|
Re: SPDX Press Release
Bruno Cornec <Bruno.Cornec@...>
Hello,
toggle quoted message
Show quoted text
Alexandre Lefebvre from OW2 told me that there is an error on the SPDX Web site wrt the spec. At http://spdx.org/, when you click on the word "specification" the link point to the version 1.0 (though http://www.spdx.org/spec/current), whereas when you clink on Documentation/Current Specification you reached indeed 1.1. Can someone fix the Web site ? TIA, Bruno. Lamons, Scott (Open Source Program Office) said on Thu, Sep 06, 2012 at 03:30:05PM +0000: For those who didn't catch it, here's a pointer to the SPDX 1.1 press release and supporting quotes... _______________________________________________ --
Open Source & Linux Profession Lead EMEA http://opensource.hp.com EMEA Open Source HPISC Chief Technologist http://hpintelco.net FLOSS projects: http://mondorescue.org http://project-builder.org Musique ancienne? http://www.musique-ancienne.org http://www.medieval.org |
|
|
|
Proposed F2F in Oct - cancelled
Ibrahim Haddad <ibrahim@...>
Hi All,
It appears it will be difficult to get a critical mass of people together for the F2F in 2 weeks, so we are pushing the meeting out. Thanks to all who signed up on the web and made an effort to plan to attend. Please direct any inquiries about F2F mtg to the WG leadership who will determine when we have the next meeting and will call for it.
Ibrahim |
|
|
|
Re: F2F in Sept/Oct - looking good - if you are not signed up, please do so
Ibrahim Haddad <ibrahim@...>
Hi Everyone,
toggle quoted message
Show quoted text
We have the most possible attendance for the F2F on Oct 1-2 or Oct 2-3. Jack (TI) is able to host on Oct 1-2 in Austin. For those who can not make it in person, we can have a google hangout session.
Adam (Cisco) will get back to me end of this week if there is a possibility to host in the bay area. Can you please update next to your name in http://spdx.org/wiki/planning-face-face-meeting-september-october-2012, if you can attend Oct 1-2 in Austin? Sorry there is no easier way to track (if there is let me know).
Once Adam gets back to me, I will let you know and we can decide on location based on people who can attend in person. Thank you, Ibrahim Hi All, --
Ibrahim Haddad, Ph.D. Director, Technology & Alliances
The Linux Foundation +1 (408) 893-1122
|
|
|
|
Posted minutes from SPDX General Meeting
Philip Odence
Here they are:
|
|
|
|
SPDX Press Release
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
For those who didn't catch it, here's a pointer to the SPDX 1.1 press release and supporting quotes... http://www.linuxfoundation.org/news-media/announcements
I would also point out that a public instance of Fossology is now up and running at UNO thanks to Matt Germonprez and team. This is a great tool for analyzing open source licenses. Check it out... https://fossology.ist.unomaha.edu/
-Scott
|
|
|
|
Thursday SPDX General Meeting
Philip Odence
Meeting Time: Sept 6, 8am
PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues
Website Update - Jack
|
|
|
|
More expanded ideas for SPDX WG
Ibrahim Haddad <ibrahim@...>
Hi Everyone,
Based on the meeting we had at LinuxCon NA, I am sending some detailed examples of the idea I discussed during that meeting. Some fall under the Business team specifically, others are cross-teams.
I think these would help the WG in more ways than one. If the WG decides to adopt some of these, I am willing to help out. Thanks, Ibrahim |
|
|
|
Re: Followup question after Linuxcon talk
Manbeck, Jack
Robert,
toggle quoted message
Show quoted text
I'm glad to hear that and thanks for your kind words. Your question is an interesting one and it is not a use case that we may have specifically solved yet in that we don't have a field that expresses there is a mandatory dependency on source that needs to be fetched. Here are my thoughts. Ideally you could point to the code with the Package Download Location field (4.5). That would work if all the code they need is at one location (as that field only allows one instance I believe). To clarify that the there is a code dependency (this the spec doesn't do explicitly) you could add information to one of the many optional comment fields in the SPDX: For example, the Source Information field (4.9), Creator Comments (3.3) etc. Keep us up to date with how this progresses. I think documenting solutions to real world problems with SPDX will be valuable for us to capture and put on the site for others and for making adjustments to the specification as needed. Possibly you could even write up your solution and contribute it back? We may need to take this discussion off of the general list. Jack -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bracewell, Robert Sent: Friday, August 31, 2012 12:03 AM To: spdx@... Subject: Followup question after Linuxcon talk Thanks for a great discussion on spdx its got me interested in wrapping spdx into my current release activities as a release manager. Say for example I ship an SDK and for a customer to use this SDK they need to download a number of other files that were unable to ship within the package. What would be the best way with spdx to indicate such? Ideally if I could ship them I would but for reasons outside of my control I am unable to do so. To date I have been using Nexus pro to decorate the artifacts that make up the bill of materials by adding metadata to this tool. The metadata i've been storing is inline with what spdx already tracks. I wrote my own Maven plugins to take care of the metadata aspect of adding it and pulling it out of Nexus when producing the bill of materials. What I am thinking is that instead of storing metadata i'll just attach an spdx file as an attached artifact with a classifier and for every artifact that is subsequently packaged it will just pull down the spdx files and aggregate. Looks like I need to do some reading of the spec and whitepapers etc to get up to speed. -- Robert _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
Re: Followup question after Linuxcon talk
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Robert,
toggle quoted message
Show quoted text
Thanks for your message and joining the list. You pose an interesting scenario! While the SPDX is typically provided with the corresponding code I suspect there might be some way that this could be accomplished or communicated -- perhaps using some of the comment fields or maybe it makes sense to create and contribute SPDX for the code you're not shipping but I will defer to the technical experts on the list. Regards, Scott Lamons SPDX Business Team -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bracewell, Robert Sent: Thursday, August 30, 2012 9:03 PM To: spdx@... Subject: Followup question after Linuxcon talk Thanks for a great discussion on spdx its got me interested in wrapping spdx into my current release activities as a release manager. Say for example I ship an SDK and for a customer to use this SDK they need to download a number of other files that were unable to ship within the package. What would be the best way with spdx to indicate such? Ideally if I could ship them I would but for reasons outside of my control I am unable to do so. To date I have been using Nexus pro to decorate the artifacts that make up the bill of materials by adding metadata to this tool. The metadata i've been storing is inline with what spdx already tracks. I wrote my own Maven plugins to take care of the metadata aspect of adding it and pulling it out of Nexus when producing the bill of materials. What I am thinking is that instead of storing metadata i'll just attach an spdx file as an attached artifact with a classifier and for every artifact that is subsequently packaged it will just pull down the spdx files and aggregate. Looks like I need to do some reading of the spec and whitepapers etc to get up to speed. -- Robert _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx |
|
|
|
Website Update
Manbeck, Jack
All,
As a follow up on our actions the web re-vamp team has been and continues to work to improve the quality of our website. You may already have noticed a few changes. Our initial focus has been on pruning empty pages, fixing links and consolidating / re-wording some content to make things easier to find and understand and we are almost done with that first pass. Over the course of the next month we will be focusing on other items that were submitted and more specifically on the content.
Best Regards,
Web re-vamp team |
|
|
|
Followup question after Linuxcon talk
Bracewell, Robert <rbracewe@...>
Thanks for a great discussion on spdx its got me interested in wrapping spdx into my current release activities as a release manager.
Say for example I ship an SDK and for a customer to use this SDK they need to download a number of other files that were unable to ship within the package. What would be the best way with spdx to indicate such? Ideally if I could ship them I would but for reasons outside of my control I am unable to do so. To date I have been using Nexus pro to decorate the artifacts that make up the bill of materials by adding metadata to this tool. The metadata i've been storing is inline with what spdx already tracks. I wrote my own Maven plugins to take care of the metadata aspect of adding it and pulling it out of Nexus when producing the bill of materials. What I am thinking is that instead of storing metadata i'll just attach an spdx file as an attached artifact with a classifier and for every artifact that is subsequently packaged it will just pull down the spdx files and aggregate. Looks like I need to do some reading of the spec and whitepapers etc to get up to speed. -- Robert |
|
|
|
SPDX 1.1 now available
kate.stewart@...
The SPDX team is proud to announces that the 1.1 version of the specification is now available, and replaces 1.0 as the current recommended version to work from.
The 1.1 version of the specification is posted to: http://www.spdx.org/content/spdx-specification The original 1.0 version can be found at: http://www.spdx.org/wiki/spdx/specification Many thank yous to the members of the technical, legal and business teams for their excellent input over the last year as we refined the original version and incorporated the early adopters feedback. An extra special thank you to those members who provided excellent detailed editorial reviews, quick spins to incorporate the changes, and feedback in the last push to get this version published in time for LinuxCon. :) Kate |
|
|
|
updated draft: 20120826 now available.
kate.stewart@...
Thank you for the comments, all change requests received to date
toggle quoted message
Show quoted text
have been made in DRAFT 20120826, available at: http://www.spdx.org/wiki/spdx/specification Please let me know you spot any other concerns. DRAFT designation will be removed on Tuesday. Thanks, Kate Specific changes made to 20120826 draft: Page 9: section: 2.2.1 - typo back-to back use of "of of" - FIXED Page 15: Section: 4.5.1 - misspelling determination - FIXED Page 15: section 4.6.1 - misspelling insufficient" - FIXED Page 16: section 4.7.4 - misspelling " Preferred" - FIXED Page 17: section 4.8.4 - typo use of "on on" - FIXED Page 20: section 4.12.1 - delete "a" from ...as a "disjunctive" licenses. - FIXED Page 21: section 4.12.5 - replace "bracket s" w/"parentheses" - FIXED Page 23: section 4.15.5 & 4.15.6 - capitalize gnu c (GNU C) and add "." - FIXED Page 23: section 4.16.5 & 4.16.6 - Provide more realistic text example. - FIXED - inserted one sentence description of GNU C Library. Page 25: section 5.3.7 - </licenseId> should be </licenseName> - FIXED Page 25: section 5.3.3 - this section appears out of place. It has no label and it is position between Intent & Cardinality - REMOVED Page 26: Section 5.5.6 - misspelling "standard" -FIXED Page 28: Section 6.3.1 - typo "filein" - FIXED "file in" Page 29: Section 6.4.1 (continued) - mentions the disjunctive option but not the conjunctive option. - FIXED. added conjunctive reference. Page 33: Section 6.11.12 - fix typo-> infromration - FIXED Page 35: Section 7.1.2 - typo - forgot "." - FIXED Page 36: Section 7.3.6 - misspelling "conluded" - FIXED, and in 7.3.5 too. Appendix II: update to use 1.1-DRAFT (24 Aug 2012 17:18 UTC/6b70e2) - title updated from Vocabulary to SPDX(R) Vocabulary Specification - TM --> (R) - SdpxDocument -> SpdxDocument --- On Wed, 8/22/12, kate.stewart@... <kate.stewart@...> wrote:
From: kate.stewart@... <kate.stewart@...> |
|
|
|
ADMS.SW 1.0 integration with SPDX
Olivier Berger <olivier.berger@...>
Hi.
I had sent messages about ADMS.FOSS (old name) / ADMS.SW (new name) in the past, so here's a bit of followup. FYI, the ADMS.SW 1.0 specifications [0] reuses some bits from SPDX : ADMS.SW Software Packages are designed subclasses of SPDX Packages, and have an optional 'checksum' property, that is mapped to an SPDX Package Checksum in the RDF implementation of ADMS.SW 1.0. I hope that will increase reuse and interoperability between Software Catalogues (including development forges) using ADMS.SW and other SPDX compatible tools. Hope this helps. Best regards, [0] https://joinup.ec.europa.eu/asset/adms_foss/release/release100 -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) |
|
|
|
Action Required: SPDX 1.1 Press Release
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Jennifer Cloer (Linux Foundation PR) and I are finalizing a press release for SPDX 1.1 which will be very similar in structure to what we did for SPDX 1.0 last year. This is scheduled to hit the wire next Thursday morning (same day as the SPDX Panel Discussion) and we would like to reference companies, projects, and institutions that have been involved in developing, supporting, implementing, or adopting the specification. If you wish to be listed Jennifer will need your company approval by close of business (5pm US Pacific time) next Monday 8/27 -- please reply directly to her. You are also welcome and encouraged to provide a supporting statement as well although Jennifer will retain final decision making on whether it's included or not. Thanks,
Scott Lamons SPDX Business Working Group HP Open Source Program Office 970-898-2804
|
|
|
|
SPDX General Meeting Minutes and Important Notice
Philip Odence
Meeting Minutes: http://spdx.org/wiki/20120823-general-meeting-minutes
Notice: We are trying to finalize the 1.1 spec. Tonight Kate is working through a handful of known typos in this version.
The Tech Team is fine with the content. Unless anyone raises an alarm in the next few days, we will declare it the official 1.1 version.
|
|
|
|
F2F mtg in Sept / Oct
Ibrahim Haddad <ibrahim@...>
Hi All,
As follow up to this morning's call, please sign up to the F2F possible date here: http://spdx.org/wiki/planning-face-face-meeting-september-october-2012 (add your name / location to the bottom of the page).
If you can host the meeting, please add your company/hosting site location to the page. We will revisit this the week after LinuxCon NA and make a decision on location of the meeting, host, and possible way to join the mtg remotely.
Thank you. Ibrahim Ibrahim Haddad, Ph.D.
Director, Technology & Alliances The Linux Foundation
+1 (408) 893-1122 |
|
|
|
F2F in Sept/Oct - looking good - if you are not signed up, please do so
Ibrahim Haddad <ibrahim@...>
Hi All,
It looks the F2F for Sept or Oct is gaining some steam with more people signing up as able to attend.
If you have not considered attending, please revisit and sign up for the dates you can. Thank you, Ibrahim |
|
|
|
updated draft: 20120822a now available.
kate.stewart@...
Thank you to everyone who submitted comments and bugs. :)
The bugzilla bugs with the spec itself, targetted to 1.1, are now all resolved, and written comments provided so far by email have been addressed to the best of my knowledge. New version of the .doc and .pdf has been uploaded to http://www.spdx.org/wiki/spdx/specification Current version is: http://www.spdx.org/system/files/spdx-1.1-rc20120822a.pdf Please let me know if I've overlooked some comment. Thanks, Kate Fixes included: - Bug 1039 - Wrong cross-reference in 4.12.2 - Bug 1043 - Inconsistency between concluded and declared licenses - Bug 1044 - Example is wrong in 4.13 Comments on Licence - Bug 1045 - Spelling error in Review Comments - Marc-Etienne Vargenau, Scott Lamons, Pierre Lapointe added to thank you list - Page 7: Section 1.7.2 correct the typo 201w -> 2012 - FIXED - Page 8: Section 2 minor word smithing -> "that enables forward and backward compatibility for processing tools." - FIXED - Page 9: Section 2.3.1 missing "." - FIXED - Page 13: Section 4.1.6 -RDF/XML example value should be: glibc (not glibc 2.11.1). That is, it should be the same as the Tag example. -FIXED - Page 14: Section 4.3.6 -RDF/XML example value should be: glibc-2.11.1.tar.gz (not glibc 2.11.1). That is, it should be the same as the Tag example. - FIXED Page 15: Section 4.5.1 - FSF -> spell out to be Free Software Foundation -FIXED Page 16: Section 4.7.2 - word smithing " It also permits one to embedded the SPDX file within..." - FIXED After Marc-Etienne called my attention to the overlooked bugs, I did a wider search and: Bug 979 - SPDX licenses are disconnected from other published versions of the license - FIXED (by section 5.4) Bug 1016 - Publish description of structure and usage of license list - FIXED (by License Class in RDF in Appendix II and http://www.spdx.org/content/spdx-license-list) Bug 1018 - Proposal to add comments to all concrete classes - FIXED (2.3, 3.3, 5.5, 6.11. 7.3 in spec) Bug 1037 - Standard license properties are documented in RDF but not in the spec- FIXED (see class:License in Appendix II) More info needed: - Page 5: Section 1.3 minor word smithing - not spotting this change in the version attached to email feedback. |
|
|
|
SPDX General Meeting this Thursday
Philip Odence
Two items before the meeting:
Meeting Time: Aug 23, 8am
PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Attempting to approve 1.1 spec as final.
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues
Website Update
Possibility of another F2F meeting after LinuxCon
|
|
|