1. Spdx
  2. Messages

Expanded

Topics Messages Polls
   Date   
FOSSology+SPDX [Crossposting]

Matt Germonprez <germonprez@...>
 

Hi everyone, 

Not sure if you saw this thread over at FOSSology. I think it might be of interest to SPDX too. 

Regards,
Matt


************

Hi All, Bob,

 

This is Kotrappa, from Wipro Technologies India.

We are using Fossology on a local sever for scanning some of packages for License/copyright info.

Recently we have installed Fossology+SPDX module on a local PC, and this gives spdx results as well.

 

Spdx.org gives open source tools to convert .rdf to .spdx, .spdx to .rdf, .xls to.rdf etc.

Reference http://spdx.org/spdx-tools/tools-from-the-spdx-workgroup

 

We would like to know after Fossology+SPDX scans a package and gives results in sdpx format,

Is there any command line tools to execute on command prompt in Local PC using localhost server running Fossology agents to get results in spdx format.

( Please note I cannot use Web Interface version of https://fossologyspdx.ist.unomaha.edu/?mod=Default because packages cannot be uploaded to public)

 

I mean, I should be able to get results something like mypackage_name.spdx or mypackage_name.rdf which complies with SPDX format

specified in spdx.org, which I can use as an input to spdx open source tools for conversion, comparison etc.

 

Please help.

 

Best regards

Kotrappa.


************


Hi Kotrappa,

I’m confused why you mention that you cannot use fossologyspdx.ist.unomaha.edu since you have installed the spdx module on your own local machine.  You shouldn’t have to use the unomaha machine since you have it installed locally.

Since you have installed the FOSSology+SPDX module on your local PC, then you can create spdx files (tag files).  That option is the default but is specified in the “Output File Type” pull down on the SPDX Edit screen.  So though we call it a .tag file, I think that is the same as the .spdx file.

The command line (web api) doc is at:


However, this does not generate the full .spdx (tag) output.

If I have not understood your question completely, please ask again.  Liang Cao is the author of the SPDX module and he is on this list as well.

Thanks,
Bob Gobeille

************

Hi Kotrappa,

Liang Cao has added an option to generate a full SPDX document in TAG format from the command line. He has also provided a nice overview of how to work with the source. 

The source is pushed to here:

The documentation is here:

The option for [fullSPDXFlag] is added.
[fullSPDXFlag]: true/false. Only when this option is set to "true", low definition version of the full SPDX contents are output. Skipping this option equals setting it to "false." This option should be set to "true" when you want to generate an SPDX document from the command line.

You could generate a mypackagename.spdx by running a command like the following:
wget -qO - --no-check-certificate --post-file=./[mypackagename] --timeout=0 "https://domain/?mod=spdx_license_once&noCopyright=false&jsonOutput=false&fullSPDXFlag=true&packageNameInLog=[mypackagename]" > [mypackagename].spdx

for example:

If you have any questions, please feel free to contact me or Liang. We are happy to help. 

Regards,
Matt Germonprez and Liang Cao

--
Mutual of Omaha Associate Professor of Information Systems
University of Nebraska at Omaha
Vita
Open Communities Lab

Reminder- SPDX General Meeting Pushed to Thurs, Feb 13

Philip Odence
 

Meeting Time: Thurs, Feb 13, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 
http://wiki.spdx.org/view/General_Meeting/Minutes/2014-01-02 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack



Cross Functional Issues – Phil

Registration Information for Linux Collab Summit in March and SPDX Meetings

Manbeck, Jack
 

All,

 

The Linux Collaboration summit is this coming March, 26-28th. There will be a technical team meeting prior to the summit on the 25th to do a deep dive on the SPDX 2.0 data model and a session for SPDX on Friday (still working to secure the room). As the Agendas firm up we will post them.

 

To register for the conference use this link:

 

 https://www.regonline.com/register/login.aspx?eventID=1250683

 

When registering use the SPDX workgroup code  SPDX14LFCS and choose the "Invitation Acceptance" registration type.

 

We hope to see many of you there.

 

Best regards,

 

Jack Manbeck

Business Team Co-Chair

 

SPDX General Meeting

Philip Odence
  

When: Thursday, February 13, 2014 11:00 AM-12:00 PM. (UTC-05:00) Eastern Time (US & Canada)
Where: Bridge info enclosed

*~*~*~*~*~*~*~*~*~*
Due to  lack availability of some of the team leads, we are pushing this occurrence of the General Meeting out 1 week. This is a one time move; we'll be back to the normal first Thursday cadence in March. 

I am not sure everyone on the General Meeting mailing list has this invitation on the calendar. Please excuse the redundancy of my sending out a separate notice to the list, which I will do on Monday.


**********
Please accept so this recurring meeting is on your calendar, however no need to respond.

DIAL IN:
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732

Conference code: 7812589502




Introduction

Daniel Hamacher <danielhamacher.dh@...>
 

Hello SPDX Team,

my name is Daniel and I am a second year University student. I would like to get involved in OpenSource and I got interested in this project. I looked through the Bug list and found item #1129 which I would like to work on. What do I need to do to get assigned to this item or any other item in the future? 

Thanks,
Daniel

SPDX Virtual General Meeting and Schedules

Philip Odence
 

GENERAL MEETING
As per my previous email, the January General Meeting was virtual, i.e. written reports from the team leads:

BUSINESS AND LEGAL TEAM SCHEDULES
The teams will continue to alternate the Thursday slot at the same time. First meetings of the year are as follows:
Business Team- January 16
Legal Team- January 23

BLOG
I posted a New Year's blog looking forward to 2014: http://spdx.org/news/2014-01-02/ring-in-the-new  

FW: WTFPL(-2.0) license entry

Philip Odence
 

Forwarding to SPDX legal list for any discussion. BCC SPDX general list,
as FYI that legal list will handle.

On 12/27/13 9:25 AM, "Jan Engelhardt" <jengelh@...> wrote:


The SPDX license list at http://spdx.org/licenses/ has an entry

Do What The F*ck You Want To Public License WTFPL

There are multiple versions of the WTFPL around, and the SPDX entry
shows the WTFPL version 2.0 text. In spirit of the SPDX naming of all
the remaining licenses, the "WTFPL" entry should be renamed to
"WTFPL-2.0".
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

WTFPL(-2.0) license entry

Jan Engelhardt <jengelh@...>
 

The SPDX license list at http://spdx.org/licenses/ has an entry

Do What The F*ck You Want To Public License WTFPL

There are multiple versions of the WTFPL around, and the SPDX entry
shows the WTFPL version 2.0 text. In spirit of the SPDX naming of all
the remaining licenses, the "WTFPL" entry should be renamed to
"WTFPL-2.0".

January SPDX General Meeting Goes Virtual - PLEASE READ

Philip Odence
 

Because the General Meeting falls on Jan 2 and a number of folks will be out or just back from long holidays, we'll do this one virtually, i.e. I will ask all the team leads to provide team updates to me via email and I will issue minutes and solicit comment/thoughts on this list. 

In the meantime, some recommended reading:

Jilayne, Scott and I wrote an article for the I8l FOSS Law Review: 
http://www.ifosslr.org/ifosslr/article/view/89 

I wrote a blog on the state of SPDX (and am still planning another to wrap the year…we'll see): 
http://spdx.org/news/2013-11-14/spdx...how-are-we-doing 


Finally, keep your eyes open for a v2.0 requirements doc that Kirsten Newcomer has been pulling together at the behest of the Business Team (and with review by the Tech Team).


Meeting Time: Thurs, Jan 2, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack/Scott



Cross Functional Issues – Phil

article about SPDX in IFOSS Law Review

Jilayne Lovejoy <lovejoylids@...>
 

Hi All,

The latest edition of the IFOSS Law Review is now available: http://www.ifosslr.org/ifosslr/issue/current
and includes an article about SPDX!!  

Happy Holidays,

Jilayne


SPDX Legal Team lead




TR: FOSS: next steps

RUFFIN MICHEL
 

On Wednesday the OMG held a meeting on standardisation issues between organizations on FOSS issues.

It was a kick-off meeting on the topic

I would like to invite you to be part of the discussion if interested.

To do so you need to send an email to request@... to be part of the FOSS OMG mailing list

Bellow is an email of Richard Soley CEO of OMG

 

Michel
----------------------------------------------
On Wednesday 11 December, the OMG hosted a FOSS Licensing Standards Workshop at the OMG Technical Meeting in Santa Clara, California.  There was significant discussion about the need for new model-based standards (as well as best practices standards) in the area of FOSS licensing.

The areas in which discussion centered, taking into account as much as possible existing standards such as SPDX, included:

  • To kick off the discussion, a reminder of the areas of consideration for new standards, taking into account and using as much as possible existing standards such as SPDX:
  • best practices for choosing a license and potentially agreeing on standard legal FOSS clauses
  • professional certification of FOSS licensing usage
  • capturing FOSS IP information in a Wikipedia-style database
  • agreeing standard contract clauses to lower the cost of supplier/customer relationships, M&A, etc.
  • standardizing unique software identifiers to support the automation of cross-organization identification of licenses & software

The agenda for the day, including presentation materials used, is at http://www.omg.org/news/meetings/tc/ca-13/special-events/FOSS.htm

        -- Richard



 


SPDX Thursday General Meeting Reminder

Philip Odence
 

Meeting Time: Thurs, Dec 5, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack/Scott



Cross Functional Issues – Phil

Nov General Meeting Minutes

Philip Odence
 

Just posted the minutes:

Special note:
The SPDX Legal group will be holding a special break out session to review a number of software examples where the SPDX licensing syntax (i.e., license list + AND/OR operators) may not be sufficient to represent the licensing terms of the software. For instance the group will be looking at the various kinds of special exception terms, the use of the ‘+’ in license names and programs derived from multiple source and library files, where each is potentially under a different license. The group will report back to the Legal and Tech working groups with its findings. If you are interested in attending or would like to submit relevant examples send email to Mark.Gisi@....

Thanks,
Phil

L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence

SPDX Cloud Server now supports SPDX 1.2 file creation

Sameer Ahmed
 

Hi All,

 

Wind River just released SPDX 1.2 support for its free SPDX file creation cloud server.

 

Here is what’s new:

·         Supports newly released SPDX 1.2 format.

·         Improved Analysis Quality – Added several new license detector agents to improve expert system analysis engine.  

·         SPDX data now available in an easy to view spreadsheet format.

·         Upload your own package or now choose from a collection of preloaded sample packages (e.g., Apache Server, U-boot…)

  

You can create an SPDX 1.2 file for free by going to: http://spdx.windriver.com

 

Regards,
Sameer Ahmed

 

 

Sameer Ahmed | Member of Technical Staff - App | Wind River

Email: sameer.ahmed@...

 

Thursday SPDX General Meeting

Philip Odence
 

First some announcements:

News from the Linux Events in Europe

Wind River Presentation on SPDX and Yocto at the Embedded Linux Conference: http://events.linuxfoundation.org/sites/events/files/slides/2013_ELC-E_YP_SPDX.pdf
I also ran a BoF at LinuxCon and presented in intro to SPDX at the Automotive Grade Linux Conference



****

Meeting Time: Thurs, Nov 7, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack/Scott



Cross Functional Issues – Phil

(No subject)

RUFFIN MICHEL
 

Dear all,
The OMG (Object Management group) is organizing a workshop on standardizing open source governance practices on December 11 in Santa Clara (CA) http://www.omg.org/news/meetings/tc/ca-13/special-events/FOSS.htm
 
We would like to invite the members of the SPDX group to participate. From my discussions with a lot of companies since two years on this topic, there is more and more interested parties.
 
Michel
 
Michel.Ruffin@..., PhD
Software Coordination Manager, N&P IS/IT
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
 
 
 

1.2 and BoF Report

Philip Odence
 

It's official, 1.2 is up.  Again, huge thanks to all who contributed. Credit Mark Gisi with finding this apt quote:

“people throw stones at you and you turned them into milestones”

             ― Sachin Tendulkar (Ted Williams of Cricket)


I had a good BoF session with folks from Intel, Qualcomm, HP, Orange, Valeo, and others. There were about 12 including a reporter from Munich. I thought this was a terrific turnout given that it was at the end of a long day and directly competed with the beer/wine and appetizers.I went through a presentation, but it was much more of a discussion and there was healthy discussion of just about every slide; we went for an hour and could have gone longer. At least a couple of the participants indicated enough interest to get involved and help. We'll see.

1.2 Announced at LinuxCon Europe

Philip Odence
 

I was going to hold of until the press release tomorrow, but Jim Zemlin jumped the gun slightly, prominently featuring the SPDX 1.2 release in his keynote this morning. Sorry I wasn't quicker getting my camera out, or I would include a pic. The press release is scheduled for 9am UK time Tuesday.

Big thanks and congrats to Kate and the Technical Team for achieving this milestone. And honorable mentions to Jilayne and the Legal team and Jack & Scott and the Business Team for their support. 

Will let you know how my SPDX BoF goes, but keep expectations in check as I seem to be competing with free (as in free beer) beer during my early evening timeslot.

Best,
Phil


SPDX 1.2 - final review - input needed by Oct 18 EOD.

kate.stewart@...
 

Dear SPDX participants,
    The attached specification has all the bugzilla issues targetted to be resolved in SPDX 1.2 addressed, so its pretty close (if no significant feedback in the next few days) we'll be publishing.     The changes since 1.1 have primarily involved standardizing some additional fields for supporting the supply chain information needs,  resolving issues that were found at the bakeoff at Collab by the participants, and giving more flexibility on naming of the licence references that aren't in the SPDX license list ( which has been updated too! ).   There is also a new appendix on the License Template that is being used in the license list. 

    If you have a chance to review it, and spot something that should be fixed:  
1)  If its a typo, spelling, or grammar issue - please send me the page number and description of what should be changed in an email.  I'll do my best to incorporate it in the final pass on Saturday.  
2) If its a problem with the fields and content or a suggestion for further improvement,  please open a bug in bugzilla [1]. 
3) If you have a question that doesn't fall into one of the two above cases,  please feel free to email spdx-tech@...

A very big THANK YOU to all of the bakeoff participants and users of the SPDX 1.1 specification who opened bugs, as well as the tech-team members who worked out fixes for the issues.  In particular, I'd like to thank Bill Schineller, Gary O'Neall, Jack Manbeck and Mark Gisi for their excellent help cleaning up this final version of the specification and getting it ready to publish over the last month.   

Looking forward to your feedback.

Thanks, 
Kate 

[1] https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX   

PDF
spdx-1 2-20131014b.pdf

SPDX Awareness Building

Philip Odence
 

At LinuxCon Europe next week, the Linux Foundation will send out a press release announcing version 1.2. Also, in addition to a presentation for Black Duck, I will be hosting BoF session on SPDX and will be joining Claus Peter Wiedemann of Bearing Point to present SPDX at the Automotive Linux event later in the week.

In Asia, YoungTaek Kim will be presenting Samsung's use of SPDX at the Korean Linux Forum in Nov and at the Japan Open Compliance Summit in December. For those who missed the session in New Orleans, here are Taek's slides: http://events.linuxfoundation.org/sites/events/files/slides/Piloting%20SPDX%20in%20Samsung%20-%20case%20studies%20and%20experiences%20%28YoungTaek%20Kim%29.pdf

Lastly, I presented in introduction to SPDX last week at the GENIVI all members meeting in San Diego last week. There is good awareness of SPDX amongst anyone involved in licensing for GENIVI (the open source In-Vehicle Infotainment platform) and this was an opportunity to build awareness with a broader group.

It's exciting to see the word get out across the globe!

Best,
Phil

L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence

821 - 840 of 1690