|
Re: Mailing list archive
Peter Williams <peter.williams@...>
Does anyone object to moving the content of <http://www.spdx.org/wiki/spdx/participation-guidelines> to the main participation page, <http://www.spdx.org/node/2240>? A page named "guidelines" seems more like a code of conduct than a page containing the details of how one would go about participating. And the extra click seem unnecessary.
toggle quoted message
Show quoted text
Peter On 9/29/10 2:29 PM, Peter Williams wrote:
On 9/29/10 2:16 PM, Armijn Hemel wrote:Sweet, thanks. I added a link to the participation guidelines page in |
|
|
|
Re: Some SPDX 1.0 beta examples
dmg
This is good. It can start some discussion on the standard.
First, one question: I scanned the file for zlib and I found some issues with it, but I think are worth discussing: 1. Some files do not contain a license, yet they are marked as one: dmg@i:/tmp/zlib-1.2.5$ more contrib/minizip/zip.c /* zip.c -- IO on .zip files using zlib Version 1.1, February 14h, 2010 part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) Modifications for Zip64 support Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) For more info read MiniZip_info.txt Changes Oct-2009 - Mathias Svensson - Remove old C style function prototypes Oct-2009 - Mathias Svensson - Added Zip64 Support when creating new file archives Oct-2009 - Mathias Svensson - Did some code cleanup and refactoring to get better overview of some functions. Oct-2009 - Mathias Svensson - Added zipRemoveExtraInfoBlock to strip extra field data from its ZIP64 data It is used when recreting zip archive with RAW when deleting items from a zip. ZIP64 data is automaticly added to items that needs it, and existing ZIP64 data need to be removed. Oct-2009 - Mathias Svensson - Added support for BZIP2 as compression mode (bzip2 lib is required) Jan-2010 - back to unzip and minizip 1.0 name scheme, with compatibility layer */ ------------ 2. Some files refer to zlib.h as the file with a license. Now, if the SHA1 of the file does not change, I would presume (as a user) that I don't need to scan it again, which is good. But what if zlib.h changes? Would it be useful in the SPDX to use a "reference" field to denote such a thing? --------- 3. Is it the same to include a license than to refer to a license? --- 4. In some files the zlib iicense varies slightly: This software is provided 'as-is', without any express or implied warranty. In no event will the author be held liable for any damages arising from the use of this software. and in others This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. --dmg On Wed, Sep 29, 2010 at 12:52 PM, Philip Odence <podence@...> wrote: I moved it to -- --dmg --- Daniel M. German http://turingmachine.org |
|
|
|
Re: Mailing list archive
Armijn Hemel <armijn@...>
On Wed, 2010-09-29 at 16:24 -0400, Philip Odence wrote:
Now that you have appeared in the NY Times with a Boston Red Sox hatActually I was replying to Peter's question. I guess that your mail client might not have shown that it was a reply. But, to actually make it a question: is there an archive available of the period before August 10? armijn -- --------------------------------------------------------------------------- armijn@... || http://www.gpl-violations.org/ --------------------------------------------------------------------------- |
|
|
|
Re: Mailing list archive
Peter Williams <peter.williams@...>
On 9/29/10 2:16 PM, Armijn Hemel wrote:
Sweet, thanks. I added a link to the participation guidelines page in the wiki. Hopefully one more link will make google pick it up. Peter |
|
|
|
Re: Mailing list archive
Philip Odence
Armijn, Now that you have appeared in the NY Times with a Boston Red Sox hat http://www.nytimes.com/2010/09/26/business/26ping.html?src=busln, I feel I must respond quickly. There are a number of places in SPDX.org that provide links to the mail list sign up, for example: Click on the mail list sign up link. Then click on the first link that appears on the mail list page https://fossbazaar.org/mailman/listinfo/spdx and you will be taken to the archive. Phil L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
On Sep 29, 2010, at 4:16 PM, Armijn Hemel wrote:
|
|
|
|
Re: Mailing list archive
Armijn Hemel <armijn@...>
On Wed, 2010-09-29 at 14:04 -0600, Peter Williams wrote:
Is the spdx mailing list archived anywhere? I was looking to read uphttps://fossbazaar.org/pipermail/spdx/ armijn -- --------------------------------------------------------------------------- armijn@... || http://www.gpl-violations.org/ --------------------------------------------------------------------------- |
|
|
|
Mailing list archive
Peter Williams <peter.williams@...>
Is the spdx mailing list archived anywhere? I was looking to read up on the past debate around a particular part of the spec and I was unable to locate an archive of the mailing list.
It is crucial that the forum in which so many of the decisions regarding SPDX are made be archived and made available on the web. The lack of an archive on the web make our work quite opaque to anyone who is not currently subscribed. It also hides this effort from people who might be interested because none of it shows up in search engines. It is possible to turn on an archiving feature in our list server? Peter Williams <http://openlogic.com> |
|
|
|
Re: Some SPDX 1.0 beta examples
Philip Odence
I moved it to Home » Wiki » Software Package Data Exchange (SPDX) » Spec Development » Sandbox For Sharing Examples, Ideas, Etc. Not sure if it way my knowledge or permissions or both, but anyway, it's there. Good stuff, Peter. On Sep 29, 2010, at 3:45 PM, Peter Williams wrote:
|
|
|
|
Some SPDX 1.0 beta examples
Peter Williams <peter.williams@...>
Hi all,
I have posted some examples, along with some notes about them at <http://spdx.org/wiki/openlogic-spdx-10-beta-examples>. The examples are intended to conform to the 1.0 beta version of the spec except that we used sha-256 checksums -- rather than sha-1 -- to identify the files. I was not able to figure out how to add that page to the examples sandbox. (Perhaps i do not permission to do that? ) Would someone with more knowledge of (or permissions with) the wiki do that for me? Comments and feedback are welcome. Peter Williams <http://openlogic.com> |
|
|
|
SPDX RDF Sub-group Mtg 4 concall / gotomeeting details
Bill Schineller
Colleagues,
Sorry for sending out the call-in details late. The call will be at the usual Tuesday time the RDF subgroup has been meeting the last 3 weeks. We'll be discussing mechanism for representing the machine-readable ontology within a single XHTML document. Perhaps Peter can demonstrate online? SPDX RDF Sub-group Mtg 4 (TODAY) Tuesday Sept 28, 11AM eastern time Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 Conference code: 7833942033 URL to join meeting: http://blackducksoftware.na6.acrobat.com/r70154570/ Bill Schineller Knowledge Base Manager Black Duck Software Inc. T: +1.781.810.1829 F: +1.781.891.5145 E: bschineller@... http://www.blackducksoftware.com |
|
|
|
Minutes from Sept 23 SPDX call
Philip Odence
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
|
|
|
|
Re: HTML Spec page weird look on spdx.org
Philip Odence
Kate is doing her best to fix it up asap.
toggle quoted message
Show quoted text
On Sep 26, 2010, at 4:44 PM, "Philippe Ombredanne" <pombredanne@...> wrote:
All: |
|
|
|
HTML Spec page weird look on spdx.org
Philippe Ombredanne
All:
this is most likely a known problem, but the draft web page for the spec at http://www.spdx.org/wiki/spdx/specification seems to be quite hard to read (many empty lines), the paragraph numbers are almost all "1", and the page is munged (the bottom is not displayed) on Firefox. -- Cordially Philippe philippe ombredanne | 1 650 799 0949 | pombredanne at nexb.com nexB - Open by Design (tm) - http://www.nexb.com |
|
|
|
Re: Spec comments and suggestions
Gary O'Neall
Good point on the copyright holder/copyright information. We could have all
toggle quoted message
Show quoted text
of the copyrights combined in one field - e.g. if a file or package has 3 copyrights A, B, and C - we could have a single copyright field of "A, B, and C". This, however, would make it difficult to parse and potentially loose information. I would be in favor or changing the cardinality to 1 or more. On the Download URL - agree with the comment. I would also add that the recently discussed optional field of a DOAP document could provide quite a bit of additional information on the package. The DOAP document includes optional fields for the following: Download-page - Mirror of software download web page. Download-mirror - Mirror of the Web page from which the project software can be downloaded. Homepage - URL of a project's homepage, associated with exactly one project. Old-homepage - URL of a project's past homepage, associated with exactly one project. Repository - Source code repository. Wiki - URL of Wiki for collaborative discussion of project. Gary -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Jilayne Lovejoy Sent: Friday, September 24, 2010 8:31 AM To: spdx@... Subject: Spec comments and suggestions Hello All, I am getting up to speed, have taken a close look at the current spec, and have some comments noted below. 3.4 Download URL COMMENT: We may want to have some guideline as to which page is to be specified for this field, i.e. the home page or the download page where there is both or the website has many pages. 3.5 Additional Source Information COMMENT: We may want to add a guideline for this field to encourage complete information. In my experience, brief notes written by someone else (let alone myself sometimes) are sometimes incomprehensible later. While this is hard to control, requesting that people use complete sentences (with a proper subject) and minimize the use of pronouns might help ensure this information is useful and clear to the next person. Perhaps simply rewriting the example as suggested below may meet this goal. 3.5.7 Example: SourceInfo: The glibc-2.11.1 used here was obtained from git://sourceware.org/git/glibc.git. 3.6 Declared License(s) for a Package 3.6.7 Example: DeclaredLicense/DisjunctiveLicense: ________ - Add example of how this will look. This may have already been mentioned. 3.8 Declared Copyright Holder of Package 3.8.3 Cardinality: Mandatory, single instance - There is often more than one author or copyright holder, so this needs to accommodate multiple instances. 5.4 Copyright Information Detected 5.4.3 Cardinality: Mandatory, single instance - There is often more than one author or copyright holder, so this needs to accommodate multiple instances. OTHER: In several places in the spec the idea of identifying a license as either "NotSpecified" or "UnKnown" is mentioned. The current definitions of these terms in the license list are a bit unclear to me and could easily overlap. I would suggest revising them as such: NoLicense (instead of NotSpecified) = no license was found in the file or elsewhere whatsoever UnKnown = some license info was found, but it is unclear what license applies, if the license found applies, etc. - In both cases, it would be helpful to have a comment field to accompany these designations for the purpose of explaining why this conclusion was reached Cheers, Jilayne Lovejoy | Corporate Counsel jlovejoy@... 720 240 4545 | phone 720 240 4556 | fax 1 888 OpenLogic | toll free www.openlogic.com OpenLogic, Inc. Headquarters, Broomfield, Colorado 80021 _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx |
|
|
|
Spec comments and suggestions
Jilayne Lovejoy <Jlovejoy@...>
Hello All,
I am getting up to speed, have taken a close look at the current spec, and have some comments noted below. 3.4 Download URL COMMENT: We may want to have some guideline as to which page is to be specified for this field, i.e. the home page or the download page where there is both or the website has many pages. 3.5 Additional Source Information COMMENT: We may want to add a guideline for this field to encourage complete information. In my experience, brief notes written by someone else (let alone myself sometimes) are sometimes incomprehensible later. While this is hard to control, requesting that people use complete sentences (with a proper subject) and minimize the use of pronouns might help ensure this information is useful and clear to the next person. Perhaps simply rewriting the example as suggested below may meet this goal. 3.5.7 Example: SourceInfo: The glibc-2.11.1 used here was obtained from git://sourceware.org/git/glibc.git. 3.6 Declared License(s) for a Package 3.6.7 Example: DeclaredLicense/DisjunctiveLicense: ________ - Add example of how this will look. This may have already been mentioned. 3.8 Declared Copyright Holder of Package 3.8.3 Cardinality: Mandatory, single instance - There is often more than one author or copyright holder, so this needs to accommodate multiple instances. 5.4 Copyright Information Detected 5.4.3 Cardinality: Mandatory, single instance - There is often more than one author or copyright holder, so this needs to accommodate multiple instances. OTHER: In several places in the spec the idea of identifying a license as either "NotSpecified" or "UnKnown" is mentioned. The current definitions of these terms in the license list are a bit unclear to me and could easily overlap. I would suggest revising them as such: NoLicense (instead of NotSpecified) = no license was found in the file or elsewhere whatsoever UnKnown = some license info was found, but it is unclear what license applies, if the license found applies, etc. - In both cases, it would be helpful to have a comment field to accompany these designations for the purpose of explaining why this conclusion was reached Cheers, Jilayne Lovejoy | Corporate Counsel jlovejoy@... 720 240 4545 | phone 720 240 4556 | fax 1 888 OpenLogic | toll free www.openlogic.com OpenLogic, Inc. Headquarters, Broomfield, Colorado 80021 |
|
|
|
SPDX - License List Discussion (special topic call on 9/24 at 11MT/12CT/13ET, )
kate.stewart@...
Hi,
Following up from last week and from SPDX call today, we'll be having a special topic call tomorrow on the licenses. Here's the dial in information for the call tomorrow: US 866-740-1260 Look up int'l toll free numbers at http://www.readytalk.com/an.php?tfnum=8667401260 ID 2404502 Web meeting Www.readytalk.com Join meeting with ID 2404502 Embedded below is the agenda, and notes from the previous call. If I've missed something, please feel free to bring it up by email or on the call tomorrow. Look for some pointers to web sites to be mailed out before the call. Thanks, Kate --- On Thu, 9/16/10, kate.stewart@... <kate.stewart@...> wrote: From: kate.stewart@... <kate.stewart@...>... Agenda:approach propose by Callaway was felt reasonable. We'll go with the embedded version in the name varient for now, and adjust later unless someone feels very strongly. seems to be ok, but revisit after RDF figured out a bit more to make sure can handle. Discuss with wider audience a bit. 3) volunteers to help with pulling the license list |
|
|
|
launchpad.net RDF
Philippe Ombredanne
All:
as discussed during today's call here are some pointers to Launchpad RDF: This is an example of a project page: https://launchpad.net/do and the matching RDF metadata: https://launchpad.net/do/+rdf or: https://launchpad.net/launchpad and https://launchpad.net/launchpad/+rdf The spec for the RDF is there: http://bazaar.launchpad.net/~launchpad-pqm/launchpad/db-devel/files/head%3A/lib/canonical/launchpad/rdfspec/ -- Cordially Philippe philippe ombredanne | 1 650 799 0949 | pombredanne at nexb.com nexB - Open by Design (tm) - http://www.nexb.com |
|
|
|
SPDX field Proposal: Optional SPDX author comment field.
Mark Gisi
Issue: Not clear how to include SPDX author comments to the consumers of the SPDX file. For example, a SPDX author may like to include a disclaimer, assumptions made, context of the analysis performed and so forth.
Proposal: Include an optional field for the SPDX file that enables authors (i.e., producers) of the SPDX file to provide general comments to the consumers of the SPDX file.
Suggested Draft: 2.5 SPDX Author Comments
2.5.1 Purpose: An optional field for authors of the SPDX file content to provide general comments to the consumers of the SPDX content.
2.5.2 Intent: Here, the intent is to provide readers/reviewers with comments by the author of the SDPX …
2.5.3 Cardinality: Optional one or more.
2.5.4 Tag: “AuthorComment:”
2.5.5 RDF: /RDF/SPDXDoc/Describes/Package/AuthorComment
2.5.6 Data Format: free form text that can span multiple lines.
2.5.7 Example: AuthorComment: This information is provided "as is" without any warranty. It does not represent legal advice...
Mark Gisi | Wind River | Senior Intellectual Property Manager Tel (510) 749-2016 | Fax (510) 749-4552
|
|
|
|
Agenda for Sept 23 call
Philip Odence
Meeting Time: Sept 23, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Web: Note, we will be using a different URL for each meeting for purposes of taking attendance. When you login please include your full name and company name in this form: Phil Odence, Black Duck Software so I can just copy/paste into minutes. THX.
Legal update from LF Member Counsel call- Rockett Action Items Note: Drafting related action items are embedded in the Wiki. http://www.spdx.org/wiki/spdx/specification
Technical Agenda
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
|
|
|
|
SPDX RDF Sub-group Mtg 3
Bill Schineller
Colleagues,
Those interested in participating in the RDF track, please reconvene next Tuesday. Among other hot topics, we'd like to review in more detail the relationship between SPDX and other standard ontologies like the dublin core SPDX RDF Sub-group Mtg 3 Tuesday Sept 21, 11AM eastern time Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 Conference code: 7833942033 URL to join meeting: http://blackducksoftware.na6.acrobat.com/r82947904/ Bill Schineller Knowledge Base Manager Black Duck Software Inc. T: +1.781.810.1829 F: +1.781.891.5145 E: bschineller@... http://www.blackducksoftware.com |
|
|