Date   

Re: [EXTERNAL] Re: [spdx] SBOM's going mainstream - Biden Cybersecurity EO

Gene Vallow
 

You’re very welcome.  Thanks for all you do!  :-)

 

We LOVE that place!  Can’t wait to start going again!  So yes, may see us there! 

 

From: <spdx@...> on behalf of Steve Winslow <swinslow@...>
Reply-To: "spdx@..." <spdx@...>
Date: Friday, May 14, 2021 at 2:16 PM
To: "spdx@..." <spdx@...>
Subject: [EXTERNAL] Re: [spdx] SBOM's going mainstream - Biden Cybersecurity EO

 

For those interested -- as a follow-up to Kate's message about the EO, here is an article in ZDNet that mentions several aspects of SPDX and how it addresses objectives of the EO:

 

 

Steve

 

On Thu, May 13, 2021 at 1:36 PM Kate Stewart <kstewart@...> wrote:

Last night Biden signed Executive Order (EO) on Improving the Nation’s Cybersecurity.

As part of this Executive order the concept of SBOM is getting widespread visibility.



If the question comes up please help reinforce that SPDX is a valid recognized SBOM format.

NTIA has recognized 3 SBOM formats able to satisfy the minimum viable requirement for an SBOM, and SPDX is one of them. Current details are available from the last NTIA formats and tooling quarterly checkpoint last month. Also, last month NTIA hosted a plugfest, and all but one, tool was able to create an SPDX SBOM.



The NTIA community has been key to getting SBOM in this EO.  Some of you will remember Allan Friedman from NTIA's presentation to our group last year, as well as Ed Heierman from the HealthCare PoC on what they found using SPDX, so it's very exciting to see this emerge.



Thanks,

Kate



 

 



--

Steve Winslow
VP, Compliance and Legal
The Linux Foundation


Re: SBOM's going mainstream - Biden Cybersecurity EO

Steve Winslow
 

For those interested -- as a follow-up to Kate's message about the EO, here is an article in ZDNet that mentions several aspects of SPDX and how it addresses objectives of the EO:


Steve

On Thu, May 13, 2021 at 1:36 PM Kate Stewart <kstewart@...> wrote:
Last night Biden signed Executive Order (EO) on Improving the Nation’s Cybersecurity.
As part of this Executive order the concept of SBOM is getting widespread visibility.

If the question comes up please help reinforce that SPDX is a valid recognized SBOM format.
NTIA has recognized 3 SBOM formats able to satisfy the minimum viable requirement for an SBOM, and SPDX is one of them. Current details are available from the last NTIA formats and tooling quarterly checkpoint last month. Also, last month NTIA hosted a plugfest, and all but one, tool was able to create an SPDX SBOM.

The NTIA community has been key to getting SBOM in this EO.  Some of you will remember Allan Friedman from NTIA's presentation to our group last year, as well as Ed Heierman from the HealthCare PoC on what they found using SPDX, so it's very exciting to see this emerge.

Thanks,
Kate





--
Steve Winslow
VP, Compliance and Legal
The Linux Foundation


SBOM's going mainstream - Biden Cybersecurity EO

Kate Stewart
 

Last night Biden signed Executive Order (EO) on Improving the Nation’s Cybersecurity.
As part of this Executive order the concept of SBOM is getting widespread visibility.

If the question comes up please help reinforce that SPDX is a valid recognized SBOM format.
NTIA has recognized 3 SBOM formats able to satisfy the minimum viable requirement for an SBOM, and SPDX is one of them. Current details are available from the last NTIA formats and tooling quarterly checkpoint last month. Also, last month NTIA hosted a plugfest, and all but one, tool was able to create an SPDX SBOM.

The NTIA community has been key to getting SBOM in this EO.  Some of you will remember Allan Friedman from NTIA's presentation to our group last year, as well as Ed Heierman from the HealthCare PoC on what they found using SPDX, so it's very exciting to see this emerge.

Thanks,
Kate




SPDX May General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2021-05-06

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_2000046778   signature_745472613   signature_1521357274   signature_577595742

 

General Meeting/Minutes/2021-05-06

General Meeting‎ | Minutes

·         Attendance: 18

·         Lead by Phil Odence

·         Minutes of Apri meeting Approved

·         Plan was to switch to Zoom

·         Considering using Jitsu

 

Contents

 [hide

SPDX License Name Space at Amazon - Mark[edit]

·         https://docs.google.com/presentation/d/1uCAJW79hzqLAPhXfAn4maCRk9TZUhLJDAPEOBlgUFTw/edit?usp=sharing

 

Tech Team Report - Kate/Gary/Others[edit]

 

·         Spec – Kate

·         Specification conversations continuing to move forward

·         Rough template for categories of topics (what were previously being called “profiles”)

·         Core Model - Gary

·         No Update

·         Licensing

·         filed PR with initial draft for discussion of template format, etc.; will update to newer template; previously discussed much of its substance last year

·         Integrity – Kay

·         working with in-toto community, framework for end-to-end supply chain security; collaborating with them to see if the specs can be aligned

·         Defects / Security – Thomas not here today

·         pushed first draft of fields for (1) vulnerabilities, and (2) defects => impact on packages, false positives, etc.

·         https://github.com/spdx/spdx-spec/pull/510

·         Meetings next week to look at other security specs, their use cases, whether they can / how they should be incorporated

·         Linking – Nisha not here today

·         Kate discussing with Nisha / Rose

·         Usage – Yoshiyuki Ito

·         No update

·         Pedigree / Build / Creation – Kate

·         No Update

·         GSoC- Alexios

·         Got 5 slots; can run up to 5 projects

·         Likely to accept 5 proposals:

·         2 for improving Golang tooling libraries (one RDF writing, one JSON reading/writing)

·         1 for transitioning / updating online SPDX tools

·         1 for spec processing tools

·         1 for improved license matcher, taking matching guidelines into account (unplanned submission)

 

Legal Team Report - Jilayne/Paul/Steve[edit]

 

·         Working for 3.13, planning to push out over the weekend

·         Have been trying to clean up old issues

·         Some updates on documentation in the repo

·         New participants recently – some discussions on recent calls have included reviewing past history; may want to put together more historical documentation of past context, etc.

·         Some interest from Debian – interest in getting a Debian-free tickbox into the license list

·         License submissions – starting to take a harder line on participation from people submitting license requests without sticking with them. For this release, started asking people to create the PR’s themselves – a few of the submitters at least responded and indicated they would do so

·         Still relying on the calls too much; having people commenting in issues out-of-band would be very helpful

 

Outreach Team Report - Kate[edit]

 

·         Continuing to see interest in SPDX across different communities

·         Zephyr – auto-generation

·         Possible interest in re-starting Outreach team meetings – Sebastian interest, Aveek also

·         Kate will reach out to Jack and either ask him to restart or else Kate will restart

 

Other Topics[edit]

 

·         Sebastian – interest in Arch Linux in using SPDX

·         Some work being done on the Arch packaging system, interest in using SPDX licenses

·         Jitsi

·         Jilayne - Jitsi – this has gone well, plan to update to this for future General calls

·         Legal and Tech teams can update if/when they choose

·         Europe, UK, etc. seems to be working

·         Bob – recommend putting passwords on it

·         Steve – discuss whether to put one on. Possible but appears to prevent dial-ins afterwards.

·         Steve will look into options

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Mark Atwood, Amazon

·         Matthew Crawford, ARM

·         Bob Martin, Mitre

·         Philippe Emmanuel Douziech, CAST

·         Jilayne Lovejoy, Red Hat

·         Maximilian Huber, TNG

·         Alexios Zavras, Intel

·         Kay Williams, Microsoft

·         David Edelsohn, IBM

·         Thomas Steenbergen, HERE

·         Jeff Schutt, Cisco

·         Kate Stewart, Linux Foundation

·         Michael Herzog- nexB

·         Sebastian Crane

·         Steve Winslow, LF

·         Marc Etienne Vargenau, Nokia

·         Jonas Smedegaard, self

 


Re: Thursday SPDX General Meeting Reminder - Special Presentation and NEW CONF BRIDGE INFO

J Lovejoy
 

On 5/5/21 10:45 AM, Jonas Smedegaard wrote:
Quoting Phil Odence via lists.spdx.org (2021-05-05 14:47:03)
You may be aware that based on SPDX community input we decided to move away from Uberconference. Initially the thought was to move to Zoom, but we are trying an open source alternative, Jitsi. Assuming it works for us, we�ll make the permanent move, and I will update the calendar invite accordingly.

For now, use this information for the Thursday Meeting:

Join the meeting:
https://meet.jit.si/SPDXGeneralMeeting<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2FSPDXGeneralMeeting&sa=D&ust=1619537013292000&usg=AOvVaw224M4IF9lZQ--a36gO3Lwh__;JSUlJQ!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41BGCiD_0k$>
Great to hear that meetings now use Open standards and Free software!

Could you please share only the room name, stripped from the URI?

I.e. the string from the URI which begins with "SPDXGeneralMeeting"...


It seems your email software and/or the mailinglist software gets upset 
by some characters in the meeting string and mangles the URI...


 - Jonas



Re: Thursday SPDX General Meeting Reminder - Special Presentation and NEW CONF BRIDGE INFO

Jonas Smedegaard
 

Quoting Phil Odence via lists.spdx.org (2021-05-05 14:47:03)
You may be aware that based on SPDX community input we decided to move away from Uberconference. Initially the thought was to move to Zoom, but we are trying an open source alternative, Jitsi. Assuming it works for us, we�ll make the permanent move, and I will update the calendar invite accordingly.

For now, use this information for the Thursday Meeting:

Join the meeting:
https://meet.jit.si/SPDXGeneralMeeting<https://urldefense.com/v3/__https:/www.google.com/url?q=https*3A*2F*2Fmeet.jit.si*2FSPDXGeneralMeeting&sa=D&ust=1619537013292000&usg=AOvVaw224M4IF9lZQ--a36gO3Lwh__;JSUlJQ!!A4F2R9G_pg!I3GFzBfRfUyGZhkyTIdNNgY2TQsTIZL85F0ubPgWSv4TkuBYAzJmtyCci41BGCiD_0k$>
Great to hear that meetings now use Open standards and Free software!

Could you please share only the room name, stripped from the URI?

I.e. the string from the URI which begins with "SPDXGeneralMeeting"...


It seems your email software and/or the mailinglist software gets upset
by some characters in the meeting string and mangles the URI...


- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/

[x] quote me freely [ ] ask before reusing [ ] keep private


Re: Jitsi video calling for the General Meeting tomorrow

Sebastian Crane
 

Dear all,

We now have set up our own Jitsi - thanks to Steve W! Steve tested it
with a few SPDXers in various time zones and it seemed to work
fine. We will use it for the next General Meeting, this Thursday.
It's great to hear that everything went fine in the test run :) I'll be
looking forward to tomorrow's meeting; indeed, mention of Mark Atwood's
talk has certainly piqued my interest!

As to Sebastian's query regarding using Sourcehut (instead of Github)
and a rebuild of the website using that/a different tool. I think
there is going to be very little appetite for that! It took a long
time to fully move over to Github as it was! Any change of this type
involves a fair amount of work and disruption to the normal flow of
things. We certainly have enough going on right now to not add more to
the plate!
Jilayne, too true, infrastructure migration is never easy; that said,
I'm always happy to look into any self-hosted server applications should
that appetite emerge in the future! :)

Best wishes,

Sebastian


Thursday SPDX General Meeting Reminder - Special Presentation and NEW CONF BRIDGE INFO

Phil Odence
 

You may be aware that based on SPDX community input we decided to move away from Uberconference. Initially the thought was to move to Zoom, but we are trying an open source alternative, Jitsi. Assuming it works for us, we’ll make the permanent move, and I will update the calendar invite accordingly.

 

For now, use this information for the Thursday Meeting:

 

Join the meeting:
https://meet.jit.si/SPDXGeneralMeeting

To join by phone instead, tap this: +1.512.647.1431,,1310118349#

Looking for a different dial-in number?
See meeting dial-in numbers:
https://meet.jit.si/static/dialInInfo.html?room=SPDXGeneralMeeting


If also dialing-in through a room phone, join without connecting to audio:
https://meet.jit.si/SPDXGeneralMeeting#config.startSilent=true

 

Our own Mark Atwood will be giving a talk this month about work he initiated to create local namespaces for licenses:

“A proposal for a DNS based SPDX tag.   Why Amazon uses LicenseRef-.com.amazon.-AmzSL-1.0”.

 

GENERAL MEETING

 

Meeting Time: Thurs, April 1, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva https://wiki.spdx.org/view/General_Meeting/Minutes/2021-04-01

 

Special Presentation – Mark

 

Technical Team Report – Kate/Gary/Others

  • Specification and Profiles

 

Technical Team Report – Kate/Gary/Others

  • Specification and Profiles
    • Overview
    • Core
    • Legal
    • Integrity
    • Defects
    • Usage and Other Emerging
  • Tooling

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach/Website Team Report – Jack

  

 

 


Re: Jitsi video calling for the General Meeting tomorrow

Steve Winslow
 

Thanks Jilayne!

One tweak, just to clarify -- I haven't set up a separate Jitsi instance, the invite Phil will be sharing is instead for a Jitsi meeting on the standard free meet.jit.si service hosted by 8x8. Their site indicates that they support up to 100 participants, which should be sufficient for the General Meeting. As Jilayne noted, we'll try it out and see how it works for the meeting and for others going forward.

Best,
Steve


On Tue, May 4, 2021 at 4:31 PM J Lovejoy <opensource@...> wrote:
Hi all,

Following up with an update on this!

First of all, big thanks to Sebastian for taking the bull by the horns and not just asking, but doing; and to Karen for offering the SFC's BBB platform.

We now have set up our own Jitsi - thanks to Steve W! Steve tested it with a few SPDXers in various time zones and it seemed to work fine. We will use it for the next General Meeting, this Thursday. Phil will send the link and dial-in info in his meeting reminder. Assuming there are no problems or major complaints, we will use it going forward for the General Meeting and Phil will send an updated invite at that point.

As to Sebastian's query regarding using Sourcehut (instead of Github) and a rebuild of the website using that/a different tool. I think there is going to be very little appetite for that! It took a long time to fully move over to Github as it was! Any change of this type involves a fair amount of work and disruption to the normal flow of things. We certainly have enough going on right now to not add more to the plate!

Thanks,

Jilayne
SPDX legal team co-lead

On 4/14/21 6:31 AM, Sebastian wrote:
Dear Steve,

I'm pleased to be able to confirm that we are arranging for the LF to
cover the cost of 8x8's Jitsi hosting for SPDX meetings. I'm getting
this set up and will aim to have it in place shortly ...
That is great to hear! With the commercial Jitsi hosting that you have
arranged and the Software Freedom Conservancy's BigBlueButton as a
contingency platform, we should be very well set up for conferencing.

Many thanks to all of you for your feedback and comments on this
topic.  Sebastian, thank you especially for investigating this and for
your efforts looking into Jitsi hosting.
Clearly I shall need to contact Fosshost to withdraw from their Jitsi
hosting offer. However, given that Fosshost have accepted SPDX as a
beneficiary of their services, I'd like to propose that we take this
opportunity to adopt Sourcehut for collaboration.

Sourcehut is a suite of free and open source tools that I've been keenly
following the development of and using for my personal projects. It's
capabilities include Git repositories, mailing lists, issue tracking,
static site hosting and even a full CI/CD pipeline. These are all
modular; they can be used independently or together at will.

Compared to GitHub, Groups.io and other platforms that we are currently
using, Sourcehut would grant us more autonomy. I believe it would be of
enormous value to many potential contributors to SPDX: sending patches
and issues does not require using proprietary software, and in many
cases doesn't even require an account - Sourcehut is based around email!
It is also much better in accessibility than the alternatives.

I've done some research into the installation and also got in touch with
a friend who self-hosted Sourcehut last year; it seems like something I
would be able to run myself or with others of the SPDX Tech team. Indeed
the Sourcehut monthly meeting is this Friday, so any interested members
of this list could take the opportunity to query the platform's creator
himself!

We needn't move off our existing software in a hurry. Given Sourcehut's
architecture this could happen in stages. A rebuild of spdx.dev as a
static side (briefly discussed in the last General Meeting) seems like a
perfect first step.

How about I reply to Fosshost to see if they are happy to exchange the
offer of video conferencing hosting to a VPS for evaluating Sourcehut?

Quite a lot to think about, I know! As always I'm always happy to try
and answer any questions here or on IRC/Gitter.

Best wishes,

Sebastian








--
Steve Winslow
VP, Compliance and Legal
The Linux Foundation


Re: Jitsi video calling for the General Meeting tomorrow

J Lovejoy
 

Hi all,

Following up with an update on this!

First of all, big thanks to Sebastian for taking the bull by the horns and not just asking, but doing; and to Karen for offering the SFC's BBB platform.

We now have set up our own Jitsi - thanks to Steve W! Steve tested it with a few SPDXers in various time zones and it seemed to work fine. We will use it for the next General Meeting, this Thursday. Phil will send the link and dial-in info in his meeting reminder. Assuming there are no problems or major complaints, we will use it going forward for the General Meeting and Phil will send an updated invite at that point.

As to Sebastian's query regarding using Sourcehut (instead of Github) and a rebuild of the website using that/a different tool. I think there is going to be very little appetite for that! It took a long time to fully move over to Github as it was! Any change of this type involves a fair amount of work and disruption to the normal flow of things. We certainly have enough going on right now to not add more to the plate!

Thanks,

Jilayne
SPDX legal team co-lead

On 4/14/21 6:31 AM, Sebastian wrote:
Dear Steve,

I'm pleased to be able to confirm that we are arranging for the LF to
cover the cost of 8x8's Jitsi hosting for SPDX meetings. I'm getting
this set up and will aim to have it in place shortly ...
That is great to hear! With the commercial Jitsi hosting that you have
arranged and the Software Freedom Conservancy's BigBlueButton as a
contingency platform, we should be very well set up for conferencing.

Many thanks to all of you for your feedback and comments on this
topic.  Sebastian, thank you especially for investigating this and for
your efforts looking into Jitsi hosting.
Clearly I shall need to contact Fosshost to withdraw from their Jitsi
hosting offer. However, given that Fosshost have accepted SPDX as a
beneficiary of their services, I'd like to propose that we take this
opportunity to adopt Sourcehut for collaboration.

Sourcehut is a suite of free and open source tools that I've been keenly
following the development of and using for my personal projects. It's
capabilities include Git repositories, mailing lists, issue tracking,
static site hosting and even a full CI/CD pipeline. These are all
modular; they can be used independently or together at will.

Compared to GitHub, Groups.io and other platforms that we are currently
using, Sourcehut would grant us more autonomy. I believe it would be of
enormous value to many potential contributors to SPDX: sending patches
and issues does not require using proprietary software, and in many
cases doesn't even require an account - Sourcehut is based around email!
It is also much better in accessibility than the alternatives.

I've done some research into the installation and also got in touch with
a friend who self-hosted Sourcehut last year; it seems like something I
would be able to run myself or with others of the SPDX Tech team. Indeed
the Sourcehut monthly meeting is this Friday, so any interested members
of this list could take the opportunity to query the platform's creator
himself!

We needn't move off our existing software in a hurry. Given Sourcehut's
architecture this could happen in stages. A rebuild of spdx.dev as a
static side (briefly discussed in the last General Meeting) seems like a
perfect first step.

How about I reply to Fosshost to see if they are happy to exchange the
offer of video conferencing hosting to a VPS for evaluating Sourcehut?

Quite a lot to think about, I know! As always I'm always happy to try
and answer any questions here or on IRC/Gitter.

Best wishes,

Sebastian







Re: updating SPDX website FAQ page

Sebastian Crane
 

Dear all,

Earlier this month there were a number of edits proposed on Google Docs
to the SPDX License List FAQs. Since the activity on that has now died
down a little, I've created a repository on GitHub containing a Markdown
version of the document.

https://github.com/seabass-labrax/spdx-license-list-faqs

I have included all of the changes that were proposed, as well as making
some improvements to the formatting (such as with inline links). Please
note that there were some comments that are still extant on Google Docs,
in particular:

- Jilyane Lovejoy's suggestion on removing a paragraph in the 'Why does
it exist?' question,

- Warner Losh's comment that the explanation of the concluded and
declared license fields is confusing, and

- Alexios Zavras's comment questioning the relevance of the penultimate
question about license inclusion

As for myself, I have some further ideas myself that I'll suggest with
GitHub pull requests. To this end, if an administrator of the SPDX
organisation on GitHub is ready to accept a transfer of the repository
please let me know.

I hope this helps!

Best wishes,

Sebastian


Re: Jitsi video calling for the General Meeting tomorrow

Sebastian Crane
 

Dear Steve,

I'm pleased to be able to confirm that we are arranging for the LF to
cover the cost of 8x8's Jitsi hosting for SPDX meetings. I'm getting
this set up and will aim to have it in place shortly ...
That is great to hear! With the commercial Jitsi hosting that you have
arranged and the Software Freedom Conservancy's BigBlueButton as a
contingency platform, we should be very well set up for conferencing.

Many thanks to all of you for your feedback and comments on this
topic. Sebastian, thank you especially for investigating this and for
your efforts looking into Jitsi hosting.
Clearly I shall need to contact Fosshost to withdraw from their Jitsi
hosting offer. However, given that Fosshost have accepted SPDX as a
beneficiary of their services, I'd like to propose that we take this
opportunity to adopt Sourcehut for collaboration.

Sourcehut is a suite of free and open source tools that I've been keenly
following the development of and using for my personal projects. It's
capabilities include Git repositories, mailing lists, issue tracking,
static site hosting and even a full CI/CD pipeline. These are all
modular; they can be used independently or together at will.

Compared to GitHub, Groups.io and other platforms that we are currently
using, Sourcehut would grant us more autonomy. I believe it would be of
enormous value to many potential contributors to SPDX: sending patches
and issues does not require using proprietary software, and in many
cases doesn't even require an account - Sourcehut is based around email!
It is also much better in accessibility than the alternatives.

I've done some research into the installation and also got in touch with
a friend who self-hosted Sourcehut last year; it seems like something I
would be able to run myself or with others of the SPDX Tech team. Indeed
the Sourcehut monthly meeting is this Friday, so any interested members
of this list could take the opportunity to query the platform's creator
himself!

We needn't move off our existing software in a hurry. Given Sourcehut's
architecture this could happen in stages. A rebuild of spdx.dev as a
static side (briefly discussed in the last General Meeting) seems like a
perfect first step.

How about I reply to Fosshost to see if they are happy to exchange the
offer of video conferencing hosting to a VPS for evaluating Sourcehut?

Quite a lot to think about, I know! As always I'm always happy to try
and answer any questions here or on IRC/Gitter.

Best wishes,

Sebastian


Re: Jitsi video calling for the General Meeting tomorrow

Steve Winslow
 

Hello all,

Many thanks to all of you for your feedback and comments on this topic. Sebastian, thank you especially for investigating this and for your efforts looking into Jitsi hosting.

I'm pleased to be able to confirm that we are arranging for the LF to cover the cost of 8x8's Jitsi hosting for SPDX meetings. I'm getting this set up and will aim to have it in place shortly, potentially for this week's meetings if possible (and deferring to the team leads whether they are comfortable with changing the invites / dial-ins on short notice).

I'll circle back once the hosting is set up. Best,
Steve


On Mon, Apr 12, 2021 at 10:53 AM Max Mehl <max.mehl@...> wrote:
~ Sebastian [2021-04-12 16:38 +0200]:
> First off, I've got great news: Fosshost have accepted my application
> for SPDX hosting! I have been informed that we are now on their queue.
> It's probable that new DNS records will need to be created to point to
> the Fosshost meeting servers, in which case I shall start a thread in
> the SPDX Tech list.

Great idea to ask Fosshost for tech sponsoring!

>> The BBB frontend greenlight can do exactly this.  By default anyone
>> can register for an account and create their own room.
>
> I think Jitsi and BBB have a fundamentally different paradigm with
> regard to this. IRC is a system that I'm very familiar with and am a
> great fan of, and I'd say that Jitsi is to video calling as IRC is to
> text chat.

Good comparison. BBB and Jitsi are really different. From our experience
at the FSFE, BBB is rather for fixed team meetings and organised
workshops while Jitsi is more for ad-hoc meetings that do not require
any account.

From a sysadmin side, Jitsi feels to be a bit easier to set up and
maintain, given that you do not want to make any customisations. These
can be difficult to maintain in both systems, while customisations in
BBB are easier to upgrade, while they break in Jitsi's upgrades.

With BBB it is fairly simple to restrict the circle of people who can
start meetings. This way, you can control the usage of your server. With
Jitsi, everyone can open rooms and eat up your resources (there are some
limits to this, but still).

> The rooms are not created so much as they just exist, and people can
> join and leave at will without needing an account. Jitsi URLs, just like
> IRC channel names, are typically short, meant to be memorable and often
> meaningful. For example, compare:
>
> jitsi.spdx.dev/GeneralMeeting
>
> and
>
> bbb.spdx.dev/sea-hwy-br5-zvq

BBB's room URLs can be modified. That requires admin access and some CLI
magic, but it's doable. We do this for a few important rooms:

  https://wiki.fsfe.org/TechDocs/TechnicalProcesses/BigBlueButton

Best,
Max

--
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join







--
Steve Winslow
VP, Compliance and Legal
The Linux Foundation


Re: Jitsi video calling for the General Meeting tomorrow

Karen Sandler
 

On 2021-04-12 10:38, Sebastian wrote:

As it happens, Fosshost provide both Jitsi and BigBlueButton hosting.
How about we take up Karen Sandler's gracious offer of the Conservancy
BBB server for this week's Legal Team call, in order to evaluate the
software in a real meeting?
Feel free to do this. So you know, the room I set up[1] is just available whenever anyone wants to use it. I have it set up so that everyone who joins can be a moderator (my schedule is such that I'll probably not be able to join).

k

[1] https://bbb.sfconservancy.org/b/kar-uqf-w7w-8wc



Karen M. Sandler
Executive Director, Software Freedom Conservancy
she/hers
__________
Become a Supporter today! http://sfconservancy.org/supporter/


Re: Jitsi video calling for the General Meeting tomorrow

Max Mehl
 

~ Sebastian [2021-04-12 16:38 +0200]:
First off, I've got great news: Fosshost have accepted my application
for SPDX hosting! I have been informed that we are now on their queue.
It's probable that new DNS records will need to be created to point to
the Fosshost meeting servers, in which case I shall start a thread in
the SPDX Tech list.
Great idea to ask Fosshost for tech sponsoring!

The BBB frontend greenlight can do exactly this. By default anyone
can register for an account and create their own room.
I think Jitsi and BBB have a fundamentally different paradigm with
regard to this. IRC is a system that I'm very familiar with and am a
great fan of, and I'd say that Jitsi is to video calling as IRC is to
text chat.
Good comparison. BBB and Jitsi are really different. From our experience
at the FSFE, BBB is rather for fixed team meetings and organised
workshops while Jitsi is more for ad-hoc meetings that do not require
any account.

From a sysadmin side, Jitsi feels to be a bit easier to set up and
maintain, given that you do not want to make any customisations. These
can be difficult to maintain in both systems, while customisations in
BBB are easier to upgrade, while they break in Jitsi's upgrades.

With BBB it is fairly simple to restrict the circle of people who can
start meetings. This way, you can control the usage of your server. With
Jitsi, everyone can open rooms and eat up your resources (there are some
limits to this, but still).

The rooms are not created so much as they just exist, and people can
join and leave at will without needing an account. Jitsi URLs, just like
IRC channel names, are typically short, meant to be memorable and often
meaningful. For example, compare:

jitsi.spdx.dev/GeneralMeeting

and

bbb.spdx.dev/sea-hwy-br5-zvq
BBB's room URLs can be modified. That requires admin access and some CLI
magic, but it's doable. We do this for a few important rooms:

https://wiki.fsfe.org/TechDocs/TechnicalProcesses/BigBlueButton

Best,
Max

--
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom: https://fsfe.org/join


Re: Jitsi video calling for the General Meeting tomorrow

Sebastian Crane
 

Dear James,

First off, I've got great news: Fosshost have accepted my application
for SPDX hosting! I have been informed that we are now on their queue.
It's probable that new DNS records will need to be created to point to
the Fosshost meeting servers, in which case I shall start a thread in
the SPDX Tech list.

Heh, I wouldn't go that far ... all video meetings are heavy on the
server, but we coped by scaling the linode instance up to something
rather expensive.

This year we're hoping to try out their clustering which debuted in
BBB 2.3.
I wish you the best of luck for 2021's event :) Kudos to you for
starting early with the infrastructure planning; that can make all the
difference during the event.

BBB doesn't have a concept of host. It has users and admins (who are
sometimes called admins and sometimes moderators), but you can run a
conference call with only users (you uncheck the "wait for moderators"
button). We did traditionally run every plumbers room with at least
two admins at all times for redundancy and made sure the rooms
couldn't start without a moderator because of our specific
requirements.

Since SPDX meetings are open to all, the control isn't as desirable.
... we have an anti harassment policy so we needed the assurance we
could deal with any potential situation fast. LPC is somewhat well
known, so we also worried about the equivalent of zoom bombing
(although that didn't happen).
(I'm sure you're aware, but for the benefit of people reading who may
not know Jitsi or BBB both systems allow participants to be kicked out
of the room if necessary)

Jitsi's flexibility is really useful in ad-hoc situations: if the
Legal Team wanted an impromptu meeting, say, that could be done
without any scheduling or administration.
The BBB frontend greenlight can do exactly this. By default anyone
can register for an account and create their own room.
I think Jitsi and BBB have a fundamentally different paradigm with
regard to this. IRC is a system that I'm very familiar with and am a
great fan of, and I'd say that Jitsi is to video calling as IRC is to
text chat.

The rooms are not created so much as they just exist, and people can
join and leave at will without needing an account. Jitsi URLs, just like
IRC channel names, are typically short, meant to be memorable and often
meaningful. For example, compare:

jitsi.spdx.dev/GeneralMeeting

and

bbb.spdx.dev/sea-hwy-br5-zvq

I know which one I prefer ;)

Also as in IRC, by default the rooms are open, but if you are the only
person in the room you may optionally make yourself a moderator to lock
the room.

That we are able to have this discussion is a testament to the choice
and freedom that we now have with video conferencing. And we haven't
even brought up GNU Jami yet! :)

... you could mute me without disturbing the chairman.
Yes, that's a feature of BBB too ... anyone can mute anyone.
Thank you for letting me know; I had assumed this was merely a
client-side feature.

None of this is to imply that Jitsi won't work equally well for you
given your requirements. The big thing that made us go for BBB over
Jitsi was the presence of an on-line whiteboard, which is likely
totally irrelevant to a SPDX meeting.
Thanks for your perspective on the two systems. I'll admit I'm not quite
convinced yet, but I really appreciate that you've brought to my
attention features that I hadn't come across as merely a attendee on
BigBlueButton.

As it happens, Fosshost provide both Jitsi and BigBlueButton hosting.
How about we take up Karen Sandler's gracious offer of the Conservancy
BBB server for this week's Legal Team call, in order to evaluate the
software in a real meeting?

I wrote in my Fosshost application that the preference was Jitsi, but
I'm sure they would be happy to set up BigBlueButton instead if that's
the consensus.

Looking forward to your response!

Best wishes,

Sebastian


Re: Jitsi video calling for the General Meeting tomorrow

James Bottomley
 

On Sun, 2021-04-11 at 20:16 +0100, Sebastian wrote:
[...]
I'd suggest that Jitsi is more appropriate for our use than BBB
(Jitsi is a more flexible platform),
I don't quite agree with this statement, but then I'm biased: Linux
Plumbers Conference evaluated both Jitsi and BBB (and a few others)
and determined that BBB was the most appropriate to the interactive
nature of the conference, which we pulled off successfully in 2020.
The main problem with BBB is it's more difficult to set up than
Jitsi and is more demanding about precision of the dependencies ...
but that's not a problem if someone else is hosting it for you.
Congratulations on the online Linux Plumbers Conference :)
Thanks!

I'd certainly agree with you that BBB is generally better suited to
a conference - not to mention lighter on system resources that Jitsi,
which does make a difference when your participants number in 3+
figures!
Heh, I wouldn't go that far ... all video meetings are heavy on the
server, but we coped by scaling the linode instance up to something
rather expensive. This year we're hoping to try out their clustering
which debuted in BBB 2.3.

However, its chief benefit for conferences would, I'd say, be counter
productive for a meeting. The extra control with BBB creates quite a
'bus factor': there must be someone who can be the host, and that
role needs knowledge of all the settings, the password and indeed a
reliable connection - BBB is not forgiving to network failures!
BBB doesn't have a concept of host. It has users and admins (who are
sometimes called admins and sometimes moderators), but you can run a
conference call with only users (you uncheck the "wait for moderators"
button). We did traditionally run every plumbers room with at least
two admins at all times for redundancy and made sure the rooms couldn't
start without a moderator because of our specific requirements.

Since SPDX meetings are open to all, the control isn't as desirable.
Well, I'd like to say that about plumbers too. However, we have an
anti harassment policy so we needed the assurance we could deal with
any potential situation fast. LPC is somewhat well known, so we also
worried about the equivalent of zoom bombing (although that didn't
happen).

Jitsi's flexibility is really useful in ad-hoc situations: if the
Legal Team wanted an impromptu meeting, say, that could be done
without any scheduling or administration.
The BBB frontend greenlight can do exactly this. By default anyone can
register for an account and create their own room.

Also, by default everyone has more control with Jitsi; for example,
if my microphone was noisy you could mute me without disturbing the
chairman.
Yes, that's a feature of BBB too ... anyone can mute anyone.

None of this is to imply that Jitsi won't work equally well for you
given your requirements. The big thing that made us go for BBB over
Jitsi was the presence of an on-line whiteboard, which is likely
totally irrelevant to a SPDX meeting.

James


Re: Jitsi video calling for the General Meeting tomorrow

Sebastian Crane
 

Dear James,

What's wrong with just using https://meet.jit.si ?
That Jitsi server is indeed available for our use; it's sort of the demo
server for 8x8's enterprise Jitsi integration. However, that instance's
terms of use limits the number of concurrent users to 25, which may not
always suffice for our meeting.

I'd suggest that Jitsi is more appropriate for our use than BBB
(Jitsi is a more flexible platform),
I don't quite agree with this statement, but then I'm biased: Linux
Plumbers Conference evaluated both Jitsi and BBB (and a few others)
and determined that BBB was the most appropriate to the interactive
nature of the conference, which we pulled off successfully in 2020.
The main problem with BBB is it's more difficult to set up than Jitsi
and is more demanding about precision of the dependencies ... but
that's not a problem if someone else is hosting it for you.
Congratulations on the online Linux Plumbers Conference :) I'd certainly
agree with you that BBB is generally better suited to a conference - not
to mention lighter on system resources that Jitsi, which does make a
difference when your participants number in 3+ figures!

However, its chief benefit for conferences would, I'd say, be counter
productive for a meeting. The extra control with BBB creates quite a
'bus factor': there must be someone who can be the host, and that role
needs knowledge of all the settings, the password and indeed a reliable
connection - BBB is not forgiving to network failures!

Since SPDX meetings are open to all, the control isn't as desirable.
Jitsi's flexibility is really useful in ad-hoc situations: if the Legal
Team wanted an impromptu meeting, say, that could be done without any
scheduling or administration. Also, by default everyone has more control
with Jitsi; for example, if my microphone was noisy you could mute me
without disturbing the chairman.

All of them suffer client side scaling issues because of webRTC (this
is unavoidable with any end to end encrypted solution because the
client to client streams are 1:1) so the main way we mitigated that
was to request people mute video unless they want to speak ... it
actually works better for interaction than raising your hand.
Since our meetings are open, would it need E2E encryption? That feature
is optional in Jitsi as it happens.

I hope I've been able to explain better what I meant by Jitsi being more
flexible. As always I shall keep you in the loop regarding the managed
hosting that I've requested!

Best wishes,

Sebastian


Re: Jitsi video calling for the General Meeting tomorrow

James Bottomley
 

On Fri, 2021-04-09 at 20:37 +0100, Sebastian wrote:
Dear all,

Here's the update that Jilayne said was on its way! During the week
I've applied for Jitsi hosting for our meetings; so far I am still
awaiting responses. I am expecting to receive one response on Monday.
What's wrong with just using

https://meet.jit.si

? It's the Jitsi project free server available to anyone without a
prior reservation or appointment.

Thank you to Karen Sandler for her offer of the Conservancy's
BigBlueButton server! I'd suggest that Jitsi is more appropriate for
our use than BBB (Jitsi is a more flexible platform),
I don't quite agree with this statement, but then I'm biased: Linux
Plumbers Conference evaluated both Jitsi and BBB (and a few others) and
determined that BBB was the most appropriate to the interactive nature
of the conference, which we pulled off successfully in 2020. The main
problem with BBB is it's more difficult to set up than Jitsi and is
more demanding about precision of the dependencies ... but that's not a
problem if someone else is hosting it for you.

All of them suffer client side scaling issues because of webRTC (this
is unavoidable with any end to end encrypted solution because the
client to client streams are 1:1) so the main way we mitigated that was
to request people mute video unless they want to speak ... it actually
works better for interaction than raising your hand.

James


Re: Jitsi video calling for the General Meeting tomorrow

Sebastian Crane
 

Dear all,

Here's the update that Jilayne said was on its way! During the week
I've applied for Jitsi hosting for our meetings; so far I am still
awaiting responses. I am expecting to receive one response on Monday.

Thank you to Karen Sandler for her offer of the Conservancy's
BigBlueButton server! I'd suggest that Jitsi is more appropriate for
our use than BBB (Jitsi is a more flexible platform), but it is very
good to know that there would be another plan if the applications
don't go anywhere.

I'll let you know how the applications go!

Best wishes,

Sebastian

81 - 100 of 1485