Today's SPDX General Meeting
Philip Odence
Meeting Time: Nov 1, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in:
Conference code: 7812589502
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Roadmap
Cross Functional Issues –
Phil
Website Update - Jack
Re: Today's General Team meeting minutes
Philip Odence
Thanks so much, Kirsten!
On 10/18/12 6:14 PM, "Kirsten Newcomer" <knewcomer@...>
wrote:
On 10/18/12 6:14 PM, "Kirsten Newcomer" <knewcomer@...>
wrote:
Today's General Team meeting minutes are available here:
http://spdx.org/wiki/20121018-general-meeting-minutes
Please send any needed corrections or additions.
Thanks!
Kirsten
Kirsten Newcomer
Senior Product Manager
Black Duck Software, Inc.
knewcomer@...
Office: +1.781.425.4493 Mobile: +1.781-710-2184
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
Today's General Team meeting minutes
Kirsten Newcomer
Today's General Team meeting minutes are available here:
http://spdx.org/wiki/20121018-general-meeting-minutes
Please send any needed corrections or additions.
Thanks!
Kirsten
Kirsten Newcomer
Senior Product Manager
Black Duck Software, Inc.
knewcomer@...
Office: +1.781.425.4493 Mobile: +1.781-710-2184
http://spdx.org/wiki/20121018-general-meeting-minutes
Please send any needed corrections or additions.
Thanks!
Kirsten
Kirsten Newcomer
Senior Product Manager
Black Duck Software, Inc.
knewcomer@...
Office: +1.781.425.4493 Mobile: +1.781-710-2184
Thursday SPDX Meeting
Philip Odence
I am traveling in Europe and will not be able to join, so Kirsten will be running.
Meeting Time: Oct 18, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in:
Conference code: 7812589502
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues –
Kirsten
Website Update - Jack
Today SPDX General Meeting
Philip Odence
Sorry for the late reminder.
Meeting Time: Oct 4, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in:
Conference code: 7812589502
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Items - Phil
Website Update - Jack
Re: licensing data of FOSS
kate.stewart@...
Really nice work Daniel, thanks for pointing it out. :)
Looking forward to seeing the SPDX files being generated, but this is going to definitely be handy to do some cross referencing with, as is.
Kate
toggle quoted message
Show quoted text
Looking forward to seeing the SPDX files being generated, but this is going to definitely be handy to do some cross referencing with, as is.
Kate
--- On Wed, 9/26/12, D M German <dmg@...> wrote:
From: D M German <dmg@...>
Subject: licensing data of FOSS
To: spdx@...
Date: Wednesday, September 26, 2012, 1:40 PM
Hi everybody,
We are trying to create a Web site where we publish the
licensing data
of open source applications. This is work in progress, and
it needs
work.
We are trying to analyze different versions of applications
that appear
in Debian. Each app is broken down by license (as identified
by Ninka.
For example, zlib:
http://ag.cs.uvic.ca/project/1114/files/1/
or sqlite
http://ag.cs.uvic.ca/project/1302/files/1/
You can navigate the applications here:
http://ag.cs.uvic.ca/
Hopefully this will help in the development of SPDX.
--dmg
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
Canceled Event: SPDX Legal Workstream Call 11ET/10CT/8PT @ Every 2 weeks from 8am to 9am on Wednesday from Wed Mar 9, 2011 to Wed Dec 26 (spdx@fossbazaar.org)
E.A. Rockett <mgia3940@...>
This event has been canceled and removed from your calendar.SPDX Legal Workstream Call 11ET/10CT/8PTAll: Re-sending invite for regular bi-weekly SPDX Legal Workstream call. Many thanks, Rockett Motorola Inc.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Invitation from Google Calendar You are receiving this courtesy email at the account spdx@... because you are an attendee of this event. To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. |
licensing data of FOSS
dmg
Hi everybody,
We are trying to create a Web site where we publish the licensing data
of open source applications. This is work in progress, and it needs
work.
We are trying to analyze different versions of applications that appear
in Debian. Each app is broken down by license (as identified by Ninka.
For example, zlib:
http://ag.cs.uvic.ca/project/1114/files/1/
or sqlite
http://ag.cs.uvic.ca/project/1302/files/1/
You can navigate the applications here:
http://ag.cs.uvic.ca/
Hopefully this will help in the development of SPDX.
--dmg
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
We are trying to create a Web site where we publish the licensing data
of open source applications. This is work in progress, and it needs
work.
We are trying to analyze different versions of applications that appear
in Debian. Each app is broken down by license (as identified by Ninka.
For example, zlib:
http://ag.cs.uvic.ca/project/1114/files/1/
or sqlite
http://ag.cs.uvic.ca/project/1302/files/1/
You can navigate the applications here:
http://ag.cs.uvic.ca/
Hopefully this will help in the development of SPDX.
--dmg
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
SPDX discussion on the BusyBox mailing list.
Bradley M. Kuhn <bkuhn@...>
I've not had much time to keep up with SPDX in the last few months, but
I wanted to let everyone know that "the thread" that I've been insisting
for years ought to be started on the BusyBox mailing list has finally
begun! I'm very glad to see it.
Here are links the first two messages:
http://lists.busybox.net/pipermail/busybox/2012-September/078399.html
http://lists.busybox.net/pipermail/busybox/2012-September/078416.html
I think a thread is likely to get moving, so I encourage anyone
interested in doing a "real world" example of SPDX file join the BusyBox
list and participate. Conservancy is really hoping to get heavily
involved at this point in building a good SPDX file for BusyBox and our
other projects; I'm looking for ways to make that happen now.
--
-- bkuhn
I wanted to let everyone know that "the thread" that I've been insisting
for years ought to be started on the BusyBox mailing list has finally
begun! I'm very glad to see it.
Here are links the first two messages:
http://lists.busybox.net/pipermail/busybox/2012-September/078399.html
http://lists.busybox.net/pipermail/busybox/2012-September/078416.html
I think a thread is likely to get moving, so I encourage anyone
interested in doing a "real world" example of SPDX file join the BusyBox
list and participate. Conservancy is really hoping to get heavily
involved at this point in building a good SPDX file for BusyBox and our
other projects; I'm looking for ways to make that happen now.
--
-- bkuhn
Thursday SPDX General Meeting
Philip Odence
Meeting Time: Sept 20, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in:
Conference code: 7812589502
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Administrative Agenda
Attendance
Approve Minutes-
http://spdx.org/wiki/20120906-general-meeting-minutes
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Items - Phil
Website Update - Jack
Re: SPDX Press Release
Pierre Lapointe <plapointe@...>
Hi Bruno,
Thanks for catching this, I have redirected the link to http://spdx.org/content/spdx-specification instead.
--
toggle quoted message
Show quoted text
Thanks for catching this, I have redirected the link to http://spdx.org/content/spdx-specification instead.
--
Regards, Pierre
-----
Pierre Lapointe - +1 415 287 7643 - plapointe at nexb.com
DejaCode Enterprise - Manage Open Source Software - Try it today!
nexB - Open by Design - http://www.nexb.com
Follow us on Twitter - Like us on Facebook
On Tue, Sep 18, 2012 at 7:26 AM, Bruno Cornec <Bruno.Cornec@...> wrote:
Hello,
Alexandre Lefebvre from OW2 told me that there is an error on the SPDX
Web site wrt the spec.
At http://spdx.org/, when you click on the word "specification" the link
point to the version 1.0 (though http://www.spdx.org/spec/current),
whereas when you clink on Documentation/Current Specification you
reached indeed 1.1.
Can someone fix the Web site ?
TIA,
Bruno.
Lamons, Scott (Open Source Program Office) said on Thu, Sep 06, 2012 at 03:30:05PM +0000:
> _______________________________________________> For those who didn't catch it, here's a pointer to the SPDX 1.1 press release and supporting quotes...
> http://www.linuxfoundation.org/news-media/announcements
>
> I would also point out that a public instance of Fossology is now up and running at UNO thanks to Matt Germonprez and team. This is a great tool for analyzing open source licenses. Check it out...
> https://fossology.ist.unomaha.edu/
>
> -Scott
>
> Spdx mailing list
> Spdx@...
> https://lists.spdx.org/mailman/listinfo/spdx
--
Open Source & Linux Profession Lead EMEA http://opensource.hp.com
EMEA Open Source HPISC Chief Technologist http://hpintelco.net
FLOSS projects: http://mondorescue.org http://project-builder.org
Musique ancienne? http://www.musique-ancienne.org http://www.medieval.org
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
Re: SPDX Press Release
Bruno Cornec <Bruno.Cornec@...>
Hello,
Alexandre Lefebvre from OW2 told me that there is an error on the SPDX
Web site wrt the spec.
At http://spdx.org/, when you click on the word "specification" the link
point to the version 1.0 (though http://www.spdx.org/spec/current),
whereas when you clink on Documentation/Current Specification you
reached indeed 1.1.
Can someone fix the Web site ?
TIA,
Bruno.
Lamons, Scott (Open Source Program Office) said on Thu, Sep 06, 2012 at 03:30:05PM +0000:
toggle quoted message
Show quoted text
Alexandre Lefebvre from OW2 told me that there is an error on the SPDX
Web site wrt the spec.
At http://spdx.org/, when you click on the word "specification" the link
point to the version 1.0 (though http://www.spdx.org/spec/current),
whereas when you clink on Documentation/Current Specification you
reached indeed 1.1.
Can someone fix the Web site ?
TIA,
Bruno.
Lamons, Scott (Open Source Program Office) said on Thu, Sep 06, 2012 at 03:30:05PM +0000:
For those who didn't catch it, here's a pointer to the SPDX 1.1 press release and supporting quotes...
http://www.linuxfoundation.org/news-media/announcements
I would also point out that a public instance of Fossology is now up and running at UNO thanks to Matt Germonprez and team. This is a great tool for analyzing open source licenses. Check it out...
https://fossology.ist.unomaha.edu/
-Scott
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
--
Open Source & Linux Profession Lead EMEA http://opensource.hp.com
EMEA Open Source HPISC Chief Technologist http://hpintelco.net
FLOSS projects: http://mondorescue.org http://project-builder.org
Musique ancienne? http://www.musique-ancienne.org http://www.medieval.org
Open Source & Linux Profession Lead EMEA http://opensource.hp.com
EMEA Open Source HPISC Chief Technologist http://hpintelco.net
FLOSS projects: http://mondorescue.org http://project-builder.org
Musique ancienne? http://www.musique-ancienne.org http://www.medieval.org
Proposed F2F in Oct - cancelled
Ibrahim Haddad <ibrahim@...>
Hi All,
It appears it will be difficult to get a critical mass of people together for the F2F in 2 weeks, so we are pushing the meeting out. Thanks to all who signed up on the web and made an effort to plan to attend. Please direct any inquiries about F2F mtg to the WG leadership who will determine when we have the next meeting and will call for it.
Ibrahim
Re: F2F in Sept/Oct - looking good - if you are not signed up, please do so
Ibrahim Haddad <ibrahim@...>
Hi Everyone,
toggle quoted message
Show quoted text
We have the most possible attendance for the F2F on Oct 1-2 or Oct 2-3.
Jack (TI) is able to host on Oct 1-2 in Austin. For those who can not make it in person, we can have a google hangout session.
Adam (Cisco) will get back to me end of this week if there is a possibility to host in the bay area.
Can you please update next to your name in http://spdx.org/wiki/planning-face-face-meeting-september-october-2012, if you can attend Oct 1-2 in Austin? Sorry there is no easier way to track (if there is let me know).
Once Adam gets back to me, I will let you know and we can decide on location based on people who can attend in person.
Thank you,
Ibrahim
Hi All,It looks the F2F for Sept or Oct is gaining some steam with more people signing up as able to attend.If you have not considered attending, please revisit and sign up for the dates you can.Thank you,Ibrahim
--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation
+1 (408) 893-1122
SPDX Press Release
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
For those who didn't catch it, here's a pointer to the SPDX 1.1 press release and supporting quotes...
http://www.linuxfoundation.org/news-media/announcements
I would also point out that a public instance of Fossology is now up and running at UNO thanks to Matt Germonprez and team. This is a great tool for analyzing open source licenses. Check it out...
https://fossology.ist.unomaha.edu/
-Scott
Thursday SPDX General Meeting
Philip Odence
Meeting Time: Sept 6, 8am
PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in:
Conference code: 7812589502
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Administrative Agenda
Attendance
Approve Minutes-
Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott
Cross Functional Issues
Website Update - Jack
More expanded ideas for SPDX WG
Ibrahim Haddad <ibrahim@...>
Hi Everyone,
Based on the meeting we had at LinuxCon NA, I am sending some detailed examples of the idea I discussed during that meeting.
Some fall under the Business team specifically, others are cross-teams.
I think these would help the WG in more ways than one. If the WG decides to adopt some of these, I am willing to help out.
Thanks,
Ibrahim
Re: Followup question after Linuxcon talk
Manbeck, Jack
Robert,
I'm glad to hear that and thanks for your kind words.
Your question is an interesting one and it is not a use case that we may have specifically solved yet in that we don't have a field that expresses there is a mandatory dependency on source that needs to be fetched. Here are my thoughts. Ideally you could point to the code with the Package Download Location field (4.5). That would work if all the code they need is at one location (as that field only allows one instance I believe). To clarify that the there is a code dependency (this the spec doesn't do explicitly) you could add information to one of the many optional comment fields in the SPDX: For example, the Source Information field (4.9), Creator Comments (3.3) etc.
Keep us up to date with how this progresses. I think documenting solutions to real world problems with SPDX will be valuable for us to capture and put on the site for others and for making adjustments to the specification as needed. Possibly you could even write up your solution and contribute it back?
We may need to take this discussion off of the general list.
Jack
toggle quoted message
Show quoted text
I'm glad to hear that and thanks for your kind words.
Your question is an interesting one and it is not a use case that we may have specifically solved yet in that we don't have a field that expresses there is a mandatory dependency on source that needs to be fetched. Here are my thoughts. Ideally you could point to the code with the Package Download Location field (4.5). That would work if all the code they need is at one location (as that field only allows one instance I believe). To clarify that the there is a code dependency (this the spec doesn't do explicitly) you could add information to one of the many optional comment fields in the SPDX: For example, the Source Information field (4.9), Creator Comments (3.3) etc.
Keep us up to date with how this progresses. I think documenting solutions to real world problems with SPDX will be valuable for us to capture and put on the site for others and for making adjustments to the specification as needed. Possibly you could even write up your solution and contribute it back?
We may need to take this discussion off of the general list.
Jack
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bracewell, Robert
Sent: Friday, August 31, 2012 12:03 AM
To: spdx@...
Subject: Followup question after Linuxcon talk
Thanks for a great discussion on spdx its got me interested in wrapping spdx into my current release activities as a release manager.
Say for example I ship an SDK and for a customer to use this SDK they need to download a number of other files that were unable to ship within the package. What would be the best way with spdx to indicate such? Ideally if I could ship them I would but for reasons outside of my control I am unable to do so.
To date I have been using Nexus pro to decorate the artifacts that make up the bill of materials by adding metadata to this tool. The metadata i've been storing is inline with what spdx already tracks. I wrote my own Maven plugins to take care of the metadata aspect of adding it and pulling it out of Nexus when producing the bill of materials. What I am thinking is that instead of storing metadata i'll just attach an spdx file as an attached artifact with a classifier and for every artifact that is subsequently packaged it will just pull down the spdx files and aggregate.
Looks like I need to do some reading of the spec and whitepapers etc to get up to speed.
--
Robert
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bracewell, Robert
Sent: Friday, August 31, 2012 12:03 AM
To: spdx@...
Subject: Followup question after Linuxcon talk
Thanks for a great discussion on spdx its got me interested in wrapping spdx into my current release activities as a release manager.
Say for example I ship an SDK and for a customer to use this SDK they need to download a number of other files that were unable to ship within the package. What would be the best way with spdx to indicate such? Ideally if I could ship them I would but for reasons outside of my control I am unable to do so.
To date I have been using Nexus pro to decorate the artifacts that make up the bill of materials by adding metadata to this tool. The metadata i've been storing is inline with what spdx already tracks. I wrote my own Maven plugins to take care of the metadata aspect of adding it and pulling it out of Nexus when producing the bill of materials. What I am thinking is that instead of storing metadata i'll just attach an spdx file as an attached artifact with a classifier and for every artifact that is subsequently packaged it will just pull down the spdx files and aggregate.
Looks like I need to do some reading of the spec and whitepapers etc to get up to speed.
--
Robert
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
Re: Followup question after Linuxcon talk
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
Robert,
Thanks for your message and joining the list. You pose an interesting scenario! While the SPDX is typically provided with the corresponding code I suspect there might be some way that this could be accomplished or communicated -- perhaps using some of the comment fields or maybe it makes sense to create and contribute SPDX for the code you're not shipping but I will defer to the technical experts on the list.
Regards,
Scott Lamons
SPDX Business Team
toggle quoted message
Show quoted text
Thanks for your message and joining the list. You pose an interesting scenario! While the SPDX is typically provided with the corresponding code I suspect there might be some way that this could be accomplished or communicated -- perhaps using some of the comment fields or maybe it makes sense to create and contribute SPDX for the code you're not shipping but I will defer to the technical experts on the list.
Regards,
Scott Lamons
SPDX Business Team
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bracewell, Robert
Sent: Thursday, August 30, 2012 9:03 PM
To: spdx@...
Subject: Followup question after Linuxcon talk
Thanks for a great discussion on spdx its got me interested in wrapping spdx into my current release activities as a release manager.
Say for example I ship an SDK and for a customer to use this SDK they need to download a number of other files that were unable to ship within the package. What would be the best way with spdx to indicate such? Ideally if I could ship them I would but for reasons outside of my control I am unable to do so.
To date I have been using Nexus pro to decorate the artifacts that make up the bill of materials by adding metadata to this tool. The metadata i've been storing is inline with what spdx already tracks. I wrote my own Maven plugins to take care of the metadata aspect of adding it and pulling it out of Nexus when producing the bill of materials. What I am thinking is that instead of storing metadata i'll just attach an spdx file as an attached artifact with a classifier and for every artifact that is subsequently packaged it will just pull down the spdx files and aggregate.
Looks like I need to do some reading of the spec and whitepapers etc to get up to speed.
--
Robert
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bracewell, Robert
Sent: Thursday, August 30, 2012 9:03 PM
To: spdx@...
Subject: Followup question after Linuxcon talk
Thanks for a great discussion on spdx its got me interested in wrapping spdx into my current release activities as a release manager.
Say for example I ship an SDK and for a customer to use this SDK they need to download a number of other files that were unable to ship within the package. What would be the best way with spdx to indicate such? Ideally if I could ship them I would but for reasons outside of my control I am unable to do so.
To date I have been using Nexus pro to decorate the artifacts that make up the bill of materials by adding metadata to this tool. The metadata i've been storing is inline with what spdx already tracks. I wrote my own Maven plugins to take care of the metadata aspect of adding it and pulling it out of Nexus when producing the bill of materials. What I am thinking is that instead of storing metadata i'll just attach an spdx file as an attached artifact with a classifier and for every artifact that is subsequently packaged it will just pull down the spdx files and aggregate.
Looks like I need to do some reading of the spec and whitepapers etc to get up to speed.
--
Robert
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx