Date   

Re: Thursday SPDX General Meeting Reminder

Philip Odence
 

Thank you for the clarification Oliver. This kind of feedback it very helpful. 
We try out best to lay out the inclusion criteria here:
Also, it would be great if you, or someone from Siemens, would participate in our Legal Team meetings. In fact, we would welcome participation from Siemens on all of our teams. We try to schedule at times that are not too difficult for CET and if Europe participation increases, we are willing to look at moving the meeting, although we need to be mindful of having heavy west coast US participation as well.
Best regards,
Phil

L. Philip Odence
Vice President and General Manager
Black Duck
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence




From: "Fendt, Oliver" <oliver.fendt@...>
Date: Fri, 4 Jul 2014 08:26:25 +0000
To: Kate Stewart <kate.stewart@...>, Phil Odence <podence@...>, "spdx@..." <spdx@...>
Subject: AW: Thursday SPDX General Meeting Reminder

Hi all,

sorry for not being able to participate yesterday in the conf call.

I want to comment on one topic of the last minutes. The topic is:

o             Mikael delivered a workshop at Siemens

They didn't understand license request process

Mikael encouraged them to participate in SPDX  “

 

I want to thank Mikael for the presentation. He did a very well job and gave us an interesting talk although he had a flue.

In the Q&A part of his talk, I raised the point that at least for me the criteria a license has to fulfill to be accepted for inclusion in the SPDX® license list is not really transparent to me.

In the past I submitted several licenses, some were accepted and some not. That’s totally ok but and the reasons for not accepting those were not transparent to me, like “this is not really an Open Source license” although already some creative commons license instances are in the SPDX license list which are not compliant to the open source definition as well. Another license was not accepted because it has no version number.

When I raised the point to  Mikael I wanted to express that the process for submission is quite clear and we understand it, because it is well described. But it is not described what criteria are checked by the team in charge in order to decide whether the license will be included or not. It would really help (at least me) if these criteria are described because this would help me to save effort and submit in future only those which will meet al criteria.

I hope that the topic of the minutes is bit more clear now

 

regards

Oliver


Siemens AG
Corporate Technology
CT BE OP SWI OSS
Otto-Hahn-Ring 6
81739 München, Deutschland
Tel: +49 89 636-46033
mailto:oliver.fendt@...

Von: spdx-bounces@... [mailto:spdx-bounces@...] Im Auftrag von kate.stewart@...
Gesendet: Donnerstag, 3.
Juli 2014 17:01
An: Philip Odence; spdx@...
Betreff: Re: Thursday SPDX General Meeting Reminder

 

Appologies,  have a work conflict today and not able to join in.

 

Technical team activities:

-  work continues on spec.   Have resolved out file types,  file usage portions.

-  decision made to not include the RDF vocabulary in the SPEC going forward,  Gary is was having issues regenerating it in form suitable for inclusion, and prefers to go with a different tool in future.   Spec will be the master and refer to a static version, that will be on web site. 

 

On Wednesday, July 2, 2014 6:56 PM, Philip Odence <podence@...> wrote:

 

GENERAL MEETING

 

Meeting Time: Thurs, July 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 

 

Administrative Agenda

Attendance

 

Technical Team Report - Kate

 

 

Legal Team Report - Jilayne

 

 

Business Team Report – Jack

 

 

Cross Functional Issues – Phil

 

 

L. Philip Odence

Vice President and General Manager

Black Duck

8 New England Executive Park, Suite 211, Burlington MA 01803

Phone: 781.810.1819, Mobile: 781.258.9502

Skype: philip.odence

 

 

 

 

General Meeting/Minutes/2014-06-05

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of May meeting approved

Biz Team Report - Jack

  • Summer of Code- Lots of discussion on the Tech Team mailing list
  • Website- Jack and Matt are adding a page regarding University participation
  • LinuxCon- Working on getting a room
  • Website Statistics- Scott Lamons has volunteered to analyze on an ongoing basis and report to the Business Team
  • Vertical whitepapers in progress
  • Europe
    • Mikael delivered a workshop at Siemens
      • They didn't understand license request process
      • Mikael encouraged them to participate in SPDX
    • GENIVI- Mikael also promoted SPDX at the GENIVI All Members Meeting

Legal Team Report - Jilayne

  • Focus is on 2.0 deliverables
    • Fedora list
      • Worked through the list completely
      • Just a few remaining questions
    • New exceptions list is in process
    • In process of reviewing the website for how to present all the new developments

Tech Team Report - Gary

  • Very productive month
    • Kate heavily into spec drafting
    • Bug reports all combed through and assigned
    • All big issues addressed
  • Gary and Mark agreed that we are "on track" for delivery at LinuxCon
  • No clear due date for a draft from Kate

Cross Functional Issues – Phil

  • Working with Apache
    • Gary developed a Maven plugin to auto-generate an SPDX file
    • Getting some help from ASF members, but not a lot of pull
    • Now looking to attached to another group within Maven

 

Attendees

  • Phil Odence, Black Duck
  • Scott Sterling, Palamida
  • Jilanyne Lovejoy, ARM
  • Mark Gisi, Wind River
  • Matt Germonprez, UNO
  • Jack Manbeck, TI
  • Paul Madick, HP
  • Tom Incorvia, Microfocus
  • Gary O'Neall, Source Auditor
  • Mikael Söderberg, Pelagicore
  • Scott Lamons, HP 


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Thursday SPDX General Meeting Reminder

Oliver Fendt
 

Hi all,

sorry for not being able to participate yesterday in the conf call.

I want to comment on one topic of the last minutes. The topic is:

o             Mikael delivered a workshop at Siemens

They didn't understand license request process

Mikael encouraged them to participate in SPDX  “

 

I want to thank Mikael for the presentation. He did a very well job and gave us an interesting talk although he had a flue.

In the Q&A part of his talk, I raised the point that at least for me the criteria a license has to fulfill to be accepted for inclusion in the SPDX® license list is not really transparent to me.

In the past I submitted several licenses, some were accepted and some not. That’s totally ok but and the reasons for not accepting those were not transparent to me, like “this is not really an Open Source license” although already some creative commons license instances are in the SPDX license list which are not compliant to the open source definition as well. Another license was not accepted because it has no version number.

When I raised the point to  Mikael I wanted to express that the process for submission is quite clear and we understand it, because it is well described. But it is not described what criteria are checked by the team in charge in order to decide whether the license will be included or not. It would really help (at least me) if these criteria are described because this would help me to save effort and submit in future only those which will meet al criteria.

I hope that the topic of the minutes is bit more clear now

 

regards

Oliver


Siemens AG
Corporate Technology
CT BE OP SWI OSS
Otto-Hahn-Ring 6
81739 München, Deutschland
Tel: +49 89 636-46033
mailto:oliver.fendt@...

Von: spdx-bounces@... [mailto:spdx-bounces@...] Im Auftrag von kate.stewart@...
Gesendet: Donnerstag, 3.
Juli 2014 17:01
An: Philip Odence; spdx@...
Betreff: Re: Thursday SPDX General Meeting Reminder

 

Appologies,  have a work conflict today and not able to join in.

 

Technical team activities:

-  work continues on spec.   Have resolved out file types,  file usage portions.

-  decision made to not include the RDF vocabulary in the SPEC going forward,  Gary is was having issues regenerating it in form suitable for inclusion, and prefers to go with a different tool in future.   Spec will be the master and refer to a static version, that will be on web site. 

 

On Wednesday, July 2, 2014 6:56 PM, Philip Odence <podence@...> wrote:

 

GENERAL MEETING

 

Meeting Time: Thurs, July 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 

 

Administrative Agenda

Attendance

 

Technical Team Report - Kate

 

 

Legal Team Report - Jilayne

 

 

Business Team Report – Jack

 

 

Cross Functional Issues – Phil

 

 

L. Philip Odence

Vice President and General Manager

Black Duck

8 New England Executive Park, Suite 211, Burlington MA 01803

Phone: 781.810.1819, Mobile: 781.258.9502

Skype: philip.odence

 

 

 

 

General Meeting/Minutes/2014-06-05

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of May meeting approved

Biz Team Report - Jack

  • Summer of Code- Lots of discussion on the Tech Team mailing list
  • Website- Jack and Matt are adding a page regarding University participation
  • LinuxCon- Working on getting a room
  • Website Statistics- Scott Lamons has volunteered to analyze on an ongoing basis and report to the Business Team
  • Vertical whitepapers in progress
  • Europe
    • Mikael delivered a workshop at Siemens
      • They didn't understand license request process
      • Mikael encouraged them to participate in SPDX
    • GENIVI- Mikael also promoted SPDX at the GENIVI All Members Meeting

Legal Team Report - Jilayne

  • Focus is on 2.0 deliverables
    • Fedora list
      • Worked through the list completely
      • Just a few remaining questions
    • New exceptions list is in process
    • In process of reviewing the website for how to present all the new developments

Tech Team Report - Gary

  • Very productive month
    • Kate heavily into spec drafting
    • Bug reports all combed through and assigned
    • All big issues addressed
  • Gary and Mark agreed that we are "on track" for delivery at LinuxCon
  • No clear due date for a draft from Kate

Cross Functional Issues – Phil

  • Working with Apache
    • Gary developed a Maven plugin to auto-generate an SPDX file
    • Getting some help from ASF members, but not a lot of pull
    • Now looking to attached to another group within Maven

 

Attendees

  • Phil Odence, Black Duck
  • Scott Sterling, Palamida
  • Jilanyne Lovejoy, ARM
  • Mark Gisi, Wind River
  • Matt Germonprez, UNO
  • Jack Manbeck, TI
  • Paul Madick, HP
  • Tom Incorvia, Microfocus
  • Gary O'Neall, Source Auditor
  • Mikael Söderberg, Pelagicore
  • Scott Lamons, HP 


_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Thursday SPDX General Meeting Reminder

kate.stewart@...
 

Appologies,  have a work conflict today and not able to join in.

Technical team activities:
-  work continues on spec.   Have resolved out file types,  file usage portions.
-  decision made to not include the RDF vocabulary in the SPEC going forward,  Gary is was having issues regenerating it in form suitable for inclusion, and prefers to go with a different tool in future.   Spec will be the master and refer to a static version, that will be on web site. 


On Wednesday, July 2, 2014 6:56 PM, Philip Odence <podence@...> wrote:


GENERAL MEETING

Meeting Time: Thurs, July 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil


L. Philip Odence
Vice President and General Manager
Black Duck
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence



 

General Meeting/Minutes/2014-06-05

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of May meeting approved

Biz Team Report - Jack

  • Summer of Code- Lots of discussion on the Tech Team mailing list
  • Website- Jack and Matt are adding a page regarding University participation
  • LinuxCon- Working on getting a room
  • Website Statistics- Scott Lamons has volunteered to analyze on an ongoing basis and report to the Business Team
  • Vertical whitepapers in progress
  • Europe
    • Mikael delivered a workshop at Siemens
      • They didn't understand license request process
      • Mikael encouraged them to participate in SPDX
    • GENIVI- Mikael also promoted SPDX at the GENIVI All Members Meeting

Legal Team Report - Jilayne

  • Focus is on 2.0 deliverables
    • Fedora list
      • Worked through the list completely
      • Just a few remaining questions
    • New exceptions list is in process
    • In process of reviewing the website for how to present all the new developments

Tech Team Report - Gary

  • Very productive month
    • Kate heavily into spec drafting
    • Bug reports all combed through and assigned
    • All big issues addressed
  • Gary and Mark agreed that we are "on track" for delivery at LinuxCon
  • No clear due date for a draft from Kate

Cross Functional Issues – Phil

  • Working with Apache
    • Gary developed a Maven plugin to auto-generate an SPDX file
    • Getting some help from ASF members, but not a lot of pull
    • Now looking to attached to another group within Maven

Attendees

  • Phil Odence, Black Duck
  • Scott Sterling, Palamida
  • Jilanyne Lovejoy, ARM
  • Mark Gisi, Wind River
  • Matt Germonprez, UNO
  • Jack Manbeck, TI
  • Paul Madick, HP
  • Tom Incorvia, Microfocus
  • Gary O'Neall, Source Auditor
  • Mikael Söderberg, Pelagicore
  • Scott Lamons, HP 

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx



Thursday SPDX General Meeting Reminder

Philip Odence
 

GENERAL MEETING

Meeting Time: Thurs, July 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil


L. Philip Odence
Vice President and General Manager
Black Duck
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence



 

General Meeting/Minutes/2014-06-05

  • Attendance: 11
  • Lead by Phil Odence
  • Minutes of May meeting approved

Biz Team Report - Jack

  • Summer of Code- Lots of discussion on the Tech Team mailing list
  • Website- Jack and Matt are adding a page regarding University participation
  • LinuxCon- Working on getting a room
  • Website Statistics- Scott Lamons has volunteered to analyze on an ongoing basis and report to the Business Team
  • Vertical whitepapers in progress
  • Europe
    • Mikael delivered a workshop at Siemens
      • They didn't understand license request process
      • Mikael encouraged them to participate in SPDX
    • GENIVI- Mikael also promoted SPDX at the GENIVI All Members Meeting

Legal Team Report - Jilayne

  • Focus is on 2.0 deliverables
    • Fedora list
      • Worked through the list completely
      • Just a few remaining questions
    • New exceptions list is in process
    • In process of reviewing the website for how to present all the new developments

Tech Team Report - Gary

  • Very productive month
    • Kate heavily into spec drafting
    • Bug reports all combed through and assigned
    • All big issues addressed
  • Gary and Mark agreed that we are "on track" for delivery at LinuxCon
  • No clear due date for a draft from Kate

Cross Functional Issues – Phil

  • Working with Apache
    • Gary developed a Maven plugin to auto-generate an SPDX file
    • Getting some help from ASF members, but not a lot of pull
    • Now looking to attached to another group within Maven


Attendees

  • Phil Odence, Black Duck
  • Scott Sterling, Palamida
  • Jilanyne Lovejoy, ARM
  • Mark Gisi, Wind River
  • Matt Germonprez, UNO
  • Jack Manbeck, TI
  • Paul Madick, HP
  • Tom Incorvia, Microfocus
  • Gary O'Neall, Source Auditor
  • Mikael Söderberg, Pelagicore
  • Scott Lamons, HP 


SPDX General Meeting Reminder. Toda

Philip Odence
 

Sorry for the late reminder.

GENERAL MEETING

Meeting Time: Thurs, June 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- Attached below

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil


From: Phil Odence <podence@...>
Date: Tue, 13 May 2014 10:33:16 -0400
To: <spdx@...>
Subject: Minutes from May General Meeting

Next meeting is June 5 at the normal time. (11EDT)

General Meeting/Minutes/2014-05-01

  • Attendance: 9
  • Minutes of April meeting not yet complete/approved
  • Lead by Phil Odence


Tech Team Report - Kate

  • Following up on discussions from CollabSummit
    • Clarifying relationships between elements
    • Working big list
      • Includes features
      • Making sure everything designated for 2.0 is covered.
  • Still on track for LinuxCon


Biz Team Report - Jack (unable to attend, but provided written summary)

  • Focus on LinuxCon(s) and 2.0 Promotion
    • Aiming to support 2.0 announcement at LinuxCon NA
      • Phil/Jack and Gary/Jilayne submitting talks. Not sure of others.
    • Out reach through presentations, BoF, etc at LinuxCon Europe
  • Promoting 2 SPDX Reports to spdx.org
    • 2.0 Requirements Doc (Kirsten's)
    • Accessing the License List (Gary's)
  • Mikael will be presenting on SPDX at the GENIVI (automotive OSS community) All Members Meeting in Europe
  • Whitepapers are in process on automotive and embedded


Legal Team Report - Jilayne

  • License Expression Language went our for comment; a few received and incorporate, so it's final.
    • Templates and guidelines need to be updated to reflect
    • Exceptions list work is in process
    • In process of review spec to incorporate references to LL
  • Fedora list work continues and a special meeting is scheduled to target
  • Next License List release will be coincident with 2.0

Cross Functional Issues – Phil

  • Google Summer of Code
    • 4 project accepted
    • Phil working with Matt/Linux Foundation to promote via blogs
    • Biz team is updating the wiki and website with info (and a University participation section).


Attendees

  • Phil Odence, Black Duck
  • Scott Sterling, Palamida
  • Kirsten Newcomer, Black Duck
  • Jilanyne Lovejoy, ARM
  • Mark Gisi, Wind River
  • Matt Germonprez, UNO
  • Jack Manbeck, TI
  • Kate Stewart, Lenaro
  • Paul Madick, HP 


Minutes from May General Meeting

Philip Odence
 

Next meeting is June 5 at the normal time. (11EDT)

General Meeting/Minutes/2014-05-01

  • Attendance: 9
  • Minutes of April meeting not yet complete/approved
  • Lead by Phil Odence


Tech Team Report - Kate

  • Following up on discussions from CollabSummit
    • Clarifying relationships between elements
    • Working big list
      • Includes features
      • Making sure everything designated for 2.0 is covered.
  • Still on track for LinuxCon


Biz Team Report - Jack (unable to attend, but provided written summary)

  • Focus on LinuxCon(s) and 2.0 Promotion
    • Aiming to support 2.0 announcement at LinuxCon NA
      • Phil/Jack and Gary/Jilayne submitting talks. Not sure of others.
    • Out reach through presentations, BoF, etc at LinuxCon Europe
  • Promoting 2 SPDX Reports to spdx.org
    • 2.0 Requirements Doc (Kirsten's)
    • Accessing the License List (Gary's)
  • Mikael will be presenting on SPDX at the GENIVI (automotive OSS community) All Members Meeting in Europe
  • Whitepapers are in process on automotive and embedded


Legal Team Report - Jilayne

  • License Expression Language went our for comment; a few received and incorporate, so it's final.
    • Templates and guidelines need to be updated to reflect
    • Exceptions list work is in process
    • In process of review spec to incorporate references to LL
  • Fedora list work continues and a special meeting is scheduled to target
  • Next License List release will be coincident with 2.0

Cross Functional Issues – Phil

  • Google Summer of Code
    • 4 project accepted
    • Phil working with Matt/Linux Foundation to promote via blogs
    • Biz team is updating the wiki and website with info (and a University participation section).


Attendees

  • Phil Odence, Black Duck
  • Scott Sterling, Palamida
  • Kirsten Newcomer, Black Duck
  • Jilanyne Lovejoy, ARM
  • Mark Gisi, Wind River
  • Matt Germonprez, UNO
  • Jack Manbeck, TI
  • Kate Stewart, Lenaro
  • Paul Madick, HP 


Re: Help converting Fedora license IDs to SPDX format

J Lovejoy
 

Hi Richard (x2)!

Richard H - great to hear you are using the SPDX License List for identifying licenses in AppStream for a number of reasons. Your responses below are all correct in terms of understanding the SPDX License List, so I’ll only add a bit more info in regards to the issues you have come across.

As Phil mentioned in his response, the SPDX legal team is currently working through the Fedora Good License list (https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses) in order to identify where the SPDX License List is missing a license that is on the Fedora list. The inclination is to add any such licenses and try to align the SPDX short identifier with whatever Fedora had been using. However, for the reasons you and Richard F identified (e.g. I’ll call it the “MIT bucket,” identifying that Fedora uses to describe similar licenses) not all the short identifiers will align. I suspect we will end up with a “equivalency” document as part of the SPDX License List reference materials, for convenience. In any case, the next release of the SPDX License List is currently schedule to coincide with the release of 2.0 of the spec, so at that point you will see many additions to this end.

In regards to the exceptions, this is also something we are currently working on. As of 2.0, license exceptions will be treated as a modifier to the base license to better enable capturing the various exceptions that exist in the wild. An explanation of this change, as well as the bigger picture in regards to creating a better way to express complex licensing info for files was recently summarized here: http://article.gmane.org/gmane.comp.licenses.spdx.legal/855/match=expression

If you are not on the legal mailing list, please join!! (http://lists.spdx.org/mailman/listinfo/spdx-legal)

<<I have responded to both the general and legal mailing lists here, but subsequent discussion should move to the legal list only, where it will get more direct responses/discussion :)

Thanks!

Jilayne

SPDX Legal Team co-lead
opensource@...

On May 2, 2014, at 8:03 AM, Richard Hughes <hughsient@...> wrote:

On 2 May 2014 14:41, Richard Fontana <rfontana@...> wrote:
Also (based on what little documentation on AppStream that I looked at) it is unclear what the purposes are in the case of AppStream.
So, for AppStream the idea is to explain the licenses in the
user-facing software center, e.g. gnome-software or apper for KDE.
This would mean you could click on a link that says "GPLv3+" and get
sent to http://spdx.org/licenses/GPL-3.0+ rather than just having a
license string to look at and perhaps Google.

My knowledge of SPDX itself is limited, but if you look at:
http://spdx.org/spdx-license-list/matching-guidelines you will see
that SPDX is using license identifiers in an entirely different way
from how Fedora uses RPM metadata license identifiers.
Right. The idea is that you can define "upstream" what licenses your
software is using, rather than relying on the packager to work it out
and apply broad classification during the packaging step. I'm really
only doing this for applications not explicitly specifying what SPDX
licences they are using.

A good example, though not on your list probably because you assume it
is not problematic, is "MIT". For SPDX, this means
http://spdx.org/licenses/MIT#licenseText subject to the points made in
the SPDX matching guidelines.
Right.

For Fedora, however, "MIT" is supposed
to mean a wide range of different license texts (which SPDX would
surely treat as distinct, non-matching licenses) that were determined
by the Fedora Project to be what I myself might verbosely call "X
Window Project-descended license family licenses, particularly as
distinguished from BSD-family licenses" if I had to call it anything.
Yes, this is the fudge-factor I was talking about. Ideally we would
have all these MIT-variants as separate SPDX license IDs.

So for the ones you list, first of all for most of these there isn't
any SPDX license identifier anyway even if you ignore the issue I just
talked about, since the SPDX list is, at least at present, not meant
to be a comprehensive list of all licenses ever encountered in, say, a
conventional Linux distribution, but rather those that are "commonly
found". In your list, none of those are "commonly found" in that sense
except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to
correspond to SPDX AGPL-3.0, but not the "with exceptions" part which
has no SPDX license identifier counterpart.
Right.

(By contrast there are
some GPLv2 and GPLv3 SPDX license identifiers that include some
commonly-found permissive exceptions.)
Agreed, I didn't know whether the "with exceptions" AGPL thing
could/should be broken down any further for SPDX.

This is what Fedora "MIT" means some of the time but not all
of the time.
Yes, it's not ideal at all, but the data I'm presenting is more of an
interesting titbit of information about the application rather than a
comprehensive legal explanation. Apps are still free to specify a
special license ID of "libtiff with extensions" but it just won't be
hyperlinked in the front end tool.

Richard
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: Help converting Fedora license IDs to SPDX format

Richard Hughes
 

On 2 May 2014 14:41, Richard Fontana <rfontana@...> wrote:
Also (based on what little documentation on AppStream that I looked at) it is unclear what the purposes are in the case of AppStream.
So, for AppStream the idea is to explain the licenses in the
user-facing software center, e.g. gnome-software or apper for KDE.
This would mean you could click on a link that says "GPLv3+" and get
sent to http://spdx.org/licenses/GPL-3.0+ rather than just having a
license string to look at and perhaps Google.

My knowledge of SPDX itself is limited, but if you look at:
http://spdx.org/spdx-license-list/matching-guidelines you will see
that SPDX is using license identifiers in an entirely different way
from how Fedora uses RPM metadata license identifiers.
Right. The idea is that you can define "upstream" what licenses your
software is using, rather than relying on the packager to work it out
and apply broad classification during the packaging step. I'm really
only doing this for applications not explicitly specifying what SPDX
licences they are using.

A good example, though not on your list probably because you assume it
is not problematic, is "MIT". For SPDX, this means
http://spdx.org/licenses/MIT#licenseText subject to the points made in
the SPDX matching guidelines.
Right.

For Fedora, however, "MIT" is supposed
to mean a wide range of different license texts (which SPDX would
surely treat as distinct, non-matching licenses) that were determined
by the Fedora Project to be what I myself might verbosely call "X
Window Project-descended license family licenses, particularly as
distinguished from BSD-family licenses" if I had to call it anything.
Yes, this is the fudge-factor I was talking about. Ideally we would
have all these MIT-variants as separate SPDX license IDs.

So for the ones you list, first of all for most of these there isn't
any SPDX license identifier anyway even if you ignore the issue I just
talked about, since the SPDX list is, at least at present, not meant
to be a comprehensive list of all licenses ever encountered in, say, a
conventional Linux distribution, but rather those that are "commonly
found". In your list, none of those are "commonly found" in that sense
except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to
correspond to SPDX AGPL-3.0, but not the "with exceptions" part which
has no SPDX license identifier counterpart.
Right.

(By contrast there are
some GPLv2 and GPLv3 SPDX license identifiers that include some
commonly-found permissive exceptions.)
Agreed, I didn't know whether the "with exceptions" AGPL thing
could/should be broken down any further for SPDX.

This is what Fedora "MIT" means some of the time but not all
of the time.
Yes, it's not ideal at all, but the data I'm presenting is more of an
interesting titbit of information about the application rather than a
comprehensive legal explanation. Apps are still free to specify a
special license ID of "libtiff with extensions" but it just won't be
hyperlinked in the front end tool.

Richard


Re: Help converting Fedora license IDs to SPDX format

Richard Fontana
 

On Fri, May 02, 2014 at 12:53:30PM +0100, Richard Hughes wrote:
Hi all,

I hope I'm asking in the right place, if not please disregard this
message. When writing AppStream metadata I'm required to convert the
existing Fedora license tag to an SPDX-compatible string so it can be
made into a hyperlink and be clickable. Most license IDs are either
the same, or map between one and the other with a small fudge factor,
but I'm having problems finding SPDX licences for a few Fedora IDs.

The fedora license ID's that probably should map to something (ideas welcome!):

* Afmparse
* AGPLv3 with exceptions
* AGPLv3+ with exceptions
* libtiff
* mecab-ipadic
* Mup
* OpenPBS
* softSurfer
* Teeworlds
* TORQUEv1.1
* UCD
* Vim
* XSkat
* Baekmuk
* Bitstream Vera
* Crystal Stacker
* Liberation
* MgOpen
* mplus

There are a few things that don't make sense, e.g.
* Public Domain
* Copyright only
* Freely redistributable without restriction
* Redistributable, no modification permitted

If anyone knows of any existing SPDX IDs suitable for any of the
above, I'd be very grateful. Thanks.
I think the problem is that you are dealing with three different
notions of license identifiers, two of which are superficially the
same in that AppStream has decided to use SPDX identifiers for its own
purposes, if I understand correctly. Also (based on what little
documentation on AppStream that I looked at) it is unclear what the
purposes are in the case of AppStream.

My knowledge of SPDX itself is limited, but if you look at:
http://spdx.org/spdx-license-list/matching-guidelines you will see
that SPDX is using license identifiers in an entirely different way
from how Fedora uses RPM metadata license identifiers.

A good example, though not on your list probably because you assume it
is not problematic, is "MIT". For SPDX, this means
http://spdx.org/licenses/MIT#licenseText subject to the points made in
the SPDX matching guidelines. For Fedora, however, "MIT" is supposed
to mean a wide range of different license texts (which SPDX would
surely treat as distinct, non-matching licenses) that were determined
by the Fedora Project to be what I myself might verbosely call "X
Window Project-descended license family licenses, particularly as
distinguished from BSD-family licenses" if I had to call it anything.

So for the ones you list, first of all for most of these there isn't
any SPDX license identifier anyway even if you ignore the issue I just
talked about, since the SPDX list is, at least at present, not meant
to be a comprehensive list of all licenses ever encountered in, say, a
conventional Linux distribution, but rather those that are "commonly
found". In your list, none of those are "commonly found" in that sense
except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to
correspond to SPDX AGPL-3.0, but not the "with exceptions" part which
has no SPDX license identifier counterpart. (By contrast there are
some GPLv2 and GPLv3 SPDX license identifiers that include some
commonly-found permissive exceptions.)

So when you say "I'm required to convert the existing Fedora license
tag to an SPDX-compatible string so it can be made into a hyperlink
and be clickable", this is only meaningful if what you mean by "Most
license IDs are either the same, or map between one and the other with
a small fudge factor" is understood with my point about, e.g. the
significant distinction between SPDX "MIT" and Fedora "MIT" in
mind. And what would "MIT" hyperlink to -- the OSI version of the MIT
license? This is what Fedora "MIT" means some of the time but not all
of the time.

- Richard


Re: Help converting Fedora license IDs to SPDX format

Philip Odence
 

Richard,
I¹m moving you from the general SPDX list to the legal team. We are
actually in the middle of marching through the Fedora licenses and are
happy to work with you on this. You should be hearing shortly from someone
on our legal team.
Best,
Phil Odence
SPDX Chair

On 5/2/14, 7:53 AM, "Richard Hughes" <hughsient@...> wrote:

Hi all,

I hope I'm asking in the right place, if not please disregard this
message. When writing AppStream metadata I'm required to convert the
existing Fedora license tag to an SPDX-compatible string so it can be
made into a hyperlink and be clickable. Most license IDs are either
the same, or map between one and the other with a small fudge factor,
but I'm having problems finding SPDX licences for a few Fedora IDs.

The fedora license ID's that probably should map to something (ideas
welcome!):

* Afmparse
* AGPLv3 with exceptions
* AGPLv3+ with exceptions
* libtiff
* mecab-ipadic
* Mup
* OpenPBS
* softSurfer
* Teeworlds
* TORQUEv1.1
* UCD
* Vim
* XSkat
* Baekmuk
* Bitstream Vera
* Crystal Stacker
* Liberation
* MgOpen
* mplus

There are a few things that don't make sense, e.g.
* Public Domain
* Copyright only
* Freely redistributable without restriction
* Redistributable, no modification permitted

If anyone knows of any existing SPDX IDs suitable for any of the
above, I'd be very grateful. Thanks.

Richard
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Help converting Fedora license IDs to SPDX format

Richard Hughes
 

Hi all,

I hope I'm asking in the right place, if not please disregard this
message. When writing AppStream metadata I'm required to convert the
existing Fedora license tag to an SPDX-compatible string so it can be
made into a hyperlink and be clickable. Most license IDs are either
the same, or map between one and the other with a small fudge factor,
but I'm having problems finding SPDX licences for a few Fedora IDs.

The fedora license ID's that probably should map to something (ideas welcome!):

* Afmparse
* AGPLv3 with exceptions
* AGPLv3+ with exceptions
* libtiff
* mecab-ipadic
* Mup
* OpenPBS
* softSurfer
* Teeworlds
* TORQUEv1.1
* UCD
* Vim
* XSkat
* Baekmuk
* Bitstream Vera
* Crystal Stacker
* Liberation
* MgOpen
* mplus

There are a few things that don't make sense, e.g.
* Public Domain
* Copyright only
* Freely redistributable without restriction
* Redistributable, no modification permitted

If anyone knows of any existing SPDX IDs suitable for any of the
above, I'd be very grateful. Thanks.

Richard


Thursday SPDX General Meeting

Philip Odence
 

REMINDER – Call for talks
Although LinuxCon NA is a few months off (Chicago, Aug 20) we are just one week from the deadline for submitting talks (May 2). “SPDX” is specifically mentioned under suggested topics, and we would love to get a few submissions. Jack tapped me to co-submit an update on SPDX 2.0 and we are talking about doing a hands on session with tools, but there’s certainly room for other topics. In particular, it would be interesting to get some talks on usage. The crowd would be really interested to understand what you are doing in your company with SPDX.  If you don’t feel you have a full 40 minutes worth but would like to talk, let me and Jack know and perhaps we can pull together 3 or 4 mini presentations. 

Here’s the link for submitting:


GENERAL MEETING

Meeting Time: Thurs, May 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- Note, minutes have not yet been posted.


Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil




Call for Talks...SPDX to rock LinuxCon

Philip Odence
 

Although LinuxCon NA is a few months off (Chicago, Aug 20) we are just one week from the deadline for submitting talks (May 2). “SPDX” is specifically mentioned under suggested topics, and we would love to get a few submissions. Jack tapped me to co-submit an update on SPDX 2.0 and we are talking about doing a hands on session with tools, but there’s certainly room for other topics. In particular, it would be interesting to get some talks on usage. The crowd would be really interested to understand what you are doing in your company with SPDX.  If you don’t feel you have a full 40 minutes worth but would like to talk, let me and Jack know and perhaps we can pull together 3 or 4 mini presentations. 

Here’s the link for submitting:


Re: TripleCheck 0.4

Lamons, Scott (Open Source Program Office) <scott.lamons@...>
 

Nick,

While I've only spent ~15min with the tool, I was very impressed with the ease of use and the ability to install this and get almost immediate and useful! results. Great work! I'll keep you posted on my findings.

Best Regards,
Scott

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito
Sent: Monday, March 31, 2014 1:02 PM
To: Manbeck, Jack; spdx@...
Subject: RE: TripleCheck 0.4

Hi Jack,

Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software.

Will get back to this message as soon as possible.

With kind regards,
Nuno Brito

On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote:
Nuno,

This is great news. I would like to list the tool on the SPDX website.
If you agree here is a link to the information I need. You can email it
to me direct and I can post it on the business team list if you do not
have access.

http://wiki.spdx.org/view/Business_Team/Tool_Link_Request

best regards,

Jack Manbeck
SPDX Site Admin and Business Team Co-Chair


-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Nuno Brito
Sent: Thursday, March 27, 2014 12:54 PM
To: spdx@...
Subject: TripleCheck 0.4

Dear SPDX group,

I'd like to announce the availability of a new SPDX editor/viewer.

Features:

- Create an SPDX document from:
-- a source code folder on disk
-- a zipped file on the network

- User interface:
-- Desktop UI
-- Access from a web browser

- Java based (tested under Windows and Linux)
- Tree navigation of files and folders
- Search features (name, hash, similar files)
- Basic SPDX editing features
- Metrics calculation (LOC, size, number of files)
- Basic license detection (detects GPL, LGPL, ...) headers in source
code
- Learning function (supports plugins, new licenses, ...)

The tool is freeware, code is released under the open source EUPL.

These are the first editions, many defects are present that we'll be
addressing in the upcoming months. If you have any requests or would
like to report a defect, just write us back an email.


At the moment only the tag/value format is supported. On our context
there wasn't much demand for supporting the XML version. An SPDX
document generated by our tool writes more information that what the
standard prescribes. For example, we include the hashes for other
algorithms because they help us finding trails of specific files across
the web.


This tool is useful if you need a quick way to visually generate an
SPDX document from a set of files on your disk. We were already
developing this kind of tools in the past for forensic analysis
purposes, moved recently to embrace the SPDX format.


For more details and download, please visit
http://www.triplecheck.de/download/


With kind regards,
Nuno Brito
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Re: TripleCheck 0.4

Nuno Brito
 

Hi Jack,

I'd like to follow-up on this message if possible, the points from the requirement list were quoted to place my answers in context.


The tool must currently support SPDX (i.e. it is not a planned release).
Checked.


You have a page on your website that describes how the tool supports SPDX. This will be the link you provide in the Required Information below.
Checked.


Whether this is a community or commercial tool.
Community. Contributions from other developers interested in submitting additional license detection rules and fix defects are warmly welcome through github or email.

To clarify, I use this software on commercial practice to "scratch my own itch" [1] in the open source way of doing things.


A small logo which can be displayed. This is optional. If provided it must meet the following criteria
Attached to this message you find a TripleCheck with 251x122px as specified in the criteria


A short teaser of one or two sentences that describes your tool. No more than 160 characters including spaces
Straight-forward free tool to create SPDX reports right from your desktop.


A long description which can be up to a couple of paragraphs. Try not to get too verbose. You will have a link to your website for lengthy explanations.
The TripleCheck reporter is the ideal tool for a quick overlook of the licensing compliance status for a given set of source code files in your desktop computer (Windows, Linux, Mac OSX). If some license or copyright is not detected by the tool, you can easily add new rules by yourself. We are building a community around open source tooling and your help is welcome to grow the open database of licensing rules. Look for us on GitHub.


An http link to your site for access to the tool and information on how it supports SPDX.
http://www.triplecheck.de/download/



The current version of the tool is 0.6 so perhaps is better to omit version references and just call the tool "TripleCheck reporter". If there is anything else needed, please do let me know.

Just in case, I have prepared a short video showcasing the tool that you find at http://youtu.be/nljP6hC8xbc


With kind regards,
Nuno Brito

[1] http://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar#Lessons_for_creating_good_open_source_software

---
email: nuno.brito@...
phone: +49 615 146 03187

On 2014-03-31 20:44, Manbeck, Jack wrote:
Nuno,
This is great news. I would like to list the tool on the SPDX website.
If you agree here is a link to the information I need. You can email
it to me direct and I can post it on the business team list if you do
not have access.
http://wiki.spdx.org/view/Business_Team/Tool_Link_Request
best regards,
Jack Manbeck
SPDX Site Admin and Business Team Co-Chair


Re: Special SPDX General Meeting & V2.0 Overview this Thursday

Lamons, Scott (Open Source Program Office) <scott.lamons@...>
 

Gary,

 

Thanks for the great presentation today on SPDX 2.0 modeling.   I really like the evolutionary approach (i.e. adding the relationship functionality on top of what’s already in the 1.2 spec with minimal deprecation).   This will make migration much easier and it makes a lot of sense from a business perspective.  

 

And I appreciate you taking it down to a reasonably non-technical level!

 

Regards,

Scott

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Gary O'Neall
Sent: Wednesday, April 02, 2014 12:55 PM
To: 'Philip Odence'; spdx@...
Subject: RE: Special SPDX General Meeting & V2.0 Overview this Thursday

 

Greetings all.

 

Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call.   In the tech team we are starting to transition from working on the model to the specification itself.  I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.

 

Gary

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Tuesday, April 1, 2014 11:20 AM
To: spdx@...
Subject: Special SPDX General Meeting & V2.0 Overview this Thursday

 

For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.

 

AND, 

 

The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 

 

Administrative Agenda

Attendance

Approve Minutes- 

 

Technical Team Report - Kate

 

 

Legal Team Report - Jilayne

 

 

Business Team Report – Jack

 

 

Cross Functional Issues – Phil

V2.0 Overview- Gary O'Neall

 

 

 


Re: Special SPDX General Meeting & V2.0 Overview this Thursday

Gary O'Neall
 

Greetings all.

 

Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call.   In the tech team we are starting to transition from working on the model to the specification itself.  I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.

 

Gary

 

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Tuesday, April 1, 2014 11:20 AM
To: spdx@...
Subject: Special SPDX General Meeting & V2.0 Overview this Thursday

 

For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.

 

AND, 

 

The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 

 

Administrative Agenda

Attendance

Approve Minutes- 

 

Technical Team Report - Kate

 

 

Legal Team Report - Jilayne

 

 

Business Team Report – Jack

 

 

Cross Functional Issues – Phil

V2.0 Overview- Gary O'Neall

 

 

 


Special SPDX General Meeting & V2.0 Overview this Thursday

Philip Odence
 

For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.

AND, 

The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.


GENERAL MEETING

Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack


Cross Functional Issues – Phil
V2.0 Overview- Gary O'Neall




Re: TripleCheck 0.4

Nuno Brito
 

Hi Jack,

Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software.

Will get back to this message as soon as possible.

With kind regards,
Nuno Brito

On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote:
Nuno,

This is great news. I would like to list the tool on the SPDX website.
If you agree here is a link to the information I need. You can email it
to me direct and I can post it on the business team list if you do not
have access.

http://wiki.spdx.org/view/Business_Team/Tool_Link_Request

best regards,

Jack Manbeck
SPDX Site Admin and Business Team Co-Chair


-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Nuno Brito
Sent: Thursday, March 27, 2014 12:54 PM
To: spdx@...
Subject: TripleCheck 0.4

Dear SPDX group,

I'd like to announce the availability of a new SPDX editor/viewer.

Features:

- Create an SPDX document from:
-- a source code folder on disk
-- a zipped file on the network

- User interface:
-- Desktop UI
-- Access from a web browser

- Java based (tested under Windows and Linux)
- Tree navigation of files and folders
- Search features (name, hash, similar files)
- Basic SPDX editing features
- Metrics calculation (LOC, size, number of files)
- Basic license detection (detects GPL, LGPL, ...) headers in source
code
- Learning function (supports plugins, new licenses, ...)

The tool is freeware, code is released under the open source EUPL.

These are the first editions, many defects are present that we'll be
addressing in the upcoming months. If you have any requests or would
like to report a defect, just write us back an email.


At the moment only the tag/value format is supported. On our context
there wasn't much demand for supporting the XML version. An SPDX
document generated by our tool writes more information that what the
standard prescribes. For example, we include the hashes for other
algorithms because they help us finding trails of specific files across
the web.


This tool is useful if you need a quick way to visually generate an
SPDX document from a set of files on your disk. We were already
developing this kind of tools in the past for forensic analysis
purposes, moved recently to embrace the SPDX format.


For more details and download, please visit
http://www.triplecheck.de/download/


With kind regards,
Nuno Brito


Re: TripleCheck 0.4

Manbeck, Jack
 

Nuno,

This is great news. I would like to list the tool on the SPDX website. If you agree here is a link to the information I need. You can email it to me direct and I can post it on the business team list if you do not have access.

http://wiki.spdx.org/view/Business_Team/Tool_Link_Request

best regards,

Jack Manbeck
SPDX Site Admin and Business Team Co-Chair

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito
Sent: Thursday, March 27, 2014 12:54 PM
To: spdx@...
Subject: TripleCheck 0.4

Dear SPDX group,

I'd like to announce the availability of a new SPDX editor/viewer.

Features:

- Create an SPDX document from:
-- a source code folder on disk
-- a zipped file on the network

- User interface:
-- Desktop UI
-- Access from a web browser

- Java based (tested under Windows and Linux)
- Tree navigation of files and folders
- Search features (name, hash, similar files)
- Basic SPDX editing features
- Metrics calculation (LOC, size, number of files)
- Basic license detection (detects GPL, LGPL, ...) headers in source code
- Learning function (supports plugins, new licenses, ...)

The tool is freeware, code is released under the open source EUPL.

These are the first editions, many defects are present that we'll be addressing in the upcoming months. If you have any requests or would like to report a defect, just write us back an email.


At the moment only the tag/value format is supported. On our context there wasn't much demand for supporting the XML version. An SPDX document generated by our tool writes more information that what the standard prescribes. For example, we include the hashes for other algorithms because they help us finding trails of specific files across the web.


This tool is useful if you need a quick way to visually generate an SPDX document from a set of files on your disk. We were already developing this kind of tools in the past for forensic analysis purposes, moved recently to embrace the SPDX format.


For more details and download, please visit http://www.triplecheck.de/download/


With kind regards,
Nuno Brito

--
email: nuno.brito@...
phone: +49 615 146 03187

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

681 - 700 of 1590