|
Re: TripleCheck 0.4
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Nick,
toggle quoted message
Show quoted text
While I've only spent ~15min with the tool, I was very impressed with the ease of use and the ability to install this and get almost immediate and useful! results. Great work! I'll keep you posted on my findings. Best Regards, Scott -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito Sent: Monday, March 31, 2014 1:02 PM To: Manbeck, Jack; spdx@... Subject: RE: TripleCheck 0.4 Hi Jack, Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software. Will get back to this message as soon as possible. With kind regards, Nuno Brito On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote: Nuno,_______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
|
|
Re: TripleCheck 0.4
Nuno Brito
Hi Jack,
I'd like to follow-up on this message if possible, the points from the requirement list were quoted to place my answers in context. The tool must currently support SPDX (i.e. it is not a planned release).Checked. You have a page on your website that describes how the tool supports SPDX. This will be the link you provide in the Required Information below.Checked. Whether this is a community or commercial tool.Community. Contributions from other developers interested in submitting additional license detection rules and fix defects are warmly welcome through github or email. To clarify, I use this software on commercial practice to "scratch my own itch" [1] in the open source way of doing things. A small logo which can be displayed. This is optional. If provided it must meet the following criteriaAttached to this message you find a TripleCheck with 251x122px as specified in the criteria A short teaser of one or two sentences that describes your tool. No more than 160 characters including spacesStraight-forward free tool to create SPDX reports right from your desktop. A long description which can be up to a couple of paragraphs. Try not to get too verbose. You will have a link to your website for lengthy explanations.The TripleCheck reporter is the ideal tool for a quick overlook of the licensing compliance status for a given set of source code files in your desktop computer (Windows, Linux, Mac OSX). If some license or copyright is not detected by the tool, you can easily add new rules by yourself. We are building a community around open source tooling and your help is welcome to grow the open database of licensing rules. Look for us on GitHub. An http link to your site for access to the tool and information on how it supports SPDX.http://www.triplecheck.de/download/ The current version of the tool is 0.6 so perhaps is better to omit version references and just call the tool "TripleCheck reporter". If there is anything else needed, please do let me know. Just in case, I have prepared a short video showcasing the tool that you find at http://youtu.be/nljP6hC8xbc With kind regards, Nuno Brito [1] http://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar#Lessons_for_creating_good_open_source_software --- email: nuno.brito@... phone: +49 615 146 03187 On 2014-03-31 20:44, Manbeck, Jack wrote: Nuno, |
|
|
|
|
|
Re: Special SPDX General Meeting & V2.0 Overview this Thursday
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Gary,
Thanks for the great presentation today on SPDX 2.0 modeling. I really like the evolutionary approach (i.e. adding the relationship functionality on top of what’s already in the 1.2 spec with minimal deprecation). This will make migration much easier and it makes a lot of sense from a business perspective.
And I appreciate you taking it down to a reasonably non-technical level!
Regards, Scott
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Gary O'Neall
Sent: Wednesday, April 02, 2014 12:55 PM To: 'Philip Odence'; spdx@... Subject: RE: Special SPDX General Meeting & V2.0 Overview this Thursday
Greetings all.
Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call. In the tech team we are starting to transition from working on the model to the specification itself. I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.
Gary
From:
spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Philip Odence
For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.
AND,
The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.
GENERAL MEETING
Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Administrative Agenda Attendance Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil V2.0 Overview- Gary O'Neall
|
|
|
|
|
|
Re: Special SPDX General Meeting & V2.0 Overview this Thursday
Gary O'Neall
Greetings all.
Attached are a few slides I'll use to go over the SPDX 2.0 approach and model on tomorrow's call. In the tech team we are starting to transition from working on the model to the specification itself. I'll briefly go over the results of our modeling work some of the implications of our model on the 2.0 spec.
Gary
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Tuesday, April 1, 2014 11:20 AM To: spdx@... Subject: Special SPDX General Meeting & V2.0 Overview this Thursday
For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.
AND,
The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.
GENERAL MEETING
Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Administrative Agenda Attendance Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil V2.0 Overview- Gary O'Neall
|
|
|
|
|
|
Special SPDX General Meeting & V2.0 Overview this Thursday
Philip Odence
For those of you who were not able to make it to the face-to-face meetings at the Collab Summt, it was all very productive and successful. (See my latest blog to get a flavor to the interactions: http://spdx.org/news/2014-04-01/open-collaboration-changes-everything...including-spdx ) As
a consequence of those meetings, there’s a been step increase in progress since the last General Meeting, so this is a good good one to catch and get an overview from the team leads.
AND,
The Tech Team has been converging on the approach for V2.0. Gary has volunteered to provide an overview of the current thinking (which is gelling nicely) for anyone who’s not been a regular participant in the TT meetings. He will gear it towards business
folks and lawyers, but anyone is welcome. This is a great opportunity to make sure we are all singing off the same sheet of music. We’ll target the last 30 mins of the meeting for this overview.
GENERAL MEETING
Meeting Time: Thurs, April 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack
Cross Functional Issues – Phil
V2.0 Overview- Gary O'Neall
|
|
|
|
|
|
Re: TripleCheck 0.4
Nuno Brito
Hi Jack,
toggle quoted message
Show quoted text
Thank you for the kind suggestion, very appreciated. I'd just ask to wait some weeks before the tool is listed. Some defects were reported that I'd like to get sorted before more users run the software. Will get back to this message as soon as possible. With kind regards, Nuno Brito On March 31, 2014 8:44:47 PM GMT+02:00, "Manbeck, Jack" <j-manbeck2@...> wrote:
Nuno, |
|
|
|
|
|
Re: TripleCheck 0.4
Manbeck, Jack
Nuno,
toggle quoted message
Show quoted text
This is great news. I would like to list the tool on the SPDX website. If you agree here is a link to the information I need. You can email it to me direct and I can post it on the business team list if you do not have access. http://wiki.spdx.org/view/Business_Team/Tool_Link_Request best regards, Jack Manbeck SPDX Site Admin and Business Team Co-Chair -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Nuno Brito Sent: Thursday, March 27, 2014 12:54 PM To: spdx@... Subject: TripleCheck 0.4 Dear SPDX group, I'd like to announce the availability of a new SPDX editor/viewer. Features: - Create an SPDX document from: -- a source code folder on disk -- a zipped file on the network - User interface: -- Desktop UI -- Access from a web browser - Java based (tested under Windows and Linux) - Tree navigation of files and folders - Search features (name, hash, similar files) - Basic SPDX editing features - Metrics calculation (LOC, size, number of files) - Basic license detection (detects GPL, LGPL, ...) headers in source code - Learning function (supports plugins, new licenses, ...) The tool is freeware, code is released under the open source EUPL. These are the first editions, many defects are present that we'll be addressing in the upcoming months. If you have any requests or would like to report a defect, just write us back an email. At the moment only the tag/value format is supported. On our context there wasn't much demand for supporting the XML version. An SPDX document generated by our tool writes more information that what the standard prescribes. For example, we include the hashes for other algorithms because they help us finding trails of specific files across the web. This tool is useful if you need a quick way to visually generate an SPDX document from a set of files on your disk. We were already developing this kind of tools in the past for forensic analysis purposes, moved recently to embrace the SPDX format. For more details and download, please visit http://www.triplecheck.de/download/ With kind regards, Nuno Brito -- email: nuno.brito@... phone: +49 615 146 03187 _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
|
|
Unsubscribe
Lori Holmes <lori@...>
|
|
|
|
|
|
Re: Google Summer of Code 2014: There are 4 student applications but no mentors registered
mjherzog
SPDX Listers
toggle quoted message
Show quoted text
I have sent Till the email addresses for Gary and Matt and notified them....Michael Herzog On 3/28/2014 5:25 PM, Till Kamppeter wrote:
Hi, |
|
|
|
|
|
Google Summer of Code 2014: There are 4 student applications but no mentors registered
Till Kamppeter <till.kamppeter@...>
Hi,
I am Till Kamppeter, leader of OpenPrinting, and org admin for the GSoC at the Linux Foundation. We got 4 student applications on SPDX at the Linux Foundation. Unfortunately no suitable mentor has signed up and no one of us is able to evaluate these applications. On the project ideas list http://www.linuxfoundation.org/collaborate/workgroups/gsoc/gsoc-2014-spdx-projects Gary O'Neall and Matt Germonprez appear as available mentors but no e-mail addresses to contact them. if you are not Gary or Matt, please forward this to them. It is very important. Gary, Matt (or if someone else wants to volunteer), if you are reading this, please register as mentor going to http://www.google-melange.com/gsoc/homepage/google/gsoc2014 Near the bottom is photo with many people on it and under it the text Mentors & Administrators Registration with participating organizations is now open. and an orange button labeled "Start connection". Click the button, follow the instructions, and choose "The Linux Foundation" as your mentoring organization. As soon as I see your request I will approve it and then you have access to the applications. If you want to mentor a student, set the switch "Wish to mentor" in this application to "YES". I will assign you then and accept that application, making it eligible for getting a student slot in this GSoC. Tell me also which applications are not usable so that I can mark them as to be ignored. I have to know the number of applications to accept before April 7. So register as soon as possible so that you have time to read and evaluate the applications and also to interact with the students. Thanks in advance. Till |
|
|
|
|
|
Unsubscribe
Lori Holmes <lori@...>
|
|
|
|
|
|
TripleCheck 0.4
Nuno Brito
Dear SPDX group,
I'd like to announce the availability of a new SPDX editor/viewer. Features: - Create an SPDX document from: -- a source code folder on disk -- a zipped file on the network - User interface: -- Desktop UI -- Access from a web browser - Java based (tested under Windows and Linux) - Tree navigation of files and folders - Search features (name, hash, similar files) - Basic SPDX editing features - Metrics calculation (LOC, size, number of files) - Basic license detection (detects GPL, LGPL, ...) headers in source code - Learning function (supports plugins, new licenses, ...) The tool is freeware, code is released under the open source EUPL. These are the first editions, many defects are present that we'll be addressing in the upcoming months. If you have any requests or would like to report a defect, just write us back an email. At the moment only the tag/value format is supported. On our context there wasn't much demand for supporting the XML version. An SPDX document generated by our tool writes more information that what the standard prescribes. For example, we include the hashes for other algorithms because they help us finding trails of specific files across the web. This tool is useful if you need a quick way to visually generate an SPDX document from a set of files on your disk. We were already developing this kind of tools in the past for forensic analysis purposes, moved recently to embrace the SPDX format. For more details and download, please visit http://www.triplecheck.de/download/ With kind regards, Nuno Brito -- email: nuno.brito@... phone: +49 615 146 03187 |
|
|
|
|
|
CollabSummit rides
Philip Odence
This is a late thought, but perhaps helpful. I put up a “ride board” on the wiki for anyone who might have some room or need a ride to/from.
|
|
|
|
|
|
Re: List of companies that have adopted SPDX
RUFFIN MICHEL
The customers of Alcatel-Lucent are mainly telecom operators. They just start in their RFP to ask questions on FOSS and ask list of FOSS in our products. They are far to ask things in SPDX format.
toggle quoted message
Show quoted text
There are 2 things in SPDX the data and the XML format. So we provide the data but not under the XML format (note that we are able to provide it under XML since our tools are aligned and prepared for that). Now if we were to exchange information with companies aligned on SPDX such as Blackduck, we will probably provide information under full SPDX format so we can automate things between our tools. As I said XML is for tools, excel is for humans Michel.Ruffin@..., PhD Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France -----Message d'origine-----
De : Georgia Kapitsaki [mailto:gkapi@...] Envoyé : vendredi 14 mars 2014 10:52 À : RUFFIN, MICHEL (MICHEL) Objet : Re: List of companies that have adopted SPDX Hi Michael, thank you for the answer. If possible, can you add this information in the relevant spdx wiki page? http://wiki.spdx.org/view/Business_Team/Adoption Also may I ask you if you provide also externally any SPDX files coming from real projects? I understand that company policies may not allow this, but it would be very interesting for us to have access to some real-world cases, since we are trying to evaluate a tool that checks the correctness of SPDX files. I remain at your disposal for any information. Thank you. Best regards, Georgia -- Dr.-Ing. Georgia M. Kapitsaki Lecturer Dept. of Computer Science tel: +357-22892692 University of Cyprus www.cs.ucy.ac.cy/~gkapi/ http://www.cs.ucy.ac.cy/seit/ On 3/10/2014 4:47 PM, RUFFIN, MICHEL (MICHEL) wrote: Well the status for Alcatel-Lucent is |
|
|
|
|
|
Re: SPDX "Online Validation Tools" and "Fossology+SPDX Tools"
Philip Odence
To keep the traffic down, we should move this discussion off of the general list. Thanks.
toggle quoted message
Show quoted text
On Mar 10, 2014, at 7:12 PM, "Gary O'Neall" <gary@...> wrote: |
|
|
|
|
|
Re: SPDX "Online Validation Tools" and "Fossology+SPDX Tools"
Gary O'Neall
Hi Georgia,
toggle quoted message
Show quoted text
The Online Validation Tools will likely be based on the SPDX libraries. The source for these libraries can be found at http://git.spdx.org/?p=spdx-tools.git;a=summary and the binary downloads can be found at http://spdx.org/spdx-tools/tools-from-the-spdx-workgroup The validation tools will be based on the SPDX specifications found at http://spdx.org/SPDX-specifications/spdx-version-1.2. Let me know if you have any additional questions. Thanks, Gary O'Neall -----Original Message----- |
|
|
|
|
|
Re: SPDX "Online Validation Tools" and "Fossology+SPDX Tools"
Matt Germonprez <germonprez@...>
Hi Georgia, Thanks for your interest. Here at the University of Nebraska at Omaha we maintain the code related to FOSSology+SPDX. You can find a public instance of the project here:
You can find the current source and installation here: We have several things that we are considering regarding FOSSology+SPDX right now including: 1) Interface redesign. Right now, the interface assumes detailed knowledge of the SPDX 1.2 spec. We would like to design an interface that not only produces valid SPDX documents but also educates a user about the current spec.
2) Post-production of SPDX documents loaded to a central SPDX repository. Currently, SPDX documents are downloaded to the user on a one-by-one basis. The SPDX repository would serve as a central DB by which SPDX documents could then be explored, modified, signed-off, or assigned to products.
3) Accommodation for the SPDX 2.0 Specification We are very open to new improvements or ideas and welcome your input. Please let me know if you have any additional questions.
Regards, Matt Germonprez On Mon, Mar 10, 2014 at 6:45 AM, Georgia Kapitsaki <gkapi@...> wrote: Dear all, Mutual of Omaha Associate Professor of Information Systems
|
|
|
|
|
|
March General Meeting Minutes
Philip Odence
I thought it might be useful to include the text of the minutes in my monthly reports, so intend to start doing so.
For the last 30 mins of the April General Meeting, the Tech Team will give a high level presentation of the 2.0 model on which we have converged, intended for anyone on any team who has not been involved in the details of 2.0.
General Meeting/Minutes/2014-03-06
Biz Team Report - Jack (unable to attend, but provided written summary)
Legal Team Report - Jilayne
Tech Team Report - Gary
Cross Functional Issues – Phil
Attendees
|
|
|
|
|
|
Re: List of companies that have adopted SPDX
RUFFIN MICHEL
Well the status for Alcatel-Lucent is
toggle quoted message
Show quoted text
1) we officially use the standard naming of FOSS license internally, but perhaps have not changed all our processes, documents and the knowhow of ALU people on this but our trainings, our FOSS internal DB are aligned. (And even me, I speak about BSD2 license or new BSD rather than BSD3-clause license) 2) our internal tools are able to exchange information under SPDX format (some still need to be aligned). Now people use more excel format than XML one when they discuss things 8-) So SPDX/XML is more for machines; Concerning our contracts with suppliers we are asking Excel format and mention SPDX format. It took years to convince them to provide us the list under something easy to treat by computers (Excel rather than ASCI files or url on their web site where we can find the information; We will go to the next step but smoothly Michel Michel.Ruffin@..., PhD Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France -----Message d'origine-----
De : spdx-bounces@... [mailto:spdx-bounces@...] De la part de Philip Odence Envoyé : lundi 10 mars 2014 13:36 À : Georgia Kapitsaki; spdx@... Objet : Re: List of companies that have adopted SPDX All, if you are willing to add you organization's name to the list of those using SPDX, please either add to the adoption wiki page http://wiki.spdx.org/view/Business_Team/Adoption or drop a note to Jack and Mikael. Georgia, Thanks for the inquiry. First let me tell you we don¹t have perfect knowledge. We have gotten to the point that there is enough information available on the Website that one can utilize the spec without having to be involved or ask questions and we know that there are many companies working with SPDX, but either consciously or unconsciously are not sharing that info. That said, about 6 months ago we started a wiki page to capture what we know, at least about companies that were willing to have their activity known. http://wiki.spdx.org/view/Business_Team/Adoption We know that the info was not complete at the time and surely it has fallen behind a bit. Best, Phil On 3/10/14, 7:57 AM, "Georgia Kapitsaki" <gkapi@...> wrote: Dear all,_______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
|
|
Re: List of companies that have adopted SPDX
Philip Odence
All, if you are willing to add you organization's name to the list of
toggle quoted message
Show quoted text
those using SPDX, please either add to the adoption wiki page http://wiki.spdx.org/view/Business_Team/Adoption or drop a note to Jack and Mikael. Georgia, Thanks for the inquiry. First let me tell you we don¹t have perfect knowledge. We have gotten to the point that there is enough information available on the Website that one can utilize the spec without having to be involved or ask questions and we know that there are many companies working with SPDX, but either consciously or unconsciously are not sharing that info. That said, about 6 months ago we started a wiki page to capture what we know, at least about companies that were willing to have their activity known. http://wiki.spdx.org/view/Business_Team/Adoption We know that the info was not complete at the time and surely it has fallen behind a bit. Best, Phil On 3/10/14, 7:57 AM, "Georgia Kapitsaki" <gkapi@...> wrote:
Dear all, |
|
|
|
