|
SPDX General Meeting today
Philip Odence
Sorry for the late reminder; I'm just getting back into the post-LinuxCon groove.
Meeting Time: Sept 8, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Technical Team Report - Kate
Legal Team Report - Rockett/Karen
Business Team Report - Kim
Cross Functional Issues – Phil
Handling "over the transom" requests for information on the various lists.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Clarification on purpose and participation
Karim Ratib <karim.ratib@...>
Kim and Daniel,
toggle quoted message
Show quoted text
Thanks for your informative replies. My main interest at this point is to generate an SPDX from a running Drupal installation, not a source code repository, if at all feasible - I'll check how Ninka can help there. In general, my motivation for exploring the software inventory domain is not legal as much as it is economically oriented: knowing which open source packages are used in a project is the first step in budgeting some resources (money, effort) to go towards those packages' communities. Being an open source producer/consumer myself, I wish this was an established practice. Best, Karim On Sat, Sep 3, 2011 at 12:48 PM, D M German <dmg@...> wrote:
Kim Weins twisted the bytes to say: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Clarification on purpose and participation
dmg
Kim Weins twisted the bytes to say:
Kim> Their are several commercial tools that do this, but we also feel that open Kim> source tools will be critical. Today there are a couple of OSS tools that Kim> can help find and identify open source licenses. One is FOSSology (created Kim> and maintained by HP) which is available at fossology.org. They are also Kim> hosting it at OSU's Open Source Lab. Another is ninka ( Kim> http://ninka.turingmachine.org/) which was created by Daniel German. I've Kim> cc'd Daniel -- since you may want to talk to him about some of his Kim> experience doing this. I don't believe FOSSology or Ninka will generate an Kim> SPDX file (yet). We also have some free OSS tools on the spdx.org site that Kim> can help you convert a software bill of materials from spreadsheet form into Kim> SPDX format. However that assumes you already have the info about what open Kim> source licenses are included. I wrote some scripts that will actually do a decent job of generating an SPDX document. The only (challenge|problem) is that Ninka does not recognized many of the SPDX licenses. here is an example, using Linux as the Guinea pig: http://turingmachine.org/~dmg/temp/linux-3.0.2.spdx.v0.1 Notice that this is not a true SPDX compliant document: - It is licensed under the Creative Commons. - It has some extra tags that I find useful. - It does not contain a verification code. --dmg -- Daniel M. German http://turingmachine.org/ http://silvernegative.com/ dmg (at) uvic (dot) ca replace (at) with @ and (dot) with . |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Clarification on purpose and participation
Kim Weins
Hi Karim
Thanks so much for your interest and sorry for the slow response! All of the questions that you have asked are exactly on track with our next steps for SPDX. Now that we have a v1 of the SPDX spec, we want to start to create tools that will help developers that create or use OSS to better generate SPDX files. Their are several commercial tools that do this, but we also feel that open source tools will be critical. Today there are a couple of OSS tools that can help find and identify open source licenses. One is FOSSology (created and maintained by HP) which is available at fossology.org. They are also hosting it at OSU's Open Source Lab. Another is ninka ( http://ninka.turingmachine.org/) which was created by Daniel German. I've cc'd Daniel -- since you may want to talk to him about some of his experience doing this. I don't believe FOSSology or Ninka will generate an SPDX file (yet). We also have some free OSS tools on the spdx.org site that can help you convert a software bill of materials from spreadsheet form into SPDX format. However that assumes you already have the info about what open source licenses are included. We are also looking to create additional tools/toolkits that can be used, and would love help in that process. If you are interested in participating, we have three workstreams -- technical, legal and business. Each group holds regular open calls to discuss issues. You can find more details on the participate section of spdx.org. Also, you can sign up for the mailing lists and participate that way as well. Kim On Fri 8/26/11 3:57 PM, "Karim Ratib" <karim.ratib@...> wrote: Hello,Nope. Interesting idea thought - Are there existing tools within Linux distributions to generate SPDXNope. We want to create some tools though. - Is there a recommended workflow for generating a comprehensive SPDXNope.
Kim Weins | Senior Vice President, Marketing kim.weins@... Follow me on Twitter @KimAtOpenLogic 650 279 0410 | cell www.openlogic.com Follow OpenLogic on Twitter @openlogic |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Canceled Event: SPDX Legal Workstream Call 11ET/10CT/8PT @ Wed Aug 31 8am - 9am (spdx@fossbazaar.org)
Esteban Rockett <mgia3940@...>
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Updated Invitation: SPDX Legal Workstream Call 11ET/10CT/8PT @ Wed Aug 31 8am - 9am (spdx@fossbazaar.org)
Esteban Rockett <mgia3940@...>
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Clarification on purpose and participation
Karim Ratib <karim.ratib@...>
Hello,
I just discovered SPDX and after watching the 3-minute video and reading through the Web site, I am eager to understand more - and possibly to participate in the effort, in my capacity as a software developer. I develop web applications using the open source Drupal CMS, and each implementation typically uses tens, if not hundreds, of contributed modules. Each module as well as the core system are GPL licensed. I would like to generate a bill of material for the whole application, and eventually for the server that hosts the application. My initial thought is to write a software tool that generates a single SPDX file based on the Drupal installation's metadata - core version, installed modules, additional libraries, etc. Is this what would be expected to comply with the SPDX vision? As follow-up questions: - Is there a convention to query Web applications for their SPDX (e.g. a well-known URI) ? - Are there existing tools within Linux distributions to generate SPDX for installed packages ? - Is there a recommended workflow for generating a comprehensive SPDX document for a given computer (desktop/server) ? Sorry of these are naive questions - thanks in advance for taking the time to enlighten me. Karim |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
No SPDX General Meeting...next one Sept 8
Philip Odence
To let everyone catch a late summer breath in the wake of the V1.0 release, we'll not be holding a general meeting this week. LinuxCon SPDX Summary It was a great event. The main focus was the 20th anniversary of Linux, but despite that, the first slide of Jim Zemlin's opening was the SPDX 1.0 announcement. Several hours before that, we put out a press release (well done, Kim) with a number of great quotes from the community. Rockett and I presented details of the 1.0 release to a group of about 40 and the news was well received. As you know we had a booth; none of the booths were terribly active, but we did have folks stop by the SPDX booth each day. We also had a BoF (Birds of a Feather) session with about a dozen participants. A few issues came up in that session which we will be discussing in the various teams. The main thrusts of the discussion were around hierarchy/nesting of SPDX files and licensing of the data. On the latter point, there was concern about the unfamiliarity of the PDDL, and that it would impede adoption. Again, congrats to everyone who contributed to the 1.0 release…onward and upward. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
LinuxCon: I have an extra ticket to the gala
dmg
in case somebody needs one... let me know...
-- -- Daniel M. German http://turingmachine.org/ http://silvernegative.com/ dmg (at) uvic (dot) ca replace (at) with @ and (dot) with . |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
SPDX V1.0 Announced
Philip Odence
Congrats and thanks (from Vancouver) to everyone who has been involved with SPDX. Best, Phil L. Philip Odence Vice President of Business Development Black Duck Software, Inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502 Skype: philip.odence |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Cancelled: SPDX Business (Rollout) Call 11ET/8PT
guillaume.rousseau@antelink.com
Hi everyone,
I was wondering if the final version of the press release was avalailable, and when it will be released (should be tomorrow). best regards, Guillaume Le 15/08/11 18:27, Kim Weins a écrit :
-- Guillaume ROUSSEAU CEO, Co-Founder, Antelink Président, Cofondateur, Antelink 18, rue Yves Toudic, 75010, Paris 10ème, France http://www.antelink.com/ +33 1 42 39 30 78 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Cancelled: SPDX Business (Rollout) Call 11ET/8PT
Kim Weins
We will be doing the rollout for SPDX 1.0 at LinuxCon NA. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Revised SPDX TM License, and Draft Attribution Statements
Peter Williams <peter.williams@...>
Does this license allow you to use the trademarks in relation to
toggle quoted message
Show quoted text
software and service offerings which produce, consume or generally involve SPDX files? Peter openlogic.com On Thu, Aug 11, 2011 at 6:07 AM, Esteban Rockett <mgia3940@...> wrote:
All: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Revised SPDX TM License, and Draft Attribution Statements
Esteban Rockett <mgia3940@...>
All:
For discussion on today's "All Hands Call", below please find (i) a revised "SPDX TM License" draft and (ii) draft Attribution Statements. Many thanks, Rockett *** SPDX™ Trademark License (v2) (new text in underlined)
The “SPDX” and “Software Package Data Exchange” trademarks (collectively, “SPDX Trademarks”) are owned by the SPDX Workgroup, which is sponsored by the Linux Foundation (“LF”). LF holds the SPDX Trademarks in trust for the SPDX Workgroup. The SPDX Workgroup hereby grants you a royalty-free, non-exclusive, non-assignable, non-transferable, non-sublicensable, world-wide license to use its SPDX Trademarks in connection with files containing software licensing information if you: (i) solely use the SPDX Trademarks in connection with files containing all of the SPDX “Mandatory Fields” as defined in the applicable version of the SPDX specification as published on www.spdx.org ("SPDX Specification"); (ii) solely uses the SPDX Trademarks in connection with files that do not utilize additional fields, unless such additional fields are (a) “Optional Fields” as defined in the applicable version of the SPDX Specification or (b) otherwise explicitly permitted in the applicable version of the SPDX Specification; (iii) recite the applicable SPDX Specification version in, or with, your use of any of the SPDX Trademarks; and (iv) fully comply with (a) the applicable version of the SPDX Specification and (b) the license (Creative Commons Attribution License 3.0 Unported (also known as CC-BY-3.0)) under which each SPDX Specification is offered in its entirety.
This SPDX TM License shall automatically be revoked in perpetuity if you fail to comply with any of the above requirements. A revoked SPDX TM License may only be restored by (i) you submitting a petition for restoration to the Legal Team of the SPDX Workgroup (“Legal Team”), (ii) attending any required meetings for inquiry in the circumstances, and (iii) a consensus of the Legal Team to restore your license. *** (ii) draft Attribution Statements. New Section 1.7.2 1.7.2.1 The official copyright notice to be used with any verbatim reproduction and/or distribution of this SPDX Specification 1.0 is: "Official SPDX Specification 1.0. Copyright © 2010-2011 Linux Foundation and its Contributors. Licensed under the Creative Commons Attribution License 3.0 Unported. All other rights are expressly reserved." -- note, we should add the same to Section 2.1 to be embedded in compliant "SPDX files" -- 1.7.2.2 The official copyright notice to be used with (i) any non-verbatim reproduction and/or distribution of this SPDX Specification, including without limitation any partial use or combining this SPDX Specification with another work, or (ii) any SPDX file which is not compliant with this SPDX Specification and SPDX Trademark License, is: "This is not an official SPDX Specification or SPDX file. Portions herein have been reproduced from SPDX Specification 1.0 found at www.spdx.com. These portions are Copyright © 2010-2011 Linux Foundation and its Contributors, and are licensed under the Creative Commons Attribution License 3.0 Unported by the Linux Foundation and its Contributors. All other rights are expressly reserved by Linux Foundation and its Contributors." *** -- Motorola Mobility, Inc. E.A. Rockett Senior Counsel Software, Applications & Digital Content Licensing (408)541-6703 (O) (408)541-6900 (F) (415)508-7625 (M) rockett@... |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
20110810 draft of SPEC posted
Kate Stewart <kate.stewart@...>
Latest draft can be found: http://www.spdx.org/wiki/spdx/specification
Help with cleaning it up editorially is most appreciated. Thanks, Kate |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
SPDX General Meeting Agenda and Reminder for Thursday's meeting
Philip Odence
I am on vacation, so Kirsten will host… Meeting Time: June 30, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Technical Team Report - Kate Legal Team Report - Rockett/Karen Business Team Report - Kim Cross Functional Issues – Discussion Website |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
SPDX booth at LinuxCon .... Request for Help
John Ellis
All,
My name is John Ellis and I writing to you today to request your help with the SPDX booth at the upcoming LinuxCon event in Vancouver. My apologies if you are getting this note more than once. As there is not one (1) aggregate mailing list, I am sending to each of the independent lists. If you are attending LinuxCon, please consider volunteering an hour or two to help with the SPDX booth. Booth hours are: Wednesday, August 17: 8:00am - 5:30pm Thursday, August 18: 8:00am - 6:00pm Friday, August 19: 8:00am - 4:00pm While we don't have to staff all these hours, we are trying to staff as many hours as possible. Therefore, please let me know what dates and times you are able to help. I will coordinate and publish the coverage map. Booth duty involves answering questions from visitors. To help in that regard, we will make available an FAQ that you will be able to use. The Linux Foundation is asking that we have a confirmed set of booth staff by this Friday so they (Foundation) can make sure they have coverage in terms of food, shirts, etc. Therefore, I would appreciate your response by no later than Close of Business on Friday, August 5 for your respective time zone. Any questions, don't hesitate to ask me. Thanks in advance for the help. Cheers. jte |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
SPDX Spec Final Review
Philip Odence
We are rapidly closing the doors on any tweaks to the specification. If you want to provide any last feedback on this getting-close-to-final rev http://www.spdx.org/spec/current it needs to be in the next couple of days. If you have contributed to the drafting of the spec and your name is not in the list on page 2, please let Kate know. I look forward to seeing some of you in Vancouver in a couple weeks. Thanks, Phil L. Philip Odence Vice President of Business Development Black Duck Software, Inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502 Skype: philip.odence |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
ANNOUNCE: #spdx channel on Freenode IRC server, now available.
#spdx
Kate Stewart <kate.stewart@...>
Hi,
Have just finished setting up a #spdx IRC channel on freenode, to be used for ongoing SPDX project communication and collaboration. Was just going to send this to the tech list, but realized its more generally useful, as well. So, apologies for the multiple copies of this message in some of your in boxes. Its hoped that this will provide a useful resource for more informal discussion on the SPDX project (specification, tools, guidelines for usage, etc.). Guidelines for how to use the channel can be found: http://freenode.net/channel_guidelines.shtml For those unfamiliar with using IRC communication, you can access freenode and the #spdx channel through a web interface, if you don't have an IRC client installed on your system. Go to: http://webchat.freenode.net/ Nickname: choose a nickname so folks know who is talking. Channels: #spdx enter in the reCAPTCHA in the space provided then press Connect --> and that should let you start participating. I've added #spdx to the list of channels I monitor daily, so if you want to ask me a quick question, IRC channels are a good place for that sort of thing. You may also find them useful for collaborating with other members on specific projects. Hope you find this useful, Kate |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
SPDX General Meeting Reminder/Agenda - Note extended business agenda
Philip Odence
After quick reports from the Tech and Legal teams, we'll spend a little more time on the business agenda to focus on items that need to be completed before the Aug 17 release. Meeting Time: June 30, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Administrative Agenda
Technical Team Report - Kate Legal Team Report - Rockett/Karen Business Team Report - Kim Faqs- get a status update
Web site - assign areas for content
Pr - talk re quotes Cross Functional Issues – Discussion |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|