]

  • 2.0 is live now and Git repository is tagged!
  • No legal call today, next call on April 16 - will discuss what’s up next after 2.0, priorities and projects to tackle for rest of 2015

Tech Team Report - Kate[edit]

  • Re: License expression syntax - some discrepancy - Mark to look at
  • Comments cleaned out of spec now for most part, a few have moved to Bugzilla
  • Jilayne to look through templates section
  • Review window for 2.0 is mostly over and as soon as last issue is resolved, will have check-point at next tech team call on Tuesday 
  • Once published, Jack to update website
  • update from Gary on tools: He’s doing some unit tests and hope to have something on the website in a week or so. The tools will be "beta quality" and any volunteers to help test would be greatly appreciated. I'll send out an email once I have the tools posted.


Cross Functional Topics - Phil[edit]

  • Mike from LF: may be some funding that could be put towards compliance related help for the community. One idea: for various build tools out there, are there things that can be done to make SPDX output easier? If so, what needs to be done, where to apply resources, etc. to help drive SPDX adoption at build time. 
    • Kate’s thoughts were maybe Android (and ecosystem, working with AOSP), Debian (in order to go into Ubuntu eco-system)
    • need: maybe 2 interns with mentor, then planning for long-term ownership?? more discussions needed
  • Had a call with Github re: SPDX License List adoption of full names and short identifiers, etc. and how they might leverage license list for their work. More coming hopefully
  • Future Presentations for General Meeting:
    • TI would be happy to after Collab - Jack is working on it and will follow-up with Phil
    • General call out to keep an ear out for people to present


Attendees[edit]

  • Jilayne Lovejoy, ARM
  • Hassib Khanafer, Protecode
  • Michael Herzog, NexB
  • Pierre, NexB
  • Jack Manbeck, TI
  • Bill Schillner, B
  • Scott Sterling, Palamida
  • Mike Dolan, Linux Foundation
  • Paul Madick, HP
  • Kate Stewart, Linaro


SPDX General Meeting Reminder

Philip Odence
 

First, I am happy to announce that Gary O’Neall is joining the SPDX Core Team. Gary has been heavily involved in leading SPDX from the outset. Although his focus has been on tools, he has made great contributions across the board to our efforts. Gary has agreed to join Kate as co-lead of the Tech Team. And, he will continue to be Gary the Tool Man. 

I have a conflict with tomorrow’s meeting. Jilayne has kindly volunteered to host in my absence.


GENERAL MEETING

Meeting Time: Thurs, April2, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Jilayne


Reminder: SPDX 2.0 Q&A call tomorrow

kate.stewart@...
 

Hi,
    Just a quick reminder we'll be having a Q&A session about the SPDX 2.0 Specification
tomorrow in the monthly general meeting at 11AM EDT/10 AM CDT/8AM PDT.

Details of the meeting are: 
When: Thursday, March 12, 2015 11:00 AM-12:00 PM. (UTC-05:00) Eastern Time (US & Canada)

DIAL IN:
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732

Conference code: 7812589502

For your convenience,  the overview slides we'll be using to frame the Q&A discussion 
are attached. 

Alternately you can review them from the following google document: SPDX 2.0 intro

Looking forward to talking to you tomorrow,
Kate


SPDX General Meeting

Philip Odence
 

When: Thursday, March 12, 2015 11:00 AM-12:00 PM. (UTC-05:00) Eastern Time (US & Canada)
Where: Bridge info enclosed

*~*~*~*~*~*~*~*~*~*
Reminder, the General Meeting has been moved to this Thursday.

DIAL IN:
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732

Conference code: 7812589502


MEETING MINUTES FOR REVIEW:  http://spdx.org/wiki/meeting-minutes-and-decisions


Re: Rescheduling important SPDX General Meeting

Philip Odence
 

Apologies, despite have read through carefully 3 times…I meant March 12. 

From: Phil Odence <podence@...>
Date: Wednesday, March 4, 2015 at 3:01 PM
To: "spdx@..." <spdx@...>, "spdx-legal@..." <spdx-legal@...>, "spdx-biz@..." <spdx-biz@...>, "spdx-tech@..." <spdx-tech@...>
Subject: Rescheduling important SPDX General Meeting

The Feb 5 meeting will be postponed 1 week to Thurs. Feb 12. (outside US, note that US will be on daylight savings time next week so the call will be an hour off of normal for you).

The main thrust of the call will be to answer questions about the SPDX 2.0 Spec. We’ll do a very compressed version of the team updates and spend most of the time discussing questions about the new spec and the license list (which has also gone through significant change). 

IMPORTANT: See the instructions below the meeting agenda and the attached copy of the spec, and please take time to review the spec in advance of the meeting. 

Lastly, unfortunately, I have a conflict, so Kate will chair.

Best, 
Phil



****************

GENERAL MEETING

Meeting Time: Thurs, Feb12, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Technical Team Report - Kate

Legal Team Report - Jilayne

Business Team Report – Jack

Cross Functional Issues – 2.0 Spec and License List Review - Kate





********



Greetings SPDX Community,

 

We are pleased to announce that the penultimate version of the SPDX 2.0 Specification and the new  SPDX License List are ready for community review.  With 2.0 there have been great strides forwards in the expressiveness of an SPDX document through relationships and the license expression syntax.

 

There will be a general question and answer session on these at the March 12th General Meeting.   Any comments regarding the material below should be submitted no later than March 23rd as directed below. We are hoping to finalize the material and officially release it at the April 2nd General Meeting. This should allow you plenty of time to do a thorough review. 

 

Background Information

---------------------------------

For an overview of the  2.0 requirements you may read this http://wiki.spdx.org/images/SPDX-TR-2014-3.v1.0.pdf

 

The Use Cases are documented on the Technical team wiki athttp://wiki.spdx.org/view/Technical_Team/Use_Cases/2.0

 

For a presentation given at LinuxCollab in February 2015 on changes to the specification go here. It’s a nice overview.

http://spdx.org/sites/spdx/files/publications/SPDX%202.0%20Collab%202015%20Presentation.pptx

 

Specification Review Material

------------------------------------

SPDX 2.0 Specification, dated 20150303 is attached to this email as a PDF for your convenience.     The same file is also available athttp://wiki.spdx.org/view/Technical_Team/SPDX_Specification_Versions

as SPDX-2.0rc3.pdf

 

The technical team would prefer comments were made in the google doc located athttps://docs.google.com/a/linaro.org/document/d/1wE_zvLU4c291ACi9wIJmQoE4ltKRW4rzM1TYiIvEVOs/edit#heading=h.x7jjfaxtluz1.

Comments may also be directed to the technical team mailing list at mailto: spdx-tech@... . You will need to be a member of the list to send an email.

The schema for the RDF can be found athttp://spdx.org/rdf/ontology/spdx-2-0-rev-12/ .

The model diagram can be found at  http://wiki.spdx.org/view/Technical_Team/Model_2_0. The model is a great way to see how all the old and new pieces fit together.

Tools

-------

The tools for the 2.0 Specification are located in the SPDX GIT repository.

 

To try them, you will need to download the source and build them.  You can access the repository here:http://git.spdx.org/?p=spdx-tools.git;a=snapshot;h=refs/heads/develop;sf=tgz

 

Instructions on building the tools can be found in the README.md file in the root directory of the source tree here: http://git.spdx.org/?p=spdx-tools.git;a=blob_plain;f=README.md;hb=5efe1f1e4727d7d7be48488225b68c65e71b84b9and here: http://spdx.org/publications/tool-documentation/how-to-use-the-software-package-document-exchange-spdx-tools

 

SPDX License List

-------------------------

The SPDX License List v2.0-rc3 and  can be reviewed at http://spdx.org/licenses/preview/ .  Due to the adoption of the License Expression Syntax, license exceptions have their own sub-list and some licenses have been deprecated.  Information for all of this can be linked to from this page.

 

The master files for the license list can be found here:  http://git.spdx.org/?p=license-list.git;a=summary

 

General information about the SPDX License List can be found here: http://spdx.org/spdx-license-list/license-list-overview

 

The Matching Guidelines can be found here:http://spdx.org/spdx-license-list/matching-guidelines

 

Feedback is welcome and can be sent to: spdx-legal@...  . You will need to be a member of the list to send an email.

 

Best regards,

 

SPDX Technical, Legal and Business Teams


Rescheduling important SPDX General Meeting

Philip Odence
 

The Feb 5 meeting will be postponed 1 week to Thurs. Feb 12. (outside US, note that US will be on daylight savings time next week so the call will be an hour off of normal for you).

The main thrust of the call will be to answer questions about the SPDX 2.0 Spec. We’ll do a very compressed version of the team updates and spend most of the time discussing questions about the new spec and the license list (which has also gone through significant change). 

IMPORTANT: See the instructions below the meeting agenda and the attached copy of the spec, and please take time to review the spec in advance of the meeting. 

Lastly, unfortunately, I have a conflict, so Kate will chair.

Best, 
Phil



****************

GENERAL MEETING

Meeting Time: Thurs, Feb12, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Technical Team Report - Kate

Legal Team Report - Jilayne

Business Team Report – Jack

Cross Functional Issues – 2.0 Spec and License List Review - Kate





********



Greetings SPDX Community,

 

We are pleased to announce that the penultimate version of the SPDX 2.0 Specification and the new  SPDX License List are ready for community review.  With 2.0 there have been great strides forwards in the expressiveness of an SPDX document through relationships and the license expression syntax.

 

There will be a general question and answer session on these at the March 12th General Meeting.   Any comments regarding the material below should be submitted no later than March 23rd as directed below. We are hoping to finalize the material and officially release it at the April 2nd General Meeting. This should allow you plenty of time to do a thorough review. 

 

Background Information

---------------------------------

For an overview of the  2.0 requirements you may read this http://wiki.spdx.org/images/SPDX-TR-2014-3.v1.0.pdf

 

The Use Cases are documented on the Technical team wiki athttp://wiki.spdx.org/view/Technical_Team/Use_Cases/2.0

 

For a presentation given at LinuxCollab in February 2015 on changes to the specification go here. It’s a nice overview.

http://spdx.org/sites/spdx/files/publications/SPDX%202.0%20Collab%202015%20Presentation.pptx

 

Specification Review Material

------------------------------------

SPDX 2.0 Specification, dated 20150303 is attached to this email as a PDF for your convenience.     The same file is also available athttp://wiki.spdx.org/view/Technical_Team/SPDX_Specification_Versions

as SPDX-2.0rc3.pdf

 

The technical team would prefer comments were made in the google doc located athttps://docs.google.com/a/linaro.org/document/d/1wE_zvLU4c291ACi9wIJmQoE4ltKRW4rzM1TYiIvEVOs/edit#heading=h.x7jjfaxtluz1.

Comments may also be directed to the technical team mailing list at mailto: spdx-tech@... . You will need to be a member of the list to send an email.

The schema for the RDF can be found athttp://spdx.org/rdf/ontology/spdx-2-0-rev-12/ .

The model diagram can be found at  http://wiki.spdx.org/view/Technical_Team/Model_2_0. The model is a great way to see how all the old and new pieces fit together.

Tools

-------

The tools for the 2.0 Specification are located in the SPDX GIT repository.

 

To try them, you will need to download the source and build them.  You can access the repository here:http://git.spdx.org/?p=spdx-tools.git;a=snapshot;h=refs/heads/develop;sf=tgz

 

Instructions on building the tools can be found in the README.md file in the root directory of the source tree here: http://git.spdx.org/?p=spdx-tools.git;a=blob_plain;f=README.md;hb=5efe1f1e4727d7d7be48488225b68c65e71b84b9and here: http://spdx.org/publications/tool-documentation/how-to-use-the-software-package-document-exchange-spdx-tools

 

SPDX License List

-------------------------

The SPDX License List v2.0-rc3 and  can be reviewed at http://spdx.org/licenses/preview/ .  Due to the adoption of the License Expression Syntax, license exceptions have their own sub-list and some licenses have been deprecated.  Information for all of this can be linked to from this page.

 

The master files for the license list can be found here:  http://git.spdx.org/?p=license-list.git;a=summary

 

General information about the SPDX License List can be found here: http://spdx.org/spdx-license-list/license-list-overview

 

The Matching Guidelines can be found here:http://spdx.org/spdx-license-list/matching-guidelines

 

Feedback is welcome and can be sent to: spdx-legal@...  . You will need to be a member of the list to send an email.

 

Best regards,

 

SPDX Technical, Legal and Business Teams


SPDX General Meeting Minutes

Philip Odence
 

Meeting minutes below.

Also, here’s information on SPDX participation at CollabSummit. Big thanks to Jack for pulling it all together. 



L. Philip Odence
General Manager Audit Services
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence




General Meeting/Minutes/2015-02-05

  • Attendance: 5
  • Lead by Phil Odence
  • Minutes of January meeting approved


Biz Team Report - Jack[edit]

  • Collab Summit
    • Agenda set
    • Tech Team will meet on Wed
    • Friday afternoon meeting
    • Jack will post 
  • Looking like 2.0 spec won’t be finalized
    • Likely to be the subject for Friday afternoon
  • Starting to gear up for another Google Summer of Code


Tech Team Report - Jack[edit]

  • Some delay in finalizing due to last minute issues arising
  • Has gotten very good detailed review by Tech Team
  • 2.0 will go out for community review prior to Collab


Legal Team Report - Jilayne[edit]

  • Beta LL list posted, feedback welcome


Cross Functional Topics - Phil[edit]

  • Future Presentations for General Meeting
    • TI would be happy to after Collab
    • Would love to get other companies to share


Attendees[edit]

  • Phil Odence, Black Duck
  • Jack Manbeck, TI
  • Hassib Khanafer, Protecode
  • Pierre LaPointe, nexB 
  • Kirsten Newcomer, Black Duck


Minutes from January SPDX General Meeting

Philip Odence
 

Again, thanks to Bruno Grasset from Valeo for a great presentation.
Hope to see everyone at CollabSummit. Time to make your plans. 


MINUTES



General Meeting/Minutes/2015-01-08

  • Attendance: 6
  • Lead by Phil Odence
  • Minutes of December meeting approved

Cross Functional Issues – Phil[edit]

  • Great Presentation from Bruno Grasset
  • He opened and closed with thanks to everyone involved with SPDX for providing something so useful to the industry
    • Valeo
      • Supplier to Automotive Industry- Autonomous Cars, Connected Car, Intuitive Control
      • Middle of complex supply chain
    • Why they think SPDX is important
      • Industry is “likes” standards, procedures, rules
      • Have an explicit program to ensure respecting licenses and meeting obligations in all products
      • Bruno is in charge of OSS compliance
    • How they use
      • License List
        • Internal policy started with the SPDX list
        • They use the SPDX license IDs in all of their documents and databases (including promoting publicly)
        • And they check any licenses anyone supplies against our standard text
      • Document Spec
        • Prototyped use internally
        • Have been looking for hierarchy, so 2.0 is important; evaluating in 2015
    • Future Intent
      • Large OEMs (car companies) are starting to require
      • Customer requirements are making this a priority in 2015
      • Will need to require from their own suppliers
      • Integration with Yocto is critical
      • Aiming for chain of trust, based on SPDX
    • Questions
      • When you evaluated SPDX, any features beyond hierarchy that they require?
        • Not yet mature enough to completely evaluate
      • How did you hear of? How can we promote?
        • LinuxCon Europe session- Bruno came then promoted internally. 
        • He expects that in his space that SPDX will catch on quickly because of car makers requirements
      • SPDX and Yocto- Is there only interest in Yocto integration or more general integration?
        • Broader interest in integrating into process


General Status - Phil[edit]

  • On track for 2.0 release at CollabSummit
  • Jack has been working hard to get a good agenda together
  • We will be sharing a room with OpenChain so that folks can participate in both
  • Looking forward to seeing everyone


Attendees[edit]

  • Phil Odence, Black Duck
  • Kirsten Newcomer, Black Duck
  • Matt Germonprez, UNO
  • Scott Sterling, Palamida
  • Gary O’Neill, SourceA
  • Bruno Grasset, Valeo


Reminder: Important Scheduling Announcement and Minutes from SPDX General Meeting

Philip Odence
 

The January meeting with be on Jan 8 at 8am PST, 11am EST, and 16:00 GMT.

We’ll start with Bruno Grasset from Valeo describing their use of SPDX. Please make every effort to join. His slides are attached.


Minutes from Dec meeting:



General Meeting/Minutes/2014-12-04

  • Attendance: 6
  • Lead by Phil Odence
  • Minutes of Nov meeting approved

Cross Functional Issues – Phil[edit]

  • Postponed presentation from Valeo to January 8


Biz Team Report - Phil[edit]

  • Mostly focused on Collab Summit agenda
    • Need to have rough agenda before holidays
    • Coordinating with Open Chain who will share our room for 1/2 day 
    • Plugfest will likely take different form
      • Anticipating tooling will not be fully in place
      • More manual testing 
    • Discussion: Ideas for sessions
      • SPDX 101 and 102 (the latter being update on 2.0)
      • Update on License List
      • 2.0 Tooling 


Legal Team Report - Paul[edit]

  • Beta LL list (targeting Dec 18) to include
    • Continuing to add new licenses
    • Deprecated licenses
    • Exceptions list & some FAQs
    • Templates


Tech Team Report - Scott[edit]

  • Heads down reviewing 2.0 spec
    • Cleaning up
    • Adding/improving examples
  • In pretty good shape


Attendees[edit]

  • Phil Odence, Black Duck
  • Paul Maddick, HP
  • Mike Dolan, Linux Foundation
  • Pierre LaPointe, nexB 
  • Scott Sterling, Palamida
  • Mark Gisi, Wind River


SPDX General Meeting

Philip Odence
 

When: Thursday, January 08, 2015 11:00 AM-12:00 PM. (UTC-05:00) Eastern Time (US & Canada)
Where: Bridge info enclosed

*~*~*~*~*~*~*~*~*~*
Rescheduling the January meeting as it would normally fall on New Year’s day. Reminder: We will have a presentation by Valeo on their use of SPDX.

***

DIAL IN:
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732

Conference code: 7812589502





Call for SPDX Presentations at the Linux Collaboration Summit

Philip Odence
 

Hello all,

If you have any interesting SPDX story to tell, even a short one, we would love to have you share it at the Collab Summit. 

The event is Feb 18-20 in Santa Rosa, California. http://events.linuxfoundation.org/events/collaboration-summit   We have dedicated track and room for SPDX for the full length of the conference and are now putting together a rough agenda (that will include 1/2 day that we will share our brethren in the OpenChain group).  There will be a mix of introductory/high level and deeper topics, maybe of interest only to those actively involved in our work group.

We would love to hear about how companies are using or planning to use SPDX and/or the License List. Even if it’s only a 10 minute tale, we could put you on a panel to share. Or, if you have a topic that is deeper into the technical guts of SPDX, that would of great interest as well.

If you have any interest at all, please contact Jack and Mikael who are roughing out an agenda later this week.

Thanks,
Phil

L. Philip Odence
Vice President and General Manager
Black Duck
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence




Important Scheduling Announcement and Minutes from SPDX General Meeting

Philip Odence
 

Scheduling
The January meeting with be on Jan 8 (normally it would fall on New Year’s Day)
 We have postponed the Valeo presentation to that meeting; please make every effort to join.

Minutes:



General Meeting/Minutes/2014-12-04

  • Attendance: 6
  • Lead by Phil Odence
  • Minutes of Nov meeting approved

Cross Functional Issues – Phil[edit]

  • Postponed presentation from Valeo to January 8


Biz Team Report - Phil[edit]

  • Mostly focused on Collab Summit agenda
    • Need to have rough agenda before holidays
    • Coordinating with Open Chain who will share our room for 1/2 day 
    • Plugfest will likely take different form
      • Anticipating tooling will not be fully in place
      • More manual testing 
    • Discussion: Ideas for sessions
      • SPDX 101 and 102 (the latter being update on 2.0)
      • Update on License List
      • 2.0 Tooling 


Legal Team Report - Paul[edit]

  • Beta LL list (targeting Dec 18) to include
    • Continuing to add new licenses
    • Deprecated licenses
    • Exceptions list & some FAQs
    • Templates


Tech Team Report - Scott[edit]

  • Heads down reviewing 2.0 spec
    • Cleaning up
    • Adding/improving examples
  • In pretty good shape


Attendees[edit]

  • Phil Odence, Black Duck
  • Paul Maddick, HP
  • Mike Dolan, Linux Foundation
  • Pierre LaPointe, nexB 
  • Scott Sterling, Palamida
  • Mark Gisi, Wind River


Re: Next week's SPDX General Meeting & Nov Meeting Minutes

Philip Odence
 

Attached are the slides for the Valeo presentation at the beginning of the meeting today. 

From: Phil Odence <podence@...>
Date: Wednesday, November 26, 2014 at 9:51 AM
To: "spdx@..." <spdx@...>
Subject: Re: Next week's SPDX General Meeting & Nov Meeting Minutes

corrected date…apologies

From: Phil Odence <podence@...>
Date: Wednesday, November 26, 2014 at 9:37 AM
To: "spdx@..." <spdx@...>
Subject: Next week's SPDX General Meeting & Nov Meeting Minutes

ANOTHER SPECIAL PRESENTATION: In addition to our normal agenda, I’ve asked my friend Bruno Grasset from Valeo to talk about his company’s adoption of SPDX. Valeo is one of the world’s largest suppliers to the automotive industry. Bruno runs Valeo's open source compliance program and one of the technical leaders of GENIVI. 

I’m trying to line up other speakers from complementary projects and companies using SPDX for future General Meetings…ideas welcome.


GENERAL MEETING

Meeting Time: Thurs, Dec 4, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Valeo Presentation


Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil




General Meeting/Minutes/2014-11-06

  • Attendance: 15+
  • Lead by Phil Odence
  • Minutes of October meeting approved

Cross Functional Issues, Special Presentation from Polarsys – Phil[edit]

  • Presentation from Polarsys COTSAQ project http://polarsys.org/proposals/cotsaq
    • OSS tool for managing software BoMs
    • SPDX connections
      • First will use SPDX License List
      • Connecting with code scanners through SPDX


Biz Team Report - Jack[edit]

  • Last call cancelled. Call in an hour.
  • Current focus is revamping the website homepage to guide new users


Legal Team Report - Jilayne[edit]

  • Working through 2.0 task list
  • Syncing with tech team schedule for release
  • Cross team topic- Standard Header field in list that applies to a subset of licenses (e.g. GPL, Apache)
    • Proposal is to remove the field as it becomes problematic with 2.0
    • Notice will go out to tech team/legal team


Tech Team Report - Kate[edit]

  • Fleshed out external SPDX document reference syntax. (currently sec 3.5, but may spin off to own section) and working on self reference (2.4)
  • Finishing off clarifying examples for relationship references (sec 8)
  • Extended the recognized checksums to include SHA256, MD5 (sec. 4.9, 6.4)
  • Decided to start off separate spec for inline references rather than include it in Appendix.
  • What's up for this month...
    • Gluing it all together and making available for other reviewers
    • Near term schedule: Draft Nov 14, feedback by Dec 1. 


Attendees[edit]

  • Phil Odence, Black Duck
  • Kirsten Newcomer, Black Duck
  • Pierre LaPonte, nexB 
  • Gary O’Neill, SourceA
  • Mark Gisi, Wind River
  • Scott Sterling, Palamida
  • Matt Germonprez, UNO
  • Jilayne Lovejoy, ARM 
  • Jack Manbeck, TI 
  • Mike Dolan, Linux Foundation
  • Paul Maddick, HP
  • Michael Herzog, nexB
  • Pierre G, AirBus
  • Others from project COTSAQ


Re: Next week's SPDX General Meeting & Nov Meeting Minutes

Philip Odence
 

corrected date…apologies

From: Phil Odence <podence@...>
Date: Wednesday, November 26, 2014 at 9:37 AM
To: "spdx@..." <spdx@...>
Subject: Next week's SPDX General Meeting & Nov Meeting Minutes

ANOTHER SPECIAL PRESENTATION: In addition to our normal agenda, I’ve asked my friend Bruno Grasset from Valeo to talk about his company’s adoption of SPDX. Valeo is one of the world’s largest suppliers to the automotive industry. Bruno runs Valeo's open source compliance program and one of the technical leaders of GENIVI. 

I’m trying to line up other speakers from complementary projects and companies using SPDX for future General Meetings…ideas welcome.


GENERAL MEETING

Meeting Time: Thurs, Dec 4, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Valeo Presentation


Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil




General Meeting/Minutes/2014-11-06

  • Attendance: 15+
  • Lead by Phil Odence
  • Minutes of October meeting approved

Cross Functional Issues, Special Presentation from Polarsys – Phil[edit]

  • Presentation from Polarsys COTSAQ project http://polarsys.org/proposals/cotsaq
    • OSS tool for managing software BoMs
    • SPDX connections
      • First will use SPDX License List
      • Connecting with code scanners through SPDX


Biz Team Report - Jack[edit]

  • Last call cancelled. Call in an hour.
  • Current focus is revamping the website homepage to guide new users


Legal Team Report - Jilayne[edit]

  • Working through 2.0 task list
  • Syncing with tech team schedule for release
  • Cross team topic- Standard Header field in list that applies to a subset of licenses (e.g. GPL, Apache)
    • Proposal is to remove the field as it becomes problematic with 2.0
    • Notice will go out to tech team/legal team


Tech Team Report - Kate[edit]

  • Fleshed out external SPDX document reference syntax. (currently sec 3.5, but may spin off to own section) and working on self reference (2.4)
  • Finishing off clarifying examples for relationship references (sec 8)
  • Extended the recognized checksums to include SHA256, MD5 (sec. 4.9, 6.4)
  • Decided to start off separate spec for inline references rather than include it in Appendix.
  • What's up for this month...
    • Gluing it all together and making available for other reviewers
    • Near term schedule: Draft Nov 14, feedback by Dec 1. 


Attendees[edit]

  • Phil Odence, Black Duck
  • Kirsten Newcomer, Black Duck
  • Pierre LaPonte, nexB 
  • Gary O’Neill, SourceA
  • Mark Gisi, Wind River
  • Scott Sterling, Palamida
  • Matt Germonprez, UNO
  • Jilayne Lovejoy, ARM 
  • Jack Manbeck, TI 
  • Mike Dolan, Linux Foundation
  • Paul Maddick, HP
  • Michael Herzog, nexB
  • Pierre G, AirBus
  • Others from project COTSAQ

661 - 680 of 1624