Date   

Today's SPDX General Meeting Reminder - Special Presentation

Phil Odence
 

Special Presentation by Tanjong Agbor Smith, one of our Google Summer of Code students

 

Here’s how Tanjong describes himself and his work: I am Tanjong Agbor smith, enrolled in a Masters degree in Computing Science at the University of Alberta. This is my second GSOC contribution for spdx; my first was last year(GSOC 2019) with the License List namespaces project which was a success. I shall be talking about a Google summer of code project titled "Validate license list cross references". This project emanates from a github issue raised, and seeks to provide more information on the validity of urls listed in license files.

 

Funding SPDX Tool Hosting: I’ll also mention that thanks to a number of contributions we’ve blown past our phase 1 goal to fund this year and are well on our way to phase 2 to fund next year. You can still contribute: https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 6, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva

 

Presentation

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


Re: Funding for Hosting On-Line SPDX Tools

 

It would be great. How about Third Monday August at 5pm Pacific? We can do one to two slots on CommunityBridge stuff, each up to 15 minutes + questions.

Can you help pull it together? I would love to showcase the practical stuff happening.

Shane

On Aug 6, 2020, at 2:18, Gary O'Neall <gary@sourceauditor.com> wrote:

Hi Shane,



There are a couple of community bridge related topics we could cover.



For the SPDX online tools, I’m planning on presenting to the OpenChain tools workgroup in Sept.



We could also present as part of a webinar.



Another interesting topic would be the work the interns and GSoC students are doing for the tools more generally.



We have a number of mentors and students involved – perhaps some of the mentors would be interested in jointly presenting?



Gary





From: spdx@lists.spdx.org <spdx@lists.spdx.org> On Behalf Of Shane Coughlan
Sent: Wednesday, August 5, 2020 4:57 AM
To: spdx@lists.spdx.org
Cc: phil.odence@synopsys.com; Kate Stewart <kstewart@linuxfoundation.org>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools



Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar?



Shane



On Aug 5, 2020, at 20:26, Alexios Zavras <alexios.zavras@intel.com> wrote:



Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉



-- zvr



From: spdx@lists.spdx.org <spdx@lists.spdx.org> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@lists.spdx.org
Cc: phil.odence@synopsys.com; Kate Stewart <kstewart@linuxfoundation.org>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools



The deployment is a bit complex (Java/Python/Django/PostgreSQL).


Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?



Vladimir



Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928



Re: Funding for Hosting On-Line SPDX Tools

Gary O'Neall
 

Hi Shane,

 

There are a couple of community bridge related topics we could cover.

 

For the SPDX online tools, I’m planning on presenting to the OpenChain tools workgroup in Sept.

 

We could also present as part of a webinar.

 

Another interesting topic would be the work the interns and GSoC students are doing for the tools more generally.

 

We have a number of mentors and students involved – perhaps some of the mentors would be interested in jointly presenting?

 

Gary

 

 

From: spdx@... <spdx@...> On Behalf Of Shane Coughlan
Sent: Wednesday, August 5, 2020 4:57 AM
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar?

 

Shane 



On Aug 5, 2020, at 20:26, Alexios Zavras <alexios.zavras@...> wrote:



Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

Gary O'Neall
 

I actually tried to implement this in a serverless environment (it was my first choice), but there is persistent state required for some of the components.  As Alexios points out – a good future project.

 

The PostgreSQL is necessary as a DB backend.  It also uses Redis – but this doesn’t seem to add too much complexity.  We have some projects underway to reduce the dependency on Java – it would be great to make this all python sometime in the future.

 

BTW – Anyone interested in reviewing and contributing can review the issues listed here: https://github.com/spdx/spdx-online-tools/issues/199

 

Gary

 

From: spdx@... <spdx@...> On Behalf Of Alexios Zavras
Sent: Wednesday, August 5, 2020 4:27 AM
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

 

Speaking of which, would someone be willing to do 10~15 minutes on ComminityBridge for a forthcoming OpenChain webinar?

Shane 

On Aug 5, 2020, at 20:26, Alexios Zavras <alexios.zavras@...> wrote:



Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

Alexios Zavras
 

Rewriting this to a simpler setup is definitely a valid idea for a future Community Bridge / GSoC project. 😉

 

-- zvr

 

From: spdx@... <spdx@...> On Behalf Of Vladimir Sitnikov
Sent: Wednesday, 5 August, 2020 10:37
To: spdx@...
Cc: phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Is the complexity really needed?

Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

 

Vladimir

 

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Funding for Hosting On-Line SPDX Tools

Vladimir Sitnikov
 

>The deployment is a bit complex (Java/Python/Django/PostgreSQL).

Is the complexity really needed?
Can it be moved to a serverless solution? E.g. GitHub pages for the static content + lambdas for backend?

Vladimir


Re: Funding for Hosting On-Line SPDX Tools

Gary O'Neall
 

Hi Mark,

 

Yes – SPDX is using AWS for the hosting (see https://github.com/spdx/spdx-online-tools/issues/194 for a discussion on the hosting options).

 

The deployment is a bit complex (Java/Python/Django/PostgreSQL).

 

Any credits/help is appreciated.

 

I registered the account that is hosting the site – so feel free to contact me for additional details.

 

Gary

 

 

From: spdx@... <spdx@...> On Behalf Of Mark Atwood via lists.spdx.org
Sent: Monday, August 3, 2020 7:15 PM
To: spdx@...; phil.odence@...; Kate Stewart <kstewart@...>
Subject: Re: [spdx] Funding for Hosting On-Line SPDX Tools

 

Is SPDX using AWS for any hosting?  I can probably get gratis AWS credits provided to SPDX.

 

And since SPDX is using Github, then Github pages can be used to host HTML/CSS/JS

 

..m

 

 

Mark Atwood <atwoodm@...>

Principal, Open Source

+1-206-604-2198

 

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence
Sent: Tuesday, July 28, 2020 11:18 AM
To: spdx@...
Subject: [EXTERNAL] [spdx] Funding for Hosting On-Line SPDX Tools

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_475269920   signature_224475140   signature_97575969   signature_128435618

 


Re: Funding for Hosting On-Line SPDX Tools

Mark Atwood
 

Is SPDX using AWS for any hosting?  I can probably get gratis AWS credits provided to SPDX.

 

And since SPDX is using Github, then Github pages can be used to host HTML/CSS/JS

 

..m

 

 

Mark Atwood <atwoodm@...>

Principal, Open Source

+1-206-604-2198

 

 

 

From: spdx@... <spdx@...> On Behalf Of Phil Odence
Sent: Tuesday, July 28, 2020 11:18 AM
To: spdx@...
Subject: [EXTERNAL] [spdx] Funding for Hosting On-Line SPDX Tools

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_475269920   signature_224475140   signature_97575969   signature_128435618

 


Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

J Lovejoy
 

I just donated using a Visa and it worked.

J.

On Jul 31, 2020, at 9:22 AM, Steve Winslow <swinslow@...> wrote:

Sorry to hear that, McCoy... I've reached out to the CommunityBridge maintainers to ask them to look into this and figure out what's going on. Will let you know what I hear back.

Best,
Steve

On Fri, Jul 31, 2020 at 11:02 AM Shane Coughlan <scoughlan@...> wrote:
Looping our SPDX friends into the thread so they can check this out.

:O

On Jul 31, 2020, at 23:25, McCoy Smith <mccoy@...> wrote:



Not sure who to alert on this, but I’ve tried to donate, and I keep getting rejected.  It won’t accept any credit card of mine. “Failed to Create Credit Card” is the error message I get (both for AmEx & Visa cards).

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: Thursday, July 30, 2020 4:58 PM
To: OpenChain Main <main@...>; OpenChain Tooling <oss-based-compliance-tooling@groups.io>
Subject: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

 

For those with an interest in tooling and SPDX :)



Begin forwarded message:

 

From: "Phil Odence" <phil.odence@...>

Subject: [spdx] Funding for Hosting On-Line SPDX Tools

Date: July 29, 2020 3:18:03 JST

Reply-To: spdx@...

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there. 

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 


<image001.png>

 

 

 

 






--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

Phil Odence
 

Thank, Steve. And, McCoy, thanks in advance for the contribution!

Best,

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_1086835228   signature_1086237430   signature_69066209   signature_1717334311

 

 

From: <main@...> on behalf of Steve Winslow <swinslow@...>
Reply-To: "main@..." <main@...>
Date: Friday, July 31, 2020 at 11:22 AM
To: "main@..." <main@...>
Cc: OpenChain Tooling <oss-based-compliance-tooling@groups.io>, "spdx@..." <spdx@...>
Subject: Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

 

Sorry to hear that, McCoy... I've reached out to the CommunityBridge maintainers to ask them to look into this and figure out what's going on. Will let you know what I hear back.

 

Best,

Steve

 

On Fri, Jul 31, 2020 at 11:02 AM Shane Coughlan <scoughlan@...> wrote:

Looping our SPDX friends into the thread so they can check this out.

 

:O



On Jul 31, 2020, at 23:25, McCoy Smith <mccoy@...> wrote:

Not sure who to alert on this, but I’ve tried to donate, and I keep getting rejected.  It won’t accept any credit card of mine. “Failed to Create Credit Card” is the error message I get (both for AmEx & Visa cards).

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: Thursday, July 30, 2020 4:58 PM
To: OpenChain Main <main@...>; OpenChain Tooling <oss-based-compliance-tooling@groups.io>
Subject: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

 

For those with an interest in tooling and SPDX :)

 

Begin forwarded message:

 

From: "Phil Odence" <phil.odence@...>

Subject: [spdx] Funding for Hosting On-Line SPDX Tools

Date: July 29, 2020 3:18:03 JST

To: "spdx@..." <spdx@...>

Reply-To: spdx@...

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there. 

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 

<image001.png>

 

 

 

 



--

Steve Winslow
Director of Strategic Programs
The Linux Foundation


Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

Steve Winslow
 

Sorry to hear that, McCoy... I've reached out to the CommunityBridge maintainers to ask them to look into this and figure out what's going on. Will let you know what I hear back.

Best,
Steve


On Fri, Jul 31, 2020 at 11:02 AM Shane Coughlan <scoughlan@...> wrote:
Looping our SPDX friends into the thread so they can check this out.

:O

On Jul 31, 2020, at 23:25, McCoy Smith <mccoy@...> wrote:



Not sure who to alert on this, but I’ve tried to donate, and I keep getting rejected.  It won’t accept any credit card of mine. “Failed to Create Credit Card” is the error message I get (both for AmEx & Visa cards).

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: Thursday, July 30, 2020 4:58 PM
To: OpenChain Main <main@...>; OpenChain Tooling <oss-based-compliance-tooling@groups.io>
Subject: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

 

For those with an interest in tooling and SPDX :)



Begin forwarded message:

 

From: "Phil Odence" <phil.odence@...>

Subject: [spdx] Funding for Hosting On-Line SPDX Tools

Date: July 29, 2020 3:18:03 JST

Reply-To: spdx@...

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there. 

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 

<image001.png>

 

 

 

 



--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Re: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

 

Looping our SPDX friends into the thread so they can check this out.

:O

On Jul 31, 2020, at 23:25, McCoy Smith <mccoy@...> wrote:



Not sure who to alert on this, but I’ve tried to donate, and I keep getting rejected.  It won’t accept any credit card of mine. “Failed to Create Credit Card” is the error message I get (both for AmEx & Visa cards).

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: Thursday, July 30, 2020 4:58 PM
To: OpenChain Main <main@...>; OpenChain Tooling <oss-based-compliance-tooling@groups.io>
Subject: [openchain] [spdx] Funding for Hosting On-Line SPDX Tools

 

For those with an interest in tooling and SPDX :)



Begin forwarded message:

 

From: "Phil Odence" <phil.odence@...>

Subject: [spdx] Funding for Hosting On-Line SPDX Tools

Date: July 29, 2020 3:18:03 JST

Reply-To: spdx@...

 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there. 

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 

<image001.png>

 

 

 

 


Re: Requiest for suggestion: wording of SPDX tag

 

I’m on it!

SDPX Team! We have a proposal in from the OpenChain Japan Licensing Information Exchange Work Group. Please see the suggested addition below.

Shane

On Jul 29, 2020, at 11:54, YOSHIYUKI ITO <yoshiyuki.ito.ub@renesas.com> wrote:


Hi Shane-san,

May I ask you to provide suggestion to make proposal for SPDX community?

We Lic. Inf. Exch. SWG member discussed about “Usage Profile” for SPDX 3.0 reference as another extensions of SPDX Lite.
And we need to describe information about “Product” name into SPDX file.

Do you suggest any other better wording than “Prerequisite Product” to describe “Identify the name of the target product that used as the prerequisite for license compatibility assumption.” For Tag name of SPDX file?

Regards,
Yoshiyuki Ito.


Re: SPDX license identifier for bzip2 are strange, why?

J Lovejoy
 

< bcc general list as FYI for anyone who wants to follow the discussion, but moving to legal list>

Quick search shows:
- both version were on the list when we moved to the XML format in 2016

However, I’m not clear on if that was both versions or what…

a ha! search on wiki meeting minutes then found this: https://wiki.spdx.org/view/Legal_Team/Minutes/2014-06-26
regarding diff b/w 1.0..5 and 1.0.6

we should check 1.0.7 and 8 against matching guidelines.

that’s all I have for now, it’s late.

higher power, eh? ;)


Cheers,
Jilayne

PS given this quick trip back in time at our process flow for new licenses back then… OMG, LOOK HOW FAR WE’VE COME!!!!


On Jul 29, 2020, at 12:38 PM, Mark Atwood via lists.spdx.org <atwoodm=amazon.com@...> wrote:

Hi!
 
I’ve started looking at the license and the SPDX identifiers on the “bzip2” project.
 
The license looks like a unsurprising BSD variant, but weirdly it’s been getting a versioned license ID with each release version.  The difference between two version seems to be entirely just the data and the software version.
 
Can this instead just match against one of the BSD variant templates?
 
Why does bzip2 get so finely versioned licensed identifiers?  Do we plan on created a new license identifier when bzip2 releases a version 1.0.9?
 
..m
 
 
Mark Atwood <atwoodm@...>
Principal, Open Source
+1-206-604-2198
 
 
 
From: Cressey, Ben <bcressey@...> 
Sent: Wednesday, July 29, 2020 11:03 AM
To: Atwood, Mark <atwoodm@...>
Cc: etaoin, iliana <iweller@...>
Subject: SPDX license identifier for bzip2
 
Hi Mark,
 
iliana suggested I run this by you, as a higher power in the SPDX org.
 
I’m looking to package bzip2 for Bottlerocket. It has an odd license that Fedora dubs “BSD” but which SPDX has a versioned license for:
 
The upstream author seems to revise the license with each new version, though 1.0.7 and 1.0.8 are close except for the date and version:
 
iliana recommended that I use the “bzip2-1.0.6” identifier for now.
 
Perhaps the author could be persuaded to tweak the license so that it doesn’t need a new SPDX identifier for every release? Maybe it doesn’t matter and 1.0.6 is close enough until they change the text in a significant way again?
 
Thanks,
Ben


SPDX license identifier for bzip2 are strange, why?

Mark Atwood
 

Hi!

 

I’ve started looking at the license and the SPDX identifiers on the “bzip2” project.

 

The license looks like a unsurprising BSD variant, but weirdly it’s been getting a versioned license ID with each release version.  The difference between two version seems to be entirely just the data and the software version.

 

Can this instead just match against one of the BSD variant templates?

 

Why does bzip2 get so finely versioned licensed identifiers?  Do we plan on created a new license identifier when bzip2 releases a version 1.0.9?

 

..m

 

 

Mark Atwood <atwoodm@...>

Principal, Open Source

+1-206-604-2198

 

 

 

From: Cressey, Ben <bcressey@...>
Sent: Wednesday, July 29, 2020 11:03 AM
To: Atwood, Mark <atwoodm@...>
Cc: etaoin, iliana <iweller@...>
Subject: SPDX license identifier for bzip2

 

Hi Mark,

 

iliana suggested I run this by you, as a higher power in the SPDX org.

 

I’m looking to package bzip2 for Bottlerocket. It has an odd license that Fedora dubs “BSD” but which SPDX has a versioned license for:

https://spdx.org/licenses/bzip2-1.0.5.html

https://spdx.org/licenses/bzip2-1.0.6.html

 

The upstream author seems to revise the license with each new version, though 1.0.7 and 1.0.8 are close except for the date and version:

https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.7

https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.8

 

iliana recommended that I use the “bzip2-1.0.6” identifier for now.

 

Perhaps the author could be persuaded to tweak the license so that it doesn’t need a new SPDX identifier for every release? Maybe it doesn’t matter and 1.0.6 is close enough until they change the text in a significant way again?

 

Thanks,

Ben


Funding for Hosting On-Line SPDX Tools

Phil Odence
 

The SPDX Work Group needs your help to host on-line tools.

 

As you may know, SPDX runs on shoestring with support from the Linux Foundation but no corporate contributions. There are benefits to the independence this arrangement, but it means we rely on individual contributions to cover modest expenses we do take on. One of those regular expenses is for cloud services to host our wonderful set of on-line tools.

 

We spend $1200/year on hosting. We’d like to line up enough funding to backfill for this year and to build a balance of “money in the bank” to ensure continuity next year. So the goal is $2400 total. As of this writing we are approaching half way there.

 

Please make a contribution of any size through the Linux Foundation CommunityBridge at:

https://funding.communitybridge.org/projects/f0e320d6-9c86-4656-ad4d-97842f25b124

 

BIG THANKS in advance!

 

Phil

 

L. Philip Odence

General Manager, Black Duck Audit Business

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

https://www.synopsys.com/audits  

 

 

SIG-emailsig-2020

 

 

signature_475269920   signature_224475140   signature_97575969   signature_128435618

 


Thursday's SPDX General Meeting Reminder - Special Presentation

Phil Odence
 

Special Presentation by Rishabh Bhatnager, one of our Google Summer of Code students

 

Title: Golang Parallel RDF Parser

 

Description: Building a GoLang RDF reader in native GoLang which not only would be useful for the SPDX community but also might help the golang community as a whole. Reducing the time required to parse each file using the concurrent parser.

 

 

About Rishabh: A Blockchain enthusiast interested in open-source who's good at competitive-programming. I'm in the final year of graduation pursuing computer engineering at St. Francis Institute of Technology (Mumbai, India).

 

 

I’m off on Thursday, so Gary will run the show.

 

Best,

Phil 

 

GENERAL MEETING

 

Meeting Time: Thurs, July 2, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva

 

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


Re: Thursday's SPDX General Meeting Reminder - Special Presentation

J Lovejoy
 

yes, it's the 4th :)

On 6/3/20 2:04 PM, Jeremiah C. Foster wrote:
Is not Thursday June 4th?

On Wed, 2020-06-03 at 18:58 +0000, Phil Odence wrote:

Special Presentation

 

Title: The Use of SPDX for SBOM Content by the NTIA Software Transparency Initiative

 

Abstract: The NTIA Transparency Initiative has established a Healthcare Proof-of-Concept Working Group in order to evaluate the generation and consumption of SBOMs for Medical Devices.  Multiple Medical Device Manufacturers are creating proof-of-concept SBOMs in the SPDX format in support of this activity. An update on the efforts of this group and their use of SPDX will be provided.

 

Bio: Ed Heierman is a Sr. Product Cybersecurity Architect at Abbott Laboratories, and has 15+ years’ experience with medical device cybersecurity. As part of the Healthcare Proof-of-Concept Working Group, he is leading an effort to define the SBOM content and formats that will be evaluated as part of the NTIA Software Transparency Initiative.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, June 3, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva

 

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 




This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.


Re: Thursday's SPDX General Meeting Reminder - Special Presentation

Jeremiah C. Foster
 

Is not Thursday June 4th?

On Wed, 2020-06-03 at 18:58 +0000, Phil Odence wrote:

Special Presentation

 

Title: The Use of SPDX for SBOM Content by the NTIA Software Transparency Initiative

 

Abstract: The NTIA Transparency Initiative has established a Healthcare Proof-of-Concept Working Group in order to evaluate the generation and consumption of SBOMs for Medical Devices.  Multiple Medical Device Manufacturers are creating proof-of-concept SBOMs in the SPDX format in support of this activity. An update on the efforts of this group and their use of SPDX will be provided.

 

Bio: Ed Heierman is a Sr. Product Cybersecurity Architect at Abbott Laboratories, and has 15+ years’ experience with medical device cybersecurity. As part of the Healthcare Proof-of-Concept Working Group, he is leading an effort to define the SBOM content and formats that will be evaluated as part of the NTIA Software Transparency Initiative.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, June 3, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approva

 

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 




This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.

141 - 160 of 1485