|
FOSSology+SPDX [Crossposting]
Matt Germonprez <germonprez@...>
Hi everyone, Not sure if you saw this thread over at FOSSology. I think it might be of interest to SPDX too. Regards, Matt ************ Hi All, Bob,
This is Kotrappa, from Wipro Technologies India. We are using Fossology on a local sever for scanning some of packages for License/copyright info. Recently we have installed Fossology+SPDX module on a local PC, and this gives spdx results as well.
Spdx.org gives open source tools to convert .rdf to .spdx, .spdx to .rdf, .xls to.rdf etc. Reference http://spdx.org/spdx-tools/tools-from-the-spdx-workgroup
We would like to know after Fossology+SPDX scans a package and gives results in sdpx format, Is there any command line tools to execute on command prompt in Local PC using localhost server running Fossology agents to get results in spdx format. ( Please note I cannot use Web Interface version of https://fossologyspdx.ist.unomaha.edu/?mod=Default because packages cannot be uploaded to public)
I mean, I should be able to get results something like mypackage_name.spdx or mypackage_name.rdf which complies with SPDX format specified in spdx.org, which I can use as an input to spdx open source tools for conversion, comparison etc.
Please help.
Best regards Kotrappa. ************
Hi Kotrappa, I’m confused why you mention that you cannot use fossologyspdx.ist.unomaha.edu since you have installed the spdx module on your own local machine. You shouldn’t have to use the unomaha machine since you have it installed locally.
Since you have installed the FOSSology+SPDX module on your local PC, then you can create spdx files (tag files). That option is the default but is specified in the “Output File Type” pull down on the SPDX Edit screen. So though we call it a .tag file, I think that is the same as the .spdx file.
The command line (web api) doc is at: However, this does not generate the full .spdx (tag) output. If I have not understood your question completely, please ask again. Liang Cao is the author of the SPDX module and he is on this list as well. Thanks, Bob Gobeille ************ Hi Kotrappa,
Liang Cao has added an option to generate a full SPDX document in TAG format from the command line. He has also provided a nice overview of how to work with the source.
The source is pushed to here: The documentation is here: [fullSPDXFlag]: true/false. Only when this option is set to "true", low definition version of the full SPDX contents are output. Skipping this option equals setting it to "false." This option should be set to "true" when you want to generate an SPDX document from the command line. wget -qO - --no-check-certificate --post-file=./[mypackagename] --timeout=0 "https://domain/?mod=spdx_license_once&noCopyright=false&jsonOutput=false&fullSPDXFlag=true&packageNameInLog=[mypackagename]" > [mypackagename].spdx for example: wget -qO - --no-check-certificate --post-file=./time-1.7.tar --timeout=0 "https://fossologyspdx.ist.unomaha.edu/?mod=spdx_license_once&noCopyright=false&jsonOutput=false&fullSPDXFlag=false&packageNameInLog=time-1.7.tar" > time-1.7.tar.spdx If you have any questions, please feel free to contact me or Liang. We are happy to help. Regards, Matt Germonprez and Liang Cao Mutual of Omaha Associate Professor of Information Systems
|
|
|
|
Reminder- SPDX General Meeting Pushed to Thurs, Feb 13
Philip Odence
Meeting Time: Thurs, Feb 13,
8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues –
Phil
|
|
|
|
Registration Information for Linux Collab Summit in March and SPDX Meetings
Manbeck, Jack
All,
The Linux Collaboration summit is this coming March, 26-28th. There will be a technical team meeting prior to the summit on the 25th to do a deep dive on the SPDX 2.0 data model and a session for SPDX on Friday (still working to secure the room). As the Agendas firm up we will post them.
To register for the conference use this link:
https://www.regonline.com/register/login.aspx?eventID=1250683
When registering use the SPDX workgroup code SPDX14LFCS and choose the "Invitation Acceptance" registration type.
We hope to see many of you there.
Best regards,
Jack Manbeck Business Team Co-Chair
|
|
|
|
SPDX General Meeting
Philip Odence
When: Thursday, February 13, 2014 11:00 AM-12:00 PM. (UTC-05:00) Eastern Time (US & Canada) Where: Bridge info enclosed *~*~*~*~*~*~*~*~*~* Due to lack availability of some of the team leads, we are pushing this occurrence of the General Meeting out 1 week. This is a one time move; we'll be back to the normal first Thursday cadence in March.
I am not sure everyone on the General Meeting mailing list has this invitation on the calendar. Please excuse the redundancy of my sending out a separate notice to the list, which I will do on Monday.
**********
Please accept so this recurring meeting is on your calendar, however no need to respond.
DIAL IN:
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732 Conference code: 7812589502
MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions
|
|
|
|
Introduction
Daniel Hamacher <danielhamacher.dh@...>
Hello SPDX Team, my name is Daniel and I am a second year University student. I would like to get involved in OpenSource and I got interested in this project. I looked through the Bug list and found item #1129 which I would like to work on. What do I need to do to get assigned to this item or any other item in the future?
Thanks, Daniel
|
|
|
|
SPDX Virtual General Meeting and Schedules
Philip Odence
GENERAL MEETING
As per my previous email, the January General Meeting was virtual, i.e. written reports from the team leads:
BUSINESS AND LEGAL TEAM SCHEDULES
The teams will continue to alternate the Thursday slot at the same time. First meetings of the year are as follows:
Business Team- January 16
Legal Team- January 23
BLOG
I posted a New Year's blog looking forward to 2014: http://spdx.org/news/2014-01-02/ring-in-the-new
|
|
|
|
FW: WTFPL(-2.0) license entry
Philip Odence
Forwarding to SPDX legal list for any discussion. BCC SPDX general list,
toggle quoted messageShow quoted text
as FYI that legal list will handle.
On 12/27/13 9:25 AM, "Jan Engelhardt" <jengelh@...> wrote:
|
|
|
|
WTFPL(-2.0) license entry
Jan Engelhardt <jengelh@...>
The SPDX license list at http://spdx.org/licenses/ has an entry
Do What The F*ck You Want To Public License WTFPL There are multiple versions of the WTFPL around, and the SPDX entry shows the WTFPL version 2.0 text. In spirit of the SPDX naming of all the remaining licenses, the "WTFPL" entry should be renamed to "WTFPL-2.0".
|
|
|
|
January SPDX General Meeting Goes Virtual - PLEASE READ
Philip Odence
Because the General Meeting falls on Jan 2 and a number of folks will be out or just back from long holidays, we'll do this one virtually, i.e. I will ask all the team leads to provide team updates to me via email and I will issue minutes and solicit comment/thoughts
on this list.
In the meantime, some recommended reading:
I wrote a blog on the state of SPDX (and am still planning another to wrap the year…we'll see): http://spdx.org/news/2013-11-14/spdx...how-are-we-doing Finally, keep your eyes open for a v2.0 requirements doc that Kirsten Newcomer has been pulling together at the behest of the Business Team (and with review by the Tech Team).
Meeting Time: Thurs, Jan 2,
8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues –
Phil
|
|
|
|
article about SPDX in IFOSS Law Review
Jilayne Lovejoy <lovejoylids@...>
Hi All,
The latest edition of the IFOSS Law Review is now available: http://www.ifosslr.org/ifosslr/issue/current and includes an article about SPDX!! Happy Holidays,
|
|
|
|
TR: FOSS: next steps
RUFFIN MICHEL
On Wednesday the OMG held a meeting on standardisation issues between organizations on FOSS issues. It was a kick-off meeting on the topic I would like to invite you to be part of the discussion if interested. To do so you need to send an email to request@... to be part of the FOSS OMG mailing list Bellow is an email of Richard Soley CEO of OMG
Michel
The agenda for the day, including presentation materials used, is at
http://www.omg.org/news/meetings/tc/ca-13/special-events/FOSS.htm
|
|
|
|
SPDX Thursday General Meeting Reminder
Philip Odence
Meeting Time: Thurs, Dec 5,
8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues –
Phil
|
|
|
|
Nov General Meeting Minutes
Philip Odence
Just posted the minutes:
Special note:
Thanks,
Phil
L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
|
|
|
|
SPDX Cloud Server now supports SPDX 1.2 file creation
Sameer Ahmed
Hi All,
Wind River just released SPDX 1.2 support for its free SPDX file creation cloud server.
Here is what’s new: · Supports newly released SPDX 1.2 format. · Improved Analysis Quality – Added several new license detector agents to improve expert system analysis engine. · SPDX data now available in an easy to view spreadsheet format. · Upload your own package or now choose from a collection of preloaded sample packages (e.g., Apache Server, U-boot…)
You can create an SPDX 1.2 file for free by going to: http://spdx.windriver.com
Regards,
Sameer Ahmed | Member of Technical Staff - App | Wind River Email: sameer.ahmed@...
|
|
|
|
Thursday SPDX General Meeting
Philip Odence
First some announcements:
News from the Linux Events in Europe
SPDX 1.2 Press Release: http://www.linuxfoundation.org/news-media/announcements/2013/10/linux-foundation%E2%80%99s-spdx-workgroup-releases-new-version-software
Wind River Presentation on SPDX and Yocto at the Embedded Linux Conference: http://events.linuxfoundation.org/sites/events/files/slides/2013_ELC-E_YP_SPDX.pdf
I also ran a BoF at LinuxCon and presented in intro to SPDX at the Automotive Grade Linux Conference
****
Meeting Time: Thurs, Nov 7,
8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues –
Phil
|
|
|
|
(No subject)
RUFFIN MICHEL
Dear all,
The OMG (Object Management group) is organizing a workshop on standardizing open source governance practices on December 11 in Santa Clara (CA) http://www.omg.org/news/meetings/tc/ca-13/special-events/FOSS.htm
We would like to invite the members of the SPDX group to participate. From my discussions with a lot of companies since two years on this topic, there is more and more interested parties.
Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France
|
|
|
|
1.2 and BoF Report
Philip Odence
It's official, 1.2 is up. Again, huge thanks to all who contributed. Credit Mark Gisi with finding this apt quote:
I had a good BoF session with folks from Intel, Qualcomm, HP, Orange, Valeo, and others. There were about 12 including a reporter from Munich. I thought this was a terrific turnout given that it was at the end of a long day and directly competed with the
beer/wine and appetizers.I went through a presentation, but it was much more of a discussion and there was healthy discussion of just about every slide; we went for an hour and could have gone longer. At least a couple of the participants indicated enough
interest to get involved and help. We'll see.
|
|
|
|
1.2 Announced at LinuxCon Europe
Philip Odence
I was going to hold of until the press release tomorrow, but Jim Zemlin jumped the gun slightly, prominently featuring the SPDX 1.2 release in his keynote this morning. Sorry I wasn't quicker getting my camera out, or I would include a pic. The press release
is scheduled for 9am UK time Tuesday.
Big thanks and congrats to Kate and the Technical Team for achieving this milestone. And honorable mentions to Jilayne and the Legal team and Jack & Scott and the Business Team for their support.
Will let you know how my SPDX BoF goes, but keep expectations in check as I seem to be competing with free (as in free beer) beer during my early evening timeslot.
Best,
Phil
|
|
|
|
SPDX 1.2 - final review - input needed by Oct 18 EOD.
kate.stewart@...
Dear SPDX participants, The attached specification has all the bugzilla issues targetted to be resolved in SPDX 1.2 addressed, so its pretty close (if no significant feedback in the next few days) we'll be publishing. The changes since 1.1 have primarily involved standardizing some additional fields for supporting the supply chain information needs, resolving issues that were found at the bakeoff at Collab by the participants, and giving more flexibility on naming of the licence references that aren't in the SPDX license list ( which has been updated too! ). There is also a new appendix on the License Template that is being used in the license list. If you have a chance to review it, and spot something that should be fixed: 1) If its a typo, spelling, or grammar issue - please send me the page number and description of what should be changed in an email. I'll do my best to incorporate it in the final pass on Saturday. 2) If its a problem with the fields and content or a
suggestion for further improvement, please open a bug in bugzilla [1]. 3) If you have a question that doesn't fall into one of the two above cases, please feel free to email spdx-tech@... A very big THANK YOU to all of the bakeoff participants and users of the SPDX 1.1 specification who opened bugs, as well as the tech-team members who worked out fixes for the issues. In particular, I'd like to thank Bill Schineller, Gary O'Neall, Jack Manbeck and Mark Gisi
for their excellent help cleaning up this final version of the specification and getting it ready to publish over the last month. Looking forward to your feedback. Thanks, Kate [1] https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX
|
|
|
|
SPDX Awareness Building
Philip Odence
At LinuxCon Europe next week, the Linux Foundation will send out a press release announcing version 1.2. Also, in addition to a presentation for Black Duck, I will be hosting BoF session on SPDX and will be joining Claus Peter Wiedemann of Bearing Point
to present SPDX at the Automotive Linux event later in the week.
In Asia, YoungTaek Kim will be presenting Samsung's use of SPDX at the Korean Linux Forum in Nov and at the Japan Open Compliance Summit in December. For those who missed the session in New Orleans, here are Taek's slides: http://events.linuxfoundation.org/sites/events/files/slides/Piloting%20SPDX%20in%20Samsung%20-%20case%20studies%20and%20experiences%20%28YoungTaek%20Kim%29.pdf
Lastly, I presented in introduction to SPDX last week at the GENIVI all members meeting in San Diego last week. There is good awareness of SPDX amongst anyone involved in licensing for GENIVI (the open source In-Vehicle Infotainment platform) and this
was an opportunity to build awareness with a broader group.
It's exciting to see the word get out across the globe!
Best,
Phil
L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
|
|
|
