|
Re: SPDX "Online Validation Tools" and "Fossology+SPDX Tools"
Gary O'Neall
Hi Georgia,
toggle quoted message
Show quoted text
The Online Validation Tools will likely be based on the SPDX libraries. The source for these libraries can be found at http://git.spdx.org/?p=spdx-tools.git;a=summary and the binary downloads can be found at http://spdx.org/spdx-tools/tools-from-the-spdx-workgroup The validation tools will be based on the SPDX specifications found at http://spdx.org/SPDX-specifications/spdx-version-1.2. Let me know if you have any additional questions. Thanks, Gary O'Neall -----Original Message----- |
|
|
|
|
|
Re: SPDX "Online Validation Tools" and "Fossology+SPDX Tools"
Matt Germonprez <germonprez@...>
Hi Georgia, Thanks for your interest. Here at the University of Nebraska at Omaha we maintain the code related to FOSSology+SPDX. You can find a public instance of the project here:
You can find the current source and installation here: We have several things that we are considering regarding FOSSology+SPDX right now including: 1) Interface redesign. Right now, the interface assumes detailed knowledge of the SPDX 1.2 spec. We would like to design an interface that not only produces valid SPDX documents but also educates a user about the current spec.
2) Post-production of SPDX documents loaded to a central SPDX repository. Currently, SPDX documents are downloaded to the user on a one-by-one basis. The SPDX repository would serve as a central DB by which SPDX documents could then be explored, modified, signed-off, or assigned to products.
3) Accommodation for the SPDX 2.0 Specification We are very open to new improvements or ideas and welcome your input. Please let me know if you have any additional questions.
Regards, Matt Germonprez On Mon, Mar 10, 2014 at 6:45 AM, Georgia Kapitsaki <gkapi@...> wrote: Dear all, Mutual of Omaha Associate Professor of Information Systems
|
|
|
|
|
|
March General Meeting Minutes
Philip Odence
I thought it might be useful to include the text of the minutes in my monthly reports, so intend to start doing so.
For the last 30 mins of the April General Meeting, the Tech Team will give a high level presentation of the 2.0 model on which we have converged, intended for anyone on any team who has not been involved in the details of 2.0.
General Meeting/Minutes/2014-03-06
Biz Team Report - Jack (unable to attend, but provided written summary)
Legal Team Report - Jilayne
Tech Team Report - Gary
Cross Functional Issues – Phil
Attendees
|
|
|
|
|
|
Re: List of companies that have adopted SPDX
RUFFIN MICHEL
Well the status for Alcatel-Lucent is
toggle quoted message
Show quoted text
1) we officially use the standard naming of FOSS license internally, but perhaps have not changed all our processes, documents and the knowhow of ALU people on this but our trainings, our FOSS internal DB are aligned. (And even me, I speak about BSD2 license or new BSD rather than BSD3-clause license) 2) our internal tools are able to exchange information under SPDX format (some still need to be aligned). Now people use more excel format than XML one when they discuss things 8-) So SPDX/XML is more for machines; Concerning our contracts with suppliers we are asking Excel format and mention SPDX format. It took years to convince them to provide us the list under something easy to treat by computers (Excel rather than ASCI files or url on their web site where we can find the information; We will go to the next step but smoothly Michel Michel.Ruffin@..., PhD Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France -----Message d'origine-----
De : spdx-bounces@... [mailto:spdx-bounces@...] De la part de Philip Odence Envoyé : lundi 10 mars 2014 13:36 À : Georgia Kapitsaki; spdx@... Objet : Re: List of companies that have adopted SPDX All, if you are willing to add you organization's name to the list of those using SPDX, please either add to the adoption wiki page http://wiki.spdx.org/view/Business_Team/Adoption or drop a note to Jack and Mikael. Georgia, Thanks for the inquiry. First let me tell you we don¹t have perfect knowledge. We have gotten to the point that there is enough information available on the Website that one can utilize the spec without having to be involved or ask questions and we know that there are many companies working with SPDX, but either consciously or unconsciously are not sharing that info. That said, about 6 months ago we started a wiki page to capture what we know, at least about companies that were willing to have their activity known. http://wiki.spdx.org/view/Business_Team/Adoption We know that the info was not complete at the time and surely it has fallen behind a bit. Best, Phil On 3/10/14, 7:57 AM, "Georgia Kapitsaki" <gkapi@...> wrote: Dear all,_______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
|
|
Re: List of companies that have adopted SPDX
Philip Odence
All, if you are willing to add you organization's name to the list of
toggle quoted message
Show quoted text
those using SPDX, please either add to the adoption wiki page http://wiki.spdx.org/view/Business_Team/Adoption or drop a note to Jack and Mikael. Georgia, Thanks for the inquiry. First let me tell you we don¹t have perfect knowledge. We have gotten to the point that there is enough information available on the Website that one can utilize the spec without having to be involved or ask questions and we know that there are many companies working with SPDX, but either consciously or unconsciously are not sharing that info. That said, about 6 months ago we started a wiki page to capture what we know, at least about companies that were willing to have their activity known. http://wiki.spdx.org/view/Business_Team/Adoption We know that the info was not complete at the time and surely it has fallen behind a bit. Best, Phil On 3/10/14, 7:57 AM, "Georgia Kapitsaki" <gkapi@...> wrote:
Dear all, |
|
|
|
|
|
Re: List of companies that have adopted SPDX
Tom Incorvia
I recollect someone requesting this information as part of a prior press release.
toggle quoted message
Show quoted text
There are both companies that support the standard, and a larger group of companies that have standardized on the license naming. Micro Focus utilizes the SPDX license list and relies on the SPDX names for all internal open source logging. Tom Tom Incorvia; tom.incorvia@...; O: (512) 340-1336; M: (215) 500 8838; Shoretel (Internal): X27015 -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Georgia Kapitsaki Sent: Monday, March 10, 2014 6:57 AM To: spdx@... Subject: List of companies that have adopted SPDX Dear all, is there a location for information on companies that have adopted SPDX. I was not able have access to this information (if available) from the specification website. Thank you. Best regards, Georgia -- Dr.-Ing. Georgia M. Kapitsaki Lecturer Dept. of Computer Science tel: +357-22892692 University of Cyprus www.cs.ucy.ac.cy/~gkapi/ http://www.cs.ucy.ac.cy/seit/ _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx This message has been scanned for malware by Websense. www.websense.com |
|
|
|
|
|
List of companies that have adopted SPDX
Georgia Kapitsaki
Dear all,
is there a location for information on companies that have adopted SPDX. I was not able have access to this information (if available) from the specification website. Thank you. Best regards, Georgia -- Dr.-Ing. Georgia M. Kapitsaki Lecturer Dept. of Computer Science tel: +357-22892692 University of Cyprus www.cs.ucy.ac.cy/~gkapi/ http://www.cs.ucy.ac.cy/seit/ |
|
|
|
|
|
SPDX "Online Validation Tools" and "Fossology+SPDX Tools"
Georgia Kapitsaki
Dear all,
as part of some research work we are performing between the University of Cyprus (UCY) and the Otto-von-Guericke-Universität Magdeburg (OVGU) we have some relevant activities to some projects indicated in: http://www.linuxfoundation.org/collaborate/workgroups/gsoc/gsoc-2014-spdx-projects Specifically, we would like to contact: - Gary O'Neall for the "Online Validation Tools" - Matt Germonprez for the Fossology+SPDX Tools" If there are any advancements in these projects, we would like to have an answer on this in this post if possible. Best regards, Georgia -- Dr.-Ing. Georgia M. Kapitsaki Lecturer Dept. of Computer Science tel: +357-22892692 University of Cyprus www.cs.ucy.ac.cy/~gkapi/ http://www.cs.ucy.ac.cy/seit/ |
|
|
|
|
|
Re: [GSOC] SPDX Parser libraries project
Philip Odence
This is great, Ahmed.
toggle quoted message
Show quoted text
I¹m transferring this thread to the SPDX Tech Team list from the General mailing list. On 3/8/14, 11:23 PM, "ahi" <ahm3d.hisham@...> wrote:
Hello, |
|
|
|
|
|
[GSOC] SPDX Parser libraries project
Ahmed Hisham Ismail
Hello,
First allow me to introduce myself, My name is Ahmed Hisham I am currently a CS student at the German University in Cairo. I hope to spend the summer working on the SPDX parser libraries project list on the idea page at http://www.linuxfoundation.org/collaborate/workgroups/gsoc/gsoc-2014-spdx-projects. I have a couple of questions about the project, regarding what version of the spec is it expected to support. Should it support older version than the current spec ? Should it partially support the upcoming spec 2.0 ? If so is there a publicly available working draft? I say partially as the spec is expected to be release in august and by then the summer of code will be at its end. Best Regards, Ahmed |
|
|
|
|
|
New Items and SPDX General Meeting reminder
Philip Odence
A couple of items in addition to the regular reminder about the upcoming general meeting:
GENERAL MEETING
Meeting Time: Thurs, March
6, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues –
Phil
|
|
|
|
|
|
SPDX Announcements
Philip Odence
I am pleased to announce that Paul Madick and Mikael Söderberg will be joining the leadership of SPDX. Paul will co-lead the Legal Team with Jilayne, and Mikael will be Jack's co-lead on the Business Team. Both are terrific additions to the organization
and we are excited to welcome them aboard.
Paul is an experienced open source attorney serving as Senior Counsel in HP's Cloud Computing & Open Source group in the Office of the General Counsel and has already been a regular contributor to the Legal Team. Mikael is CTO and founder of Pelagicore
where he has been an evangelist for the use of open source in automotive In-Vehicle Infotainment systems. Based in Sweden, Mikael is keen to build awareness of SPDX in Europe.
Big thanks to Scott Lamons for his work as Business Team co-lead. He's been a big contributor to the effort for years, and it's been a personal pleasure for me to work with him. The good news is that Scott plans to stay active, so this is not farewell
by any means.
On more operational notes:
Best regards,
Phil
L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
|
|
|
|
|
|
FOSSology+SPDX [Crossposting]
Matt Germonprez <germonprez@...>
Hi everyone, Not sure if you saw this thread over at FOSSology. I think it might be of interest to SPDX too. Regards, Matt ************ Hi All, Bob,
This is Kotrappa, from Wipro Technologies India. We are using Fossology on a local sever for scanning some of packages for License/copyright info. Recently we have installed Fossology+SPDX module on a local PC, and this gives spdx results as well.
Spdx.org gives open source tools to convert .rdf to .spdx, .spdx to .rdf, .xls to.rdf etc. Reference http://spdx.org/spdx-tools/tools-from-the-spdx-workgroup
We would like to know after Fossology+SPDX scans a package and gives results in sdpx format, Is there any command line tools to execute on command prompt in Local PC using localhost server running Fossology agents to get results in spdx format. ( Please note I cannot use Web Interface version of https://fossologyspdx.ist.unomaha.edu/?mod=Default because packages cannot be uploaded to public)
I mean, I should be able to get results something like mypackage_name.spdx or mypackage_name.rdf which complies with SPDX format specified in spdx.org, which I can use as an input to spdx open source tools for conversion, comparison etc.
Please help.
Best regards Kotrappa. ************
Hi Kotrappa, I’m confused why you mention that you cannot use fossologyspdx.ist.unomaha.edu since you have installed the spdx module on your own local machine. You shouldn’t have to use the unomaha machine since you have it installed locally.
Since you have installed the FOSSology+SPDX module on your local PC, then you can create spdx files (tag files). That option is the default but is specified in the “Output File Type” pull down on the SPDX Edit screen. So though we call it a .tag file, I think that is the same as the .spdx file.
The command line (web api) doc is at: However, this does not generate the full .spdx (tag) output. If I have not understood your question completely, please ask again. Liang Cao is the author of the SPDX module and he is on this list as well. Thanks, Bob Gobeille ************ Hi Kotrappa,
Liang Cao has added an option to generate a full SPDX document in TAG format from the command line. He has also provided a nice overview of how to work with the source.
The source is pushed to here: The documentation is here: [fullSPDXFlag]: true/false. Only when this option is set to "true", low definition version of the full SPDX contents are output. Skipping this option equals setting it to "false." This option should be set to "true" when you want to generate an SPDX document from the command line. wget -qO - --no-check-certificate --post-file=./[mypackagename] --timeout=0 "https://domain/?mod=spdx_license_once&noCopyright=false&jsonOutput=false&fullSPDXFlag=true&packageNameInLog=[mypackagename]" > [mypackagename].spdx for example: wget -qO - --no-check-certificate --post-file=./time-1.7.tar --timeout=0 "https://fossologyspdx.ist.unomaha.edu/?mod=spdx_license_once&noCopyright=false&jsonOutput=false&fullSPDXFlag=false&packageNameInLog=time-1.7.tar" > time-1.7.tar.spdx If you have any questions, please feel free to contact me or Liang. We are happy to help. Regards, Matt Germonprez and Liang Cao Mutual of Omaha Associate Professor of Information Systems
|
|
|
|
|
|
Reminder- SPDX General Meeting Pushed to Thurs, Feb 13
Philip Odence
Meeting Time: Thurs, Feb 13,
8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues –
Phil
|
|
|
|
|
|
Registration Information for Linux Collab Summit in March and SPDX Meetings
Manbeck, Jack
All,
The Linux Collaboration summit is this coming March, 26-28th. There will be a technical team meeting prior to the summit on the 25th to do a deep dive on the SPDX 2.0 data model and a session for SPDX on Friday (still working to secure the room). As the Agendas firm up we will post them.
To register for the conference use this link:
https://www.regonline.com/register/login.aspx?eventID=1250683
When registering use the SPDX workgroup code SPDX14LFCS and choose the "Invitation Acceptance" registration type.
We hope to see many of you there.
Best regards,
Jack Manbeck Business Team Co-Chair
|
|
|
|
|
|
SPDX General Meeting
Philip Odence
When: Thursday, February 13, 2014 11:00 AM-12:00 PM. (UTC-05:00) Eastern Time (US & Canada) Where: Bridge info enclosed *~*~*~*~*~*~*~*~*~* Due to lack availability of some of the team leads, we are pushing this occurrence of the General Meeting out 1 week. This is a one time move; we'll be back to the normal first Thursday cadence in March.
I am not sure everyone on the General Meeting mailing list has this invitation on the calendar. Please excuse the redundancy of my sending out a separate notice to the list, which I will do on Monday.
**********
Please accept so this recurring meeting is on your calendar, however no need to respond.
DIAL IN:
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732 Conference code: 7812589502
MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions
|
|
|
|
|
|
Introduction
Daniel Hamacher <danielhamacher.dh@...>
Hello SPDX Team, my name is Daniel and I am a second year University student. I would like to get involved in OpenSource and I got interested in this project. I looked through the Bug list and found item #1129 which I would like to work on. What do I need to do to get assigned to this item or any other item in the future?
Thanks, Daniel |
|
|
|
|
|
SPDX Virtual General Meeting and Schedules
Philip Odence
GENERAL MEETING
As per my previous email, the January General Meeting was virtual, i.e. written reports from the team leads:
BUSINESS AND LEGAL TEAM SCHEDULES
The teams will continue to alternate the Thursday slot at the same time. First meetings of the year are as follows:
Business Team- January 16
Legal Team- January 23
BLOG
I posted a New Year's blog looking forward to 2014: http://spdx.org/news/2014-01-02/ring-in-the-new
|
|
|
|
|
|
FW: WTFPL(-2.0) license entry
Philip Odence
Forwarding to SPDX legal list for any discussion. BCC SPDX general list,
toggle quoted message
Show quoted text
as FYI that legal list will handle. On 12/27/13 9:25 AM, "Jan Engelhardt" <jengelh@...> wrote:
|
|
|
|
|
|
WTFPL(-2.0) license entry
Jan Engelhardt <jengelh@...>
The SPDX license list at http://spdx.org/licenses/ has an entry
Do What The F*ck You Want To Public License WTFPL There are multiple versions of the WTFPL around, and the SPDX entry shows the WTFPL version 2.0 text. In spirit of the SPDX naming of all the remaining licenses, the "WTFPL" entry should be renamed to "WTFPL-2.0". |
|
|
|