Date   

Re: SPDX 2019 Survey - Ready for your thoughts - Let's collect data

Phil Odence
 

Thanks, Shane, for your work on this and for sending out.

SPDXers,
in addition to sharing your thoughts, please forward to anyone colleagues or acquaintances whom you think might have a useful perspective.

Phil


On 8/6/19, 5:32 PM, "spdx@... on behalf of Shane Coughlan" <spdx@... on behalf of coughlan@...> wrote:

Dear all

The SPDX 2019 Survey is now open and accepting contributions:
https://urldefense.proofpoint.com/v2/url?u=https-3A__forms.gle_h958R6kkvFhxRJtz7&d=DwIFAg&c=DPL6_X_6JkXFx7AXWqB0tg&r=6RejxoO58WZ8e0SKjO9DwnbnAWbcLSaQRQp3CZDH85w&m=aQam-BJyZPypGLr32LS3C2O_wHyP41mqY3R_zeeLbnY&s=JDrekKfFj8YxDxZ7wpimHqc54vZdBsJx0pv-fwfrndc&e=

Please help us with building out information regarding the status of the community and what we need to do next. The survey should only take 3~5 minutes.

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openchainproject.org&d=DwIFAg&c=DPL6_X_6JkXFx7AXWqB0tg&r=6RejxoO58WZ8e0SKjO9DwnbnAWbcLSaQRQp3CZDH85w&m=aQam-BJyZPypGLr32LS3C2O_wHyP41mqY3R_zeeLbnY&s=0cGyK8IYIAP0q3OyCL4PBmI7yramFccO59FpW0VMs8Q&e=

Schedule a call:
https://urldefense.proofpoint.com/v2/url?u=https-3A__calendly.com_shanecoughlan&d=DwIFAg&c=DPL6_X_6JkXFx7AXWqB0tg&r=6RejxoO58WZ8e0SKjO9DwnbnAWbcLSaQRQp3CZDH85w&m=aQam-BJyZPypGLr32LS3C2O_wHyP41mqY3R_zeeLbnY&s=WCdJEEFPfF2XvjP-nhu-qi2_R2mQAVRW9gdR5EBGfbQ&e=


SPDX 2019 Survey - Ready for your thoughts - Let's collect data

Shane Coughlan <coughlan@...>
 

Dear all

The SPDX 2019 Survey is now open and accepting contributions:
https://forms.gle/h958R6kkvFhxRJtz7

Please help us with building out information regarding the status of the community and what we need to do next. The survey should only take 3~5 minutes.

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan


SPDX Aug General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-08-01

 

General Meeting/Minutes/2019-08-01

< General Meeting‎ | Minutes

·         Attendance: 11

·         Lead by Phil Odence

·         Minutes of July meeting approved 

 

Contents

 [hide

·         1 Special Presentations - Umang Taneja, Tanjong Smith, GSoC

·         2 Tech Team Report - Kate/Gary

·         3 Legal Team Report - Jilayne/Paul/Steve

·         4 Outreach Team Report - Kate

·         5 Cross Functional -

·         6 Attendees

Special Presentations - Umang Taneja, Tanjong Smith, GSoC[edit]

·         Umang

·         License submittal workflow automation

·         Aim is to enhance user experience

·         Compare submitted text against existing licenses to see if there’s duplication or close match

·         Problems he’s trying address

·         What if the license is on the list, proposed, rejected…or a close match to one of those

·         Current XML formatting- word-wrap doesn’t match license

·         Also creating/documenting an API

·         Tasks:

·         Create API- use without logging in, so can be accessed by other tools

·         Create License Matcher- looks for exact and close matches

·         Returns all matches and close matches

·         Compare with not accepted as well as rejected licenses. 

·         Reports appropriately according to match

·         Relies on user input regarding whether to go ahead with submittal

·         Improve formatting of generated license

·         Screenshots available at: https://docs.google.com/document/d/1NMcLZVXxBV2PZobPJh1OugbCfC2d8kbAOX4m4TauEYk/edit?usp=sharing

·         Some discussion of how the workflow should work with close matches

·         Aiming for demo in future Legal Team meeting

·         Tanjong

·         License namespace

·         A way to name valid licenses outside of the License List

·         Created namespace and UI

·         Also a mechanism for turning into a license request

·         Took feedback from the joint/legal team meeting

Tech Team Report - Kate/Gary[edit]

·         Spec

·         Progress on Appendix for including other fields in the source like the license ID

·         Keeping scope at file level

·         Tags with SPDX prefix

·         Allows to make it easier for tools to pick up.

·         Source file analysis

·         Philip demoed

·         Heavy testing mode

·         Tools

·         GSoC

·         Continues to go very well

·         All students passed second evaluation

·         Looking for feedback from community:

·         License matching algorithm approaches

·         Some encoded rules

·         Some depended on XML markup

·         Should we encode in XML or handle programmatically? (Discuss with Gary)

Legal Team Report - Jilayne/Paul/Steve[edit]

·         License List

·         3.6 version went out last month

·         Working issues in 3.7

·         Good input/support from Tech Team

·         Recent meetings have been joint with Tech Team

·         Very helpful at this point

 

Outreach Team Report - Kate[edit]

·         Shane has readied the survey

Cross Functional -[edit]

·         None

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Matthew Crawford, ARM

·         Umang Taneja, GSoC

·         Tanjong Smith, GSoC

·         Steve Winslow, LF

·         Gary O’Neall, SourceAuditor

·         Kate Stewart, Linux Foundation

·         Paul Madick, Dimension Data

·         Mark Atwood, Amazon

·         Jilayne Lovejoy, Canonical

·         Jack Manbeck, TI

 


Today SPDX General Meeting Reminder...More Google Summer of Code Updates

Phil Odence
 

Please excuse the later reminder. I was shocked this morning to notice it’s August already. Was thinking we had a week.

 

We will be joined by at least one, maybe two, of our Google SoC students to present their work. Please join.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 1, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-07-11  

  

 

GSoC Presentations

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


Re: In favour of what are §4.9–4.11 deprecated?

Gary O'Neall
 

Hi Matija,

-----Original Message-----
From: spdx@... <spdx@...> On Behalf Of Matija ?uklje
Sent: Wednesday, July 24, 2019 7:19 AM
To: spdx@...
Subject: [spdx] In favour of what are §4.9–4.11 deprecated?

Hi all,

I notice that in 2.1 spec the following are marked as deprecated on the file-level:

• 4.9 Artifact of Project name
• 4.10 Artifact of Project Homepage
• 4.11 Artifact of Projecr Uniform Resource Identifier

…and I wonder what was the new equivalent to get information of origin for a
file in the package. Is the assumption now that files of alien origin to the
analysed package must belong to a different package and that package should
have its own SPDX file, to which the first SPDX file should refer to?
[G.O.]
[G.O.] The idea is that there would be a package definition. It could be in a separate SPDX document, or more likely, as a separate SPDX package definition within the same SPDX document. The originating package definition could have the FilesAnalyzed set to false which allows for a rather small number of required fields. The origin could then be indicated by a relationship between the file and the package.
-=-=-=-=-=-=-=-=-=-=-=-
[G.O.] Gary


In favour of what are §4.9–4.11 deprecated?

Matija Šuklje
 

Hi all,

I notice that in 2.1 spec the following are marked as deprecated
on the file-level:

• 4.9 Artifact of Project name
• 4.10 Artifact of Project Homepage
• 4.11 Artifact of Projecr Uniform Resource Identifier

…and I wonder what was the new equivalent to get information of
origin for a file in the package. Is the assumption now that files
of alien origin to the analysed package must belong to a different
package and that package should have its own SPDX file, to which
the first SPDX file should refer to?

A use common use case I can see could be how to mark font and
image files that are commonly copied from elsewhere instead of
each piece of software reinventing their icons and type faces.


cheers,
Matija Šuklje
--
gsm: +386 41 849 552
www: http://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...


Minutes from July SPDX General Meeting

Phil Odence
 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-07-11

 

 

General Meeting/Minutes/2019-07-11

< General Meeting‎ | Minutes

·         Attendance: 14

·         Lead by Phil Odence

·         Minutes of June meeting approved 

 

Contents

 [hide

·         1 Special Presentations - Xavier Figouoa/ Philip Ekong Obie, GSoC

·         2 Tech Team Report - Kate/Gary

·         3 Legal Team Report - Jilayne/Paul/Steve

·         4 Outreach Team Report - Kate

·         5 Cross Functional -

·         6 Attendees

Special Presentations - Xavier Figouoa/ Philip Ekong Obie, GSoC[edit]

·         Python Library- Adding support for more formats

·         Generating SPDX docs from IDs in code

Tech Team Report - Kate/Gary[edit]

·         Spec

·         All known issues are addressed in 2.2

·         Under discussion: 

·         Idea of a short format for copyrights ala license IDs from FSFE

·         Would be added as an appendix (like license IDs)

·         Could use a joint tech/legal teams call

·         Exploring branching strategy

·         Pared down version, defining minimal subset (from Japan work group)

·         Still SPDX compliant as it will utilize mandatory fields

·         Part of the spec

·         Important to communicate that; it’s not a fork

·         Tools

·         GSoC

·         8 projects total (a record)

·         Great progress, all passed first evaluations 

·         Flurry of tooling work with the new license list

·         Better matching/copyright matching

·         License format improvements

Legal Team Report - Jilayne/Paul/Steve[edit]

·         License List

·         3.6 version went live yesterday

·         10 new licenses and exceptions

·         Other mark up and doc updates

·         Attention now turning to 3.7

·         Other topics of discussion already covered.

·         Namespace Project

·         Need to make clear the difference between LL and NS registry

·         NS is an option for rejected licenses

·         Could be a stop before being accepted

 

Outreach Team Report - Kate[edit]

·         Shane has readied the survey

·         Based on input from Phil, Jack, Kate, Gary

·         Will go do the General Meeting mailing list

Cross Functional -[edit]

·         Will designate one Tech Call per month to include Legal Team

·         Third one of the month

·         Starting next week

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Jilayne Lovejoy, Canonical

·         Steve Winslow, LF

·         Gary O’Neall, SourceAuditor

·         Kate Stewart, Linux Foundation

·         Philippe Ombrédanne- nexB

·         Alexios Zavras, Intel

·         Michael Herzog- nexB

·         David Ryan

·         Dave McLaughlin, Rogue Wave

·         Paul Madick, Dimension Data

·         Mark Atwood, Amazon

·         Xavier Figouoa

·         Philip Ekong Obie

 


Thurs SPDX General Meeting Reminder...special guest stars this month

Phil Odence
 

Joining us will be two students doing Google Summer of Code projects for us. Xavier will be talking about his and Philip will do a short demo.

 

Xavier Figueroa, Undergraduate Computer Science student from Ecuador, first time contributing to an Open Source project

Title: GSoC Project: Addtional format support for Python libraries

Abstract: The GSoC Project Addtional format support for Python libraries initially implied adding support for JSON/XML/YAML formats to the SPDX Python Library, but now some additional work will be done. In this presentation, it will be covered what the project currently entails, where we are and what it is next.

 

Philip Ekong Obie

SPDX Document Generator for projects using SPDXIDs

 

 

GENERAL MEETING

 

Meeting Time: Thurs, July 11, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:  https://wiki.spdx.org/view/General_Meeting/Minutes/2019-06-06

  

 

GSoC Presentations

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


SPDX June General Meeting Minutes (slightly belated)

Phil Odence
 

Note, July Meeting has been moved to July 11.

June minutes: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-06-06

Thanks to Paul for hosting in my stead.

Phil

 

L. Philip Odence

General Manager, Black Duck On-Demand

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 

 

 

         

 

 

 

General Meeting/Minutes/2019-06-06

< General Meeting‎ | Minutes

·         Attendance: 12 (attendance list at bottom)

·         Lead by Paul Madick

·         Minutes of May meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Gary

·         2 Legal Team Report - Jilayne/Paul

·         3 Outreach Team Report - Jack Manbeck

·         4 General Items

·         5 Attendees

Tech Team Report - Gary[edit]

·         Spec No issues remaining to latest spec, 8 GOSC students approved and working. Looking forward to new tools this summer. Lots of new projects adopting SPDX and Linux kernel clean up of licensing still working (about 2/3 through). Making great progress.

·         Tools

 

Legal Team Report - Jilayne/Paul[edit]

·         License List 

·         GSOC student on last call. Great information. Legal Meeting minutes has the description, take a look if you are interested or would like to provide input.

·         Reworking the license inclusion guidelines and moving into github repository in the documentation folder. Please weigh in if you are interested in more licenses. Still looking for more volunteers to move license submissions into license approvals. 

·         A big welcome to new co-lead of legal team Steve Winslow and a big thank you to Karen for her years of stewardship as she steps away from the co-lead position.

 

Outreach Team Report - Jack Manbeck[edit]

·         Not a lot going on now, but working on a survey. Intention is to send the survey to companies to see where they are at in using/implementing SPDX. Maybe include some community in survey, but not sure yet.

General Items[edit]

·         Conversation: are we meeting for summer LF event in SD. Not currently, but Kate will look into getting meeting room for ½ day, etc. Jack, Paul, Kate, Steve and others are potentially available to attend at least one day in SD. 

 

Attendees[edit]

·         Alexios Zavras, Intel

·         JC Herz, Ion Channel

·         Dave McLoughlin

·         Paul Madick, Dimension Data

·         Jilayne Lovejoy

·         Steve Winslow, LF

·         Kate Stewart, Linux Foundation

·         Alexios Zavras, Intel

·         Philippe Ombrédanne- nexB

·         Jack Manbeck

·         Mike Herzog

·         Mark Atwood

 


Thurs SPDX General Meeting Reminder

Phil Odence
 

Notes:

 

 

GENERAL MEETING

 

Meeting Time: Thurs, June 6, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-05-02

  

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


SPDX General Meeting 2018 (replacement)

Phil Odence
 

Moving the July 4 instance of this meeting to July 11 due to the US holiday.


*****

I’m extending this recurring meeting to run through 2019. Please accept so it is updated on your calendar, however no need to send a response to me.



New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:
http://uberconference.com/SPDXTeam



MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions



Re: SW360 experience

Shane Coughlan <shane@...>
 

Hi Alberto

FYI, we will have Michael from Siemens presenting on sw360 during the OpenChain First Monday call in June (9am Pacific on June 3rd). As a bonus we will also have Oliver discussing the Open Source Compliance Tool Chain and how we can all collaborate around that.

Join the call: https://uberconference.com/openchainproject
Optional US dial in number: 855-889-3011
No PIN needed
If you need to use an international phone number please check:
https://www.uberconference.com/international for country numbers.
1. Dial the country number based on your location.
2. Enter 855 889 3011 and then # to enter the room.

Regards

Shane

On May 21, 2019, at 3:29, Alberto Pianon <alberto@...> wrote:

Hi Oliver,

if you arrange a web meeting on sw360 I would be glad to join. I have installed sw360 and started playing with it, but I would like to see it used by someone who masters it...

Thanks!

Ciao

Alberto

Il 20/05/2019 08:46, Oliver Fendt ha scritto:
Hi Steve,



sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.



Ciao

Oliver



Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <@steve.kilbane>
Betreff: [spdx] SW360 experience



Hi all,



I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.



Thanks for any info,



steve



Re: SW360 experience

Alberto Pianon
 

Hi Oliver,

if you arrange a web meeting on sw360 I would be glad to join. I have installed sw360 and started playing with it, but I would like to see it used by someone who masters it...

Thanks!

Ciao

Alberto

Il 20/05/2019 08:46, Oliver Fendt ha scritto:

Hi Steve,

 

sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.

 

Ciao

Oliver

 

Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <Stephen.Kilbane@...>
Betreff: [spdx] SW360 experience

 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 



Re: SW360 experience

J Lovejoy
 

Thanks for responding, Oliver.

I've copied Steve here, as his message got caught up in the mailing list filter, as it looks likes he's not a member of the SPDX general mailing list. (Steve - you can join here: https://spdx.org/participate )

It occurred to me that perhaps a session on sw360 (and how it works with SPDX) might be a good topic for an upcoming general call? Phil - what do you think?

Jilayne


On 5/20/19 2:46 AM, Oliver Fendt wrote:

Hi Steve,

 

sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.

 

Ciao

Oliver

 

Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <Stephen.Kilbane@...>
Betreff: [spdx] SW360 experience

 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 


Re: SW360 experience

Oliver Fendt
 

Hi Steve,

 

sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.

 

Ciao

Oliver

 

Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <Stephen.Kilbane@...>
Betreff: [spdx] SW360 experience

 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 


SW360 experience

Steve Kilbane
 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 


SPDX 2.1.1 specification - final review by 2019/5/21

Kate Stewart
 

In 2017 the project decided to move the specification from google documents to github and a repository was set up at: https://github.com/spdx/spdx-spec

Before we could move forward though, we needed to make sure we weren't loosing content/introducing errors,  so the decision was made to create a 2.1.1 version of the specification, with no significant content changes (only bug fixes).

2.1.1 was initially made available at: https://spdx.github.io/spdx-spec/ in 2018 by Thomas Steenbergen, in a beautiful online format (Thank you!), much improved and useful for those accessing the specification online.   However we stalled out on being able to generate .pdf version to get a static copy of this version.

Thanks to Jack Manbeck's efforts in 2019,  we've finally got a .pdf version available to be reviewed and approved.   Once this version is approved, we can start to incorporate the 2.2 changes into the specification.

A final candidate pdf version of the SPDX 2.1.1 specification is attached to this document, please review and open an issue at https://github.com/spdx/spdx-spec if you see a regression compared to SPDX 2.1 content which is at: 

If there are no significant regressions found compared to 2.1 in the review window, we will log this as the 2.1.1 version and start to incorporate the 2.2 content and features that have been agreed on over the last year into the reference version of the specification on github.

The review window for the 2.1.1 candidate will end on 2019/5/20.

If you have any concerns,  please either open an issue at https://github.com/spdx/spdx-spec  (against 2.1.1 milestone) or join us on the spdx-tech call to discuss. 

Thanks, 
Kate




Thursday SPDX General Meeting Reminder with Special Presentation

Phil Odence
 

Our “guest” presentation for this session feature guest Aaron Williamson (whom you are probably aware was counsel for the SFLC) and non-guest Jilayne. The twosome collaborated on the handbook they will discuss:

 

The Fintech Open Source Foundation (FINOS) recently released the Open Source License Compliance Handbook, a resource of practical compliance information about common open source licenses. FINOS launched the project to support its members in building more mature compliance processes and made the content (and code) open source to encourage adoption and contribution by the community. The handbook's "source code" is a collection of machine-readable YAML text files that can be compiled into a single document (using the supplied python script) or incorporated easily into databases and other systems. Aaron will discuss the project, the decisions behind its design, and plans for the future.

 

Aaron Williamson is General Counsel and Director of Governance at the Fintech Open Source Foundation (FINOS), a nonprofit foundation promoting open source collaboration in the financial services industry. In addition to managing the Foundation’s legal affairs, he leads the Foundation’s Open Source Readiness Program, helping members to develop policies and processes that enable productive engagement with open source. He also co-organizes the FINOS Open Source Strategy Forum, an annual conference on open source in financial services. 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, May 2, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-04-04

 

Special Presentation – Jilayne/Aaron

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 


April SPDX General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-04-04

 

 

L. Philip Odence

General Manager, Black Duck On-Demand

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 

 

 

         

 

 

General Meeting/Minutes/2019-04-04

< General Meeting‎ | Minutes

·         Attendance: 18

·         Lead by Phil Odence

·         Minutes of March meeting approved 

 

Contents

 [hide

·         1 Special Presentation - Gary/Steve

·         2 Tech Team Report - Gary

·         3 Legal Team Report - Jilayne/Paul

·         4 Outreach Team Report - Jack Manbeck

·         5 Attendees

Special Presentation - Gary/Steve[edit]

·         SPDX: Bridging the Compliance Tool Gap

·         https://events.linuxfoundation.org/wp-content/uploads/2018/07/SPDX-Bridging-the-Compliance-Tooling-Gap.pdf

Tech Team Report - Gary[edit]

·         Spec

·         Starting to put out 2.1.1 in pdf form

·         Kudos to Jack

·         Starting in on 2.2

·         Tools

·         GSoc

·         Very active

·         Lots of students and mentors

·         Good project

Legal Team Report - Jilayne/Paul[edit]

·         License List

·         3.5 Release out! 

·         7 new licenses and exceptions

·         including 3 open hardware licenses

·         More open hw planned for 3.6

 

Outreach Team Report - Jack Manbeck[edit]

·         Rethinking a bit and redefining 

·         Survey is next step

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Steve Winslow, LF

·         Nisha Kumar, VMWare

·         Dave Huseby, LF

·         Alexios Zavras, Intel

·         Nicolas Toussaint, Orange

·         Mark Atwood, Amazon

·         Kate Stewart, Linux Foundation

·         Gary O’Neall, SourceAuditor

·         Jilayne Lovejoy

·         Philippe Ombrédanne- nexB

·         JC Herz, Ion Channel

·         Andrew Sinclair, Canonical

·         Paul Madick, Dimension Data

·         Jack Manbeck, TI

·         Michael Herzog- nexB

·         Mark Baushke, Juniper

·         Stephanie, Qualcomm

·         Uwe, Qualcomm

 


SPDX License List version 3.5 now live

J Lovejoy
 

Hi all,

Version 3.5 of the SPDX License List is now released.  Most notably, we have added several open hardware licenses (CERN and TAPR), which I think is a really sensible and exciting addition, considering we already have open documentation and data licenses on the list. We are still missing the Solderpad licenses, but those are slated to be added for the 3.6 release. 

Highlights include:

- New licenses/exceptions added: 7
  1. JPNIC
  2. libpng-2.0
  3. HPND-sell-variant
  4. GPL-CC-1.0
  5. TAPR-OHL-1.0
  6. CERN-OHL-1.1
  7. CERN-OHL-1.2
- Addition of markup to various licenses and other minor updates
- Add page describing entire workflow for adding a new license in /DOCS directory

thanks,
Jilayne