SPDX General Meeting Reminder. Toda
Philip Odence
Sorry for the late reminder.
GENERAL MEETING
Meeting Time: Thurs, June 5, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes- Attached below
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil
From: Phil Odence <podence@...>
Date: Tue, 13 May 2014 10:33:16 -0400 To: <spdx@...> Subject: Minutes from May General Meeting Next meeting is June 5 at the normal time. (11EDT)
General Meeting/Minutes/2014-05-01
ContentsTech Team Report - Kate
Biz Team Report - Jack (unable to attend, but provided written summary)
Legal Team Report - Jilayne
Cross Functional Issues – Phil
Attendees
|
|
Minutes from May General Meeting
Philip Odence
Next meeting is June 5 at the normal time. (11EDT)
General Meeting/Minutes/2014-05-01
ContentsTech Team Report - Kate
Biz Team Report - Jack (unable to attend, but provided written summary)
Legal Team Report - Jilayne
Cross Functional Issues – Phil
Attendees
|
|
Re: Help converting Fedora license IDs to SPDX format
J Lovejoy
Hi Richard (x2)!
toggle quoted messageShow quoted text
Richard H - great to hear you are using the SPDX License List for identifying licenses in AppStream for a number of reasons. Your responses below are all correct in terms of understanding the SPDX License List, so I’ll only add a bit more info in regards to the issues you have come across. As Phil mentioned in his response, the SPDX legal team is currently working through the Fedora Good License list (https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses) in order to identify where the SPDX License List is missing a license that is on the Fedora list. The inclination is to add any such licenses and try to align the SPDX short identifier with whatever Fedora had been using. However, for the reasons you and Richard F identified (e.g. I’ll call it the “MIT bucket,” identifying that Fedora uses to describe similar licenses) not all the short identifiers will align. I suspect we will end up with a “equivalency” document as part of the SPDX License List reference materials, for convenience. In any case, the next release of the SPDX License List is currently schedule to coincide with the release of 2.0 of the spec, so at that point you will see many additions to this end. In regards to the exceptions, this is also something we are currently working on. As of 2.0, license exceptions will be treated as a modifier to the base license to better enable capturing the various exceptions that exist in the wild. An explanation of this change, as well as the bigger picture in regards to creating a better way to express complex licensing info for files was recently summarized here: http://article.gmane.org/gmane.comp.licenses.spdx.legal/855/match=expression If you are not on the legal mailing list, please join!! (http://lists.spdx.org/mailman/listinfo/spdx-legal) <<I have responded to both the general and legal mailing lists here, but subsequent discussion should move to the legal list only, where it will get more direct responses/discussion :) Thanks! Jilayne SPDX Legal Team co-lead opensource@...
On May 2, 2014, at 8:03 AM, Richard Hughes <hughsient@...> wrote:
On 2 May 2014 14:41, Richard Fontana <rfontana@...> wrote:Also (based on what little documentation on AppStream that I looked at) it is unclear what the purposes are in the case of AppStream.So, for AppStream the idea is to explain the licenses in the
|
|
Re: Help converting Fedora license IDs to SPDX format
On 2 May 2014 14:41, Richard Fontana <rfontana@...> wrote:
Also (based on what little documentation on AppStream that I looked at) it is unclear what the purposes are in the case of AppStream.So, for AppStream the idea is to explain the licenses in the user-facing software center, e.g. gnome-software or apper for KDE. This would mean you could click on a link that says "GPLv3+" and get sent to http://spdx.org/licenses/GPL-3.0+ rather than just having a license string to look at and perhaps Google. My knowledge of SPDX itself is limited, but if you look at:Right. The idea is that you can define "upstream" what licenses your software is using, rather than relying on the packager to work it out and apply broad classification during the packaging step. I'm really only doing this for applications not explicitly specifying what SPDX licences they are using. A good example, though not on your list probably because you assume itRight. For Fedora, however, "MIT" is supposedYes, this is the fudge-factor I was talking about. Ideally we would have all these MIT-variants as separate SPDX license IDs. So for the ones you list, first of all for most of these there isn'tRight. (By contrast there areAgreed, I didn't know whether the "with exceptions" AGPL thing could/should be broken down any further for SPDX. This is what Fedora "MIT" means some of the time but not allYes, it's not ideal at all, but the data I'm presenting is more of an interesting titbit of information about the application rather than a comprehensive legal explanation. Apps are still free to specify a special license ID of "libtiff with extensions" but it just won't be hyperlinked in the front end tool. Richard
|
|
Re: Help converting Fedora license IDs to SPDX format
Richard Fontana
On Fri, May 02, 2014 at 12:53:30PM +0100, Richard Hughes wrote:
Hi all,I think the problem is that you are dealing with three different notions of license identifiers, two of which are superficially the same in that AppStream has decided to use SPDX identifiers for its own purposes, if I understand correctly. Also (based on what little documentation on AppStream that I looked at) it is unclear what the purposes are in the case of AppStream. My knowledge of SPDX itself is limited, but if you look at: http://spdx.org/spdx-license-list/matching-guidelines you will see that SPDX is using license identifiers in an entirely different way from how Fedora uses RPM metadata license identifiers. A good example, though not on your list probably because you assume it is not problematic, is "MIT". For SPDX, this means http://spdx.org/licenses/MIT#licenseText subject to the points made in the SPDX matching guidelines. For Fedora, however, "MIT" is supposed to mean a wide range of different license texts (which SPDX would surely treat as distinct, non-matching licenses) that were determined by the Fedora Project to be what I myself might verbosely call "X Window Project-descended license family licenses, particularly as distinguished from BSD-family licenses" if I had to call it anything. So for the ones you list, first of all for most of these there isn't any SPDX license identifier anyway even if you ignore the issue I just talked about, since the SPDX list is, at least at present, not meant to be a comprehensive list of all licenses ever encountered in, say, a conventional Linux distribution, but rather those that are "commonly found". In your list, none of those are "commonly found" in that sense except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to correspond to SPDX AGPL-3.0, but not the "with exceptions" part which has no SPDX license identifier counterpart. (By contrast there are some GPLv2 and GPLv3 SPDX license identifiers that include some commonly-found permissive exceptions.) So when you say "I'm required to convert the existing Fedora license tag to an SPDX-compatible string so it can be made into a hyperlink and be clickable", this is only meaningful if what you mean by "Most license IDs are either the same, or map between one and the other with a small fudge factor" is understood with my point about, e.g. the significant distinction between SPDX "MIT" and Fedora "MIT" in mind. And what would "MIT" hyperlink to -- the OSI version of the MIT license? This is what Fedora "MIT" means some of the time but not all of the time. - Richard
|
|
Re: Help converting Fedora license IDs to SPDX format
Philip Odence
Richard,
toggle quoted messageShow quoted text
I¹m moving you from the general SPDX list to the legal team. We are actually in the middle of marching through the Fedora licenses and are happy to work with you on this. You should be hearing shortly from someone on our legal team. Best, Phil Odence SPDX Chair
On 5/2/14, 7:53 AM, "Richard Hughes" <hughsient@...> wrote:
Hi all,
|
|
Help converting Fedora license IDs to SPDX format
Hi all,
I hope I'm asking in the right place, if not please disregard this message. When writing AppStream metadata I'm required to convert the existing Fedora license tag to an SPDX-compatible string so it can be made into a hyperlink and be clickable. Most license IDs are either the same, or map between one and the other with a small fudge factor, but I'm having problems finding SPDX licences for a few Fedora IDs. The fedora license ID's that probably should map to something (ideas welcome!): * Afmparse * AGPLv3 with exceptions * AGPLv3+ with exceptions * libtiff * mecab-ipadic * Mup * OpenPBS * softSurfer * Teeworlds * TORQUEv1.1 * UCD * Vim * XSkat * Baekmuk * Bitstream Vera * Crystal Stacker * Liberation * MgOpen * mplus There are a few things that don't make sense, e.g. * Public Domain * Copyright only * Freely redistributable without restriction * Redistributable, no modification permitted If anyone knows of any existing SPDX IDs suitable for any of the above, I'd be very grateful. Thanks. Richard
|
|
Thursday SPDX General Meeting
Philip Odence
REMINDER – Call for talks
GENERAL MEETING
Meeting Time: Thurs, May 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes- Note, minutes have not yet been posted.
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil
|
|
Call for Talks...SPDX to rock LinuxCon
Philip Odence
Although LinuxCon NA is a few months off (Chicago, Aug 20) we are just one week from the deadline for submitting talks (May 2). “SPDX” is specifically mentioned under suggested topics, and we would love to get a few submissions. Jack tapped me to co-submit
an update on SPDX 2.0 and we are talking about doing a hands on session with tools, but there’s certainly room for other topics. In particular, it would be interesting to get some talks on usage. The crowd would be really interested to understand what you
are doing in your company with SPDX. If you don’t feel you have a full 40 minutes worth but would like to talk, let me and Jack know and perhaps we can pull together 3 or 4 mini presentations.
Here’s the link for submitting:
|
|
Re: TripleCheck 0.4
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Nick,
toggle quoted messageShow quoted text
While I've only spent ~15min with the tool, I was very impressed with the ease of use and the ability to install this and get almost immediate and useful! results. Great work! I'll keep you posted on my findings. Best Regards, Scott
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito Sent: Monday, March 31, 2014 1:02 PM To: Manbeck, Jack; spdx@... Subject: RE: TripleCheck 0.4 Hi Jack, Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software. Will get back to this message as soon as possible. With kind regards, Nuno Brito On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote: Nuno,_______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
|
|
Re: TripleCheck 0.4
Nuno Brito
Hi Jack,
I'd like to follow-up on this message if possible, the points from the requirement list were quoted to place my answers in context. The tool must currently support SPDX (i.e. it is not a planned release).Checked. You have a page on your website that describes how the tool supports SPDX. This will be the link you provide in the Required Information below.Checked. Whether this is a community or commercial tool.Community. Contributions from other developers interested in submitting additional license detection rules and fix defects are warmly welcome through github or email. To clarify, I use this software on commercial practice to "scratch my own itch" [1] in the open source way of doing things. A small logo which can be displayed. This is optional. If provided it must meet the following criteriaAttached to this message you find a TripleCheck with 251x122px as specified in the criteria A short teaser of one or two sentences that describes your tool. No more than 160 characters including spacesStraight-forward free tool to create SPDX reports right from your desktop. A long description which can be up to a couple of paragraphs. Try not to get too verbose. You will have a link to your website for lengthy explanations.The TripleCheck reporter is the ideal tool for a quick overlook of the licensing compliance status for a given set of source code files in your desktop computer (Windows, Linux, Mac OSX). If some license or copyright is not detected by the tool, you can easily add new rules by yourself. We are building a community around open source tooling and your help is welcome to grow the open database of licensing rules. Look for us on GitHub. An http link to your site for access to the tool and information on how it supports SPDX.http://www.triplecheck.de/download/ The current version of the tool is 0.6 so perhaps is better to omit version references and just call the tool "TripleCheck reporter". If there is anything else needed, please do let me know. Just in case, I have prepared a short video showcasing the tool that you find at http://youtu.be/nljP6hC8xbc With kind regards, Nuno Brito [1] http://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar#Lessons_for_creating_good_open_source_software --- email: nuno.brito@... phone: +49 615 146 03187 On 2014-03-31 20:44, Manbeck, Jack wrote: Nuno,
|
|
Re: Special SPDX General Meeting & V2.0 Overview this Thursday
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Gary,
Thanks for the great presentation today on SPDX 2.0 modeling. I really like the evolutionary approach (i.e. adding the relationship functionality on top of what’s already in the 1.2 spec with minimal deprecation). This will make migration much easier and it makes a lot of sense from a business perspective.
And I appreciate you taking it down to a reasonably non-technical level!
Regards, Scott
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Gary O'Neall
Greetings all.
Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call. In the tech team we are starting to transition from working on the model to the specification itself. I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.
Gary
From:
spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Philip Odence
For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.
AND,
The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.
GENERAL MEETING
Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Administrative Agenda Attendance Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil V2.0 Overview- Gary O'Neall
|
|
Re: Special SPDX General Meeting & V2.0 Overview this Thursday
Gary O'Neall
Greetings all.
Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call. In the tech team we are starting to transition from working on the model to the specification itself. I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.
Gary
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Tuesday, April 1, 2014 11:20 AM To: spdx@... Subject: Special SPDX General Meeting & V2.0 Overview this Thursday
For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.
AND,
The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.
GENERAL MEETING
Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Administrative Agenda Attendance Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil V2.0 Overview- Gary O'Neall
|
|
Special SPDX General Meeting & V2.0 Overview this Thursday
Philip Odence
For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As
a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.
AND,
The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business
folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.
GENERAL MEETING
Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil
V2.0 Overview- Gary O'Neall
|
|
Re: TripleCheck 0.4
Nuno Brito
Hi Jack,
toggle quoted messageShow quoted text
Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software. Will get back to this message as soon as possible. With kind regards, Nuno Brito
On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote:
Nuno,
|
|
Re: TripleCheck 0.4
Manbeck, Jack
Nuno,
toggle quoted messageShow quoted text
This is great news. I would like to list the tool on the SPDX website. If you agree here is a link to the information I need. You can email it to me direct and I can post it on the business team list if you do not have access. http://wiki.spdx.org/view/Business_Team/Tool_Link_Request best regards, Jack Manbeck SPDX Site Admin and Business Team Co-Chair
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito Sent: Thursday, March 27, 2014 12:54 PM To: spdx@... Subject: TripleCheck 0.4 Dear SPDX group, I'd like to announce the availability of a new SPDX editor/viewer. Features: - Create an SPDX document from: -- a source code folder on disk -- a zipped file on the network - User interface: -- Desktop UI -- Access from a web browser - Java based (tested under Windows and Linux) - Tree navigation of files and folders - Search features (name, hash, similar files) - Basic SPDX editing features - Metrics calculation (LOC, size, number of files) - Basic license detection (detects GPL, LGPL, ...) headers in source code - Learning function (supports plugins, new licenses, ...) The tool is freeware, code is released under the open source EUPL. These are the first editions, many defects are present that we'll be addressing in the upcoming months. If you have any requests or would like to report a defect, just write us back an email. At the moment only the tag/value format is supported. On our context there wasn't much demand for supporting the XML version. An SPDX document generated by our tool writes more information that what the standard prescribes. For example, we include the hashes for other algorithms because they help us finding trails of specific files across the web. This tool is useful if you need a quick way to visually generate an SPDX document from a set of files on your disk. We were already developing this kind of tools in the past for forensic analysis purposes, moved recently to embrace the SPDX format. For more details and download, please visit http://www.triplecheck.de/download/ With kind regards, Nuno Brito -- email: nuno.brito@... phone: +49 615 146 03187 _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
|
|
Unsubscribe
Lori Holmes <lori@...>
|
|
Re: Google Summer of Code 2014: There are 4 student applications but no mentors registered
mjherzog
SPDX Listers
toggle quoted messageShow quoted text
I have sent Till the email addresses for Gary and Matt and notified them....Michael Herzog
On 3/28/2014 5:25 PM, Till Kamppeter wrote:
Hi,
|
|
Google Summer of Code 2014: There are 4 student applications but no mentors registered
Till Kamppeter <till.kamppeter@...>
Hi,
I am Till Kamppeter, leader of OpenPrinting, and org admin for the GSoC at the Linux Foundation. We got 4 student applications on SPDX at the Linux Foundation. Unfortunately no suitable mentor has signed up and no one of us is able to evaluate these applications. On the project ideas list http://www.linuxfoundation.org/collaborate/workgroups/gsoc/gsoc-2014-spdx-projects Gary O'Neall and Matt Germonprez appear as available mentors but no e-mail addresses to contact them. if you are not Gary or Matt, please forward this to them. It is very important. Gary, Matt (or if someone else wants to volunteer), if you are reading this, please register as mentor going to http://www.google-melange.com/gsoc/homepage/google/gsoc2014 Near the bottom is photo with many people on it and under it the text Mentors & Administrators Registration with participating organizations is now open. and an orange button labeled "Start connection". Click the button, follow the instructions, and choose "The Linux Foundation" as your mentoring organization. As soon as I see your request I will approve it and then you have access to the applications. If you want to mentor a student, set the switch "Wish to mentor" in this application to "YES". I will assign you then and accept that application, making it eligible for getting a student slot in this GSoC. Tell me also which applications are not usable so that I can mark them as to be ignored. I have to know the number of applications to accept before April 7. So register as soon as possible so that you have time to read and evaluate the applications and also to interact with the students. Thanks in advance. Till
|
|
Unsubscribe
Lori Holmes <lori@...>
|
|