|
(No subject)
RUFFIN MICHEL
Dear all,
The OMG (Object Management group) is organizing a workshop on standardizing open source governance practices on December 11 in Santa Clara (CA) http://www.omg.org/news/meetings/tc/ca-13/special-events/FOSS.htm
We would like to invite the members of the SPDX group to participate. From my discussions with a lot of companies since two years on this topic, there is more and more interested parties.
Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France |
|
|
|
1.2 and BoF Report
Philip Odence
It's official, 1.2 is up. Again, huge thanks to all who contributed. Credit Mark Gisi with finding this apt quote:
I had a good BoF session with folks from Intel, Qualcomm, HP, Orange, Valeo, and others. There were about 12 including a reporter from Munich. I thought this was a terrific turnout given that it was at the end of a long day and directly competed with the
beer/wine and appetizers.I went through a presentation, but it was much more of a discussion and there was healthy discussion of just about every slide; we went for an hour and could have gone longer. At least a couple of the participants indicated enough
interest to get involved and help. We'll see.
|
|
|
|
1.2 Announced at LinuxCon Europe
Philip Odence
I was going to hold of until the press release tomorrow, but Jim Zemlin jumped the gun slightly, prominently featuring the SPDX 1.2 release in his keynote this morning. Sorry I wasn't quicker getting my camera out, or I would include a pic. The press release
is scheduled for 9am UK time Tuesday.
Big thanks and congrats to Kate and the Technical Team for achieving this milestone. And honorable mentions to Jilayne and the Legal team and Jack & Scott and the Business Team for their support.
Will let you know how my SPDX BoF goes, but keep expectations in check as I seem to be competing with free (as in free beer) beer during my early evening timeslot.
Best,
Phil
|
|
|
|
SPDX 1.2 - final review - input needed by Oct 18 EOD.
kate.stewart@...
Dear SPDX participants, The attached specification has all the bugzilla issues targetted to be resolved in SPDX 1.2 addressed, so its pretty close (if no significant feedback in the next few days) we'll be publishing. The changes since 1.1 have primarily involved standardizing some additional fields for supporting the supply chain information needs, resolving issues that were found at the bakeoff at Collab by the participants, and giving more flexibility on naming of the licence references that aren't in the SPDX license list ( which has been updated too! ). There is also a new appendix on the License Template that is being used in the license list. If you have a chance to review it, and spot something that should be fixed: 1) If its a typo, spelling, or grammar issue - please send me the page number and description of what should be changed in an email. I'll do my best to incorporate it in the final pass on Saturday. 2) If its a problem with the fields and content or a
suggestion for further improvement, please open a bug in bugzilla [1]. 3) If you have a question that doesn't fall into one of the two above cases, please feel free to email spdx-tech@... A very big THANK YOU to all of the bakeoff participants and users of the SPDX 1.1 specification who opened bugs, as well as the tech-team members who worked out fixes for the issues. In particular, I'd like to thank Bill Schineller, Gary O'Neall, Jack Manbeck and Mark Gisi
for their excellent help cleaning up this final version of the specification and getting it ready to publish over the last month. Looking forward to your feedback. Thanks, Kate [1] https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX |
|
|
|
SPDX Awareness Building
Philip Odence
At LinuxCon Europe next week, the Linux Foundation will send out a press release announcing version 1.2. Also, in addition to a presentation for Black Duck, I will be hosting BoF session on SPDX and will be joining Claus Peter Wiedemann of Bearing Point
to present SPDX at the Automotive Linux event later in the week.
In Asia, YoungTaek Kim will be presenting Samsung's use of SPDX at the Korean Linux Forum in Nov and at the Japan Open Compliance Summit in December. For those who missed the session in New Orleans, here are Taek's slides: http://events.linuxfoundation.org/sites/events/files/slides/Piloting%20SPDX%20in%20Samsung%20-%20case%20studies%20and%20experiences%20%28YoungTaek%20Kim%29.pdf
Lastly, I presented in introduction to SPDX last week at the GENIVI all members meeting in San Diego last week. There is good awareness of SPDX amongst anyone involved in licensing for GENIVI (the open source In-Vehicle Infotainment platform) and this
was an opportunity to build awareness with a broader group.
It's exciting to see the word get out across the globe!
Best,
Phil
L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
|
|
|
|
Thursday SPDX General Meeting
Philip Odence
Meeting Time: Thurs, Oct 2, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues –
Phil
|
|
|
|
SPDX License List v1.19 is now live!!
Jilayne Lovejoy <lovejoylids@...>
SPDX License List version 1.19 has been released! The website pages at http://spdx.org/licenses/ has been updated and the download of the SPDX License List can now be found here: http://git.spdx.org/?p=license-list.git;a=summary Here's a summary of changes over v1.18 (which is also summarized in the last column of the spreadsheet): - 4 new licenses:
- 1 license removed:
- Differences in Artistic License 1.0 variations accounted for in Notes field - PHP-3.0 license text updated (was duplicate with PHP-3.01 previously) - "v1.1" added to full name of SISSL (due to addition of SISSL-1.2) - W3C - full name corrected .odt and .xls formats of the SPDX License List spreadsheet are included in the git repo download. Jilayne Lovejoy SPDX Legal Team lead |
|
|
|
Re: PIBS License Identifier
Wolfgang Denk
Dear Jilayne,
In message <BDE6BBEB-1FDC-4B89-9576-7BDC59BD4577@...> you wrote: Thanks - much appreciated. 1) it was suggested to use the short identifier: "ibm-pibs" - do youI like consistency, too, so please feel free to use "IBM-pibs". the necessary change to the U_boot code is trivial, and was expected, as I was aware that I was using an self-made name. So no objections from my side. 2) in regards to the two different copyright dates you mentioned belowAgreed. I think I could find some more versions of this license if I dig deeper in our old code archives, but those I've seen so far all differ in the date only. So your suggestion makes perfect sense. If you could get back to me as to the first item as soon as possible,Thanks for your help with that! Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@... Be kind to unkind people - they need it the most. |
|
|
|
Re: PIBS License Identifier
Jilayne Lovejoy <lovejoylids@...>
Hello Wolfgang,
toggle quoted message
Show quoted text
We are adding this license to the about-to-be-released version 1.19 of the SPDX License LIst and I had a couple things I wanted to share with you. 1) it was suggested to use the short identifier: "ibm-pibs" - do you have any objection to "IBM-pibs"? The reason being that all other SPDX License List short identifiers tend towards using capital letters unless spelling a word. I'd prefer to be consistent to this end, but it's not a major sticking point either way (in other words, if you are already using the all-lower-case short identifier, I don't see why we can't adopt that to the SPDX License List - if anyone on the Legal Team disagrees with me, please speak up) 2) in regards to the two different copyright dates you mentioned below (2002 and 1995) - I have compared the actual text of the 2002 version you listed in this email and the 1995 version you provided links to in a subsequent email and the only difference is the date itself. In this case, the SPDX License List matching guidelines would equate these two license as the same, as this is only a copyright notice year difference, not a difference in the substantive text of the license. If you could get back to me as to the first item as soon as possible, that would be great. Cheers, Jilayne Lovejoy SPDX Legal Team lead On Jul 28, 2013, at 8:23 AM, Wolfgang Denk <wd@...> wrote:
Hello, |
|
|
|
Re: New Person Questions
Gary O'Neall
Hi David,
As Mark mentioned, 1.2 is still under development. The current schedule has the spec being release within the next 2 weeks. The SPDX tools typically follow within a week.
I’ll take care of update the version number of the tag to RDF tools (your #1 below). Thanks for pointing that out.
Feel free to report any problems or suggest any improvements in the tools through bugs.linuxfoundation.com, the spdx-tech mailing list, or emailing me.
Thanks,
From: Gisi, Mark [mailto:Mark.Gisi@...]
Sent: Wednesday, September 11, 2013 9:18 AM To: Good, David; spdx@... Cc: Gary O'Neall Subject: RE: New Person Questions
Hi David,
Thank you for expressing interest in SPDX and for your insightful questions.
>> SPDX-1.2 is not supported by this version of the rdf parser
The SPDX 1.2 version of the specification has not been released yet. It is in the final stage of review and is expected to be released around the end of the month. Wind River wanted to provide a customer with access to a beta implementation of 1.2 via our cloud solution. This has created some confusion. It was a mistake to provide general available access to a beta version prior to the final release of the 1.2 specification. I apologize.
Gary O’Neal is the SPDX tools lead who could best address your questions with respect to upcoming SPDX project tool support for the different versions of the specification.
Kind regards, Mark
Mark Gisi | Wind River | Senior Intellectual Property Manager Tel (510) 749-2016 | Fax (510) 749-4552
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Good, David
Hi! I’ve just gotten started looking at generating SPDX files for our WindRiver Linux-based project. Wind River gave us a bunch of SPDX files in the form of Excel spreadsheets, but I need to generate some more, so I was looking at the tools here.
Before splattering things into bugzilla, I thought I’d ask about proper channels.
Should this all be in the Technical newsgroup?
1) On the tools -> Tag to RDF page, the offered download of 1.1.7 actually gives one 1.1.17 Is there a webmaster to contact?
2) I generated a tag file using the WindRiver cloud service, and running TagToRdf version 1.1.17 reports: unrecognized SPDX Tag: LicenseListVersion It was easy to work-around this, I just commented out the line LicenseListVersion: 1.18 (or is TagToRdf expecting LicenseListVersion: 1.17 ?) If I look on the Licenses page, the current version is 1.18, but there doesn’t appear to be any history of previous versions of the license list? What changed from 1.17 to 1.18? Is LicenseListVersion an invalid tag? or is TagToRdf wrong?
3) The latest version of RdfToSpreadsheet is 1.1.3, and running it on the output of TagToRdf reports: SPDX-1.2 is not supported by this version of the rdf parser It did appear to work. Are there plans to update RdfToSpreadsheet to handle SPDX-1.2? Is the tool disconnect worthy of bugzilla?
D.Good
|
|
|
|
Re: New Person Questions
Mark Gisi
Hi David,
Thank you for expressing interest in SPDX and for your insightful questions.
>> SPDX-1.2 is not supported by this version of the rdf parser
The SPDX 1.2 version of the specification has not been released yet. It is in the final stage of review and is expected to be released around the end of the month. Wind River wanted to provide a customer with access to a beta implementation of 1.2 via our cloud solution. This has created some confusion. It was a mistake to provide general available access to a beta version prior to the final release of the 1.2 specification. I apologize.
Gary O’Neal is the SPDX tools lead who could best address your questions with respect to upcoming SPDX project tool support for the different versions of the specification.
Kind regards, Mark
Mark Gisi | Wind River | Senior Intellectual Property Manager Tel (510) 749-2016 | Fax (510) 749-4552
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Good, David
Sent: Wednesday, September 11, 2013 7:23 AM To: spdx@... Subject: New Person Questions
Hi! I’ve just gotten started looking at generating SPDX files for our WindRiver Linux-based project. Wind River gave us a bunch of SPDX files in the form of Excel spreadsheets, but I need to generate some more, so I was looking at the tools here.
Before splattering things into bugzilla, I thought I’d ask about proper channels.
Should this all be in the Technical newsgroup?
1) On the tools -> Tag to RDF page, the offered download of 1.1.7 actually gives one 1.1.17 Is there a webmaster to contact?
2) I generated a tag file using the WindRiver cloud service, and running TagToRdf version 1.1.17 reports: unrecognized SPDX Tag: LicenseListVersion It was easy to work-around this, I just commented out the line LicenseListVersion: 1.18 (or is TagToRdf expecting LicenseListVersion: 1.17 ?) If I look on the Licenses page, the current version is 1.18, but there doesn’t appear to be any history of previous versions of the license list? What changed from 1.17 to 1.18? Is LicenseListVersion an invalid tag? or is TagToRdf wrong?
3) The latest version of RdfToSpreadsheet is 1.1.3, and running it on the output of TagToRdf reports: SPDX-1.2 is not supported by this version of the rdf parser It did appear to work. Are there plans to update RdfToSpreadsheet to handle SPDX-1.2? Is the tool disconnect worthy of bugzilla?
D.Good
|
|
|
|
New Person Questions
Good, David <dgood@...>
Hi! I’ve just gotten started looking at generating SPDX files for our WindRiver Linux-based project. Wind River gave us a bunch of SPDX files in the form of Excel spreadsheets, but I need to generate some more, so I was looking at the tools here.
Before splattering things into bugzilla, I thought I’d ask about proper channels.
Should this all be in the Technical newsgroup?
1) On the tools -> Tag to RDF page, the offered download of 1.1.7 actually gives one 1.1.17 Is there a webmaster to contact?
2) I generated a tag file using the WindRiver cloud service, and running TagToRdf version 1.1.17 reports: unrecognized SPDX Tag: LicenseListVersion It was easy to work-around this, I just commented out the line LicenseListVersion: 1.18 (or is TagToRdf expecting LicenseListVersion: 1.17 ?) If I look on the Licenses page, the current version is 1.18, but there doesn’t appear to be any history of previous versions of the license list? What changed from 1.17 to 1.18? Is LicenseListVersion an invalid tag? or is TagToRdf wrong?
3) The latest version of RdfToSpreadsheet is 1.1.3, and running it on the output of TagToRdf reports: SPDX-1.2 is not supported by this version of the rdf parser It did appear to work. Are there plans to update RdfToSpreadsheet to handle SPDX-1.2? Is the tool disconnect worthy of bugzilla?
D.Good
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ |
|
|
|
Minutes from Today's SPDX General Meeting
Philip Odence
|
|
|
|
SPDX General Meeting Next Week
Philip Odence
Hoping to see many of you at LinuxCon. We have full day of SPDX on Tuesday of the event.
Meeting Time: Thurs, Sept 5, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues –
Phil
Update on Yocto project- Matt Germonprez
|
|
|
|
Re: SPDX General Meeting minutes and request
Tom Incorvia
Hello Phil, fine to use Micro Focus name in this context. Thanks, Tom
toggle quoted message
Show quoted text
Tom Incorvia; tom.incorvia@...; O: (512) 340-1336; M: (408) 499 6850 -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Meier, Roger Sent: Friday, August 16, 2013 4:14 AM To: podence@... Cc: spdx@... Subject: Re: SPDX General Meeting minutes and request Hi Phil REQUEST for immediate action: Please get back to me if we can include your company on the list. We are trying to wrap up the article next week, so a response in the next few days would be appreciated.Yes, we are using the license list internally at Siemens. You can add us to the list as well. All the best! Roger With best regards, Roger Meier Siemens Schweiz AG, Building Technologies Division, International Headquarters Infrastructure & Cities Sector Building Technologies Division Control Products & Systems IC BT CPS R&D ZG FW CCP Gubelstrasse 22 6300 Zug, Switzerland Tel: +41 41 724-4942 mailto:r.meier@... Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you. _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ |
|
|
|
Re: SPDX General Meeting minutes and request
RUFFIN MICHEL
Alcatel-Lucent is using the SPDX standard internally and we have aligned all our internal documents on FOSS (including trainings) and our Databases on the license taxonomy of SPDX. So I guess you can mention our name for license taxonomy compliance.
toggle quoted message
Show quoted text
A small comment on the taxonomy. We have a governance process in place since 10 years and I have now to explain to people (already trained as experts, that's around 250+ people) that what we were calling old BSD or BSD1 is now BSD4-clause and new BSD or BSD2 is now BSD3-clause. That's sometimes a bit confusing 8-). Even me I am a bit confused sometimes. So today for BSD, in document and trainings we keep the 3 way of calling the licenses I would like to point out that there is a big issue with the SPDX standard. For a given FOSS there is a top level license And there is a file level license There is no intermediate level In fact there are 3 levels for open sources Top level license of the FOSS Dependencies (FOSS which are included with the top level FOSS) File level license (not use in practice by any of our suppliers). This is something that SPDX should address Michel Michel.Ruffin@..., PhD Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France -----Message d'origine-----
De : spdx-bounces@... [mailto:spdx-bounces@...] De la part de Manbeck, Jack Envoyé : vendredi 16 août 2013 16:19 À : Meier, Roger; podence@... Cc : spdx@... Objet : RE: SPDX General Meeting minutes and request You can include Texas Instruments as well. Jack -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Meier, Roger Sent: Friday, August 16, 2013 5:14 AM To: podence@... Cc: spdx@... Subject: Re: SPDX General Meeting minutes and request Hi Phil REQUEST for immediate action: Please get back to me if we can include your company on the list. We are trying to wrap up the article next week, so a response in the next few days would be appreciated.Yes, we are using the license list internally at Siemens. You can add us to the list as well. All the best! Roger With best regards, Roger Meier Siemens Schweiz AG, Building Technologies Division, International Headquarters Infrastructure & Cities Sector Building Technologies Division Control Products & Systems IC BT CPS R&D ZG FW CCP Gubelstrasse 22 6300 Zug, Switzerland Tel: +41 41 724-4942 mailto:r.meier@... Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you. _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
Re: SPDX General Meeting minutes and request
Manbeck, Jack
You can include Texas Instruments as well.
toggle quoted message
Show quoted text
Jack -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Meier, Roger Sent: Friday, August 16, 2013 5:14 AM To: podence@... Cc: spdx@... Subject: Re: SPDX General Meeting minutes and request Hi Phil REQUEST for immediate action: Please get back to me if we can include your company on the list. We are trying to wrap up the article next week, so a response in the next few days would be appreciated.Yes, we are using the license list internally at Siemens. You can add us to the list as well. All the best! Roger With best regards, Roger Meier Siemens Schweiz AG, Building Technologies Division, International Headquarters Infrastructure & Cities Sector Building Technologies Division Control Products & Systems IC BT CPS R&D ZG FW CCP Gubelstrasse 22 6300 Zug, Switzerland Tel: +41 41 724-4942 mailto:r.meier@... Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you. _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
Re: SPDX General Meeting minutes and request
Meier, Roger <r.meier@...>
Hi Phil
REQUEST for immediate action: Please get back to me if we can include your company on the list. We are trying to wrap up the article next week, so a response in the next few days would be appreciated.Yes, we are using the license list internally at Siemens. You can add us to the list as well. All the best! Roger With best regards, Roger Meier Siemens Schweiz AG, Building Technologies Division, International Headquarters Infrastructure & Cities Sector Building Technologies Division Control Products & Systems IC BT CPS R&D ZG FW CCP Gubelstrasse 22 6300 Zug, Switzerland Tel: +41 41 724-4942 mailto:r.meier@... Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you. |
|
|
|
SPDX LinuxCon 2013 Schedule
Manbeck, Jack
All,
SPDX has an unofficial (meaning we are not on the regular schedule) room which will be using for meetings at LinuxCon 2013. A schedule has been posted on the SPDX web site (http://spdx.org) as a news item. We hope to see many of you there.
Best regards,
Jack Manbeck (Business Team Co-Chair)
|
|
|
|
SPDX General Meeting minutes and request
Philip Odence
MINUTES of Aug 1 meeting:
REQUEST for immediate action:
Jilayne, Scott and I are working on a paper for law journal (IFOSSLR). In one section we are talking about the license list. We have heard anecdotally about some companies that are using the short names and list for internal purposes even if they have
not yet implemented SPDX overall. If your company is using SPDX in this way, we'd like to include the name of your company in a sentence, something along the lines of:
Please get back to me if we can include your company on the list. We are trying to wrap up the article next week, so a response in the next few days would be appreciated.
|
|
|