Date   

Today SPDX General Meeting Reminder...More Google Summer of Code Updates

Phil Odence
 

Please excuse the later reminder. I was shocked this morning to notice it’s August already. Was thinking we had a week.

 

We will be joined by at least one, maybe two, of our Google SoC students to present their work. Please join.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug 1, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-07-11  

  

 

GSoC Presentations

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


Re: In favour of what are §4.9–4.11 deprecated?

Gary O'Neall
 

Hi Matija,

-----Original Message-----
From: spdx@lists.spdx.org <spdx@lists.spdx.org> On Behalf Of Matija ?uklje
Sent: Wednesday, July 24, 2019 7:19 AM
To: spdx@lists.spdx.org
Subject: [spdx] In favour of what are §4.9–4.11 deprecated?

Hi all,

I notice that in 2.1 spec the following are marked as deprecated on the file-level:

• 4.9 Artifact of Project name
• 4.10 Artifact of Project Homepage
• 4.11 Artifact of Projecr Uniform Resource Identifier

…and I wonder what was the new equivalent to get information of origin for a
file in the package. Is the assumption now that files of alien origin to the
analysed package must belong to a different package and that package should
have its own SPDX file, to which the first SPDX file should refer to?
[G.O.]
[G.O.] The idea is that there would be a package definition. It could be in a separate SPDX document, or more likely, as a separate SPDX package definition within the same SPDX document. The originating package definition could have the FilesAnalyzed set to false which allows for a rather small number of required fields. The origin could then be indicated by a relationship between the file and the package.
-=-=-=-=-=-=-=-=-=-=-=-
[G.O.] Gary


In favour of what are §4.9–4.11 deprecated?

Matija Šuklje
 

Hi all,

I notice that in 2.1 spec the following are marked as deprecated
on the file-level:

• 4.9 Artifact of Project name
• 4.10 Artifact of Project Homepage
• 4.11 Artifact of Projecr Uniform Resource Identifier

…and I wonder what was the new equivalent to get information of
origin for a file in the package. Is the assumption now that files
of alien origin to the analysed package must belong to a different
package and that package should have its own SPDX file, to which
the first SPDX file should refer to?

A use common use case I can see could be how to mark font and
image files that are commonly copied from elsewhere instead of
each piece of software reinventing their icons and type faces.


cheers,
Matija Šuklje
--
gsm: +386 41 849 552
www: http://matija.suklje.name
xmpp: matija.suklje@gabbler.org
sip: matija_suklje@ippi.fr


Minutes from July SPDX General Meeting

Phil Odence
 

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-07-11

 

 

General Meeting/Minutes/2019-07-11

< General Meeting‎ | Minutes

·         Attendance: 14

·         Lead by Phil Odence

·         Minutes of June meeting approved 

 

Contents

 [hide

·         1 Special Presentations - Xavier Figouoa/ Philip Ekong Obie, GSoC

·         2 Tech Team Report - Kate/Gary

·         3 Legal Team Report - Jilayne/Paul/Steve

·         4 Outreach Team Report - Kate

·         5 Cross Functional -

·         6 Attendees

Special Presentations - Xavier Figouoa/ Philip Ekong Obie, GSoC[edit]

·         Python Library- Adding support for more formats

·         Generating SPDX docs from IDs in code

Tech Team Report - Kate/Gary[edit]

·         Spec

·         All known issues are addressed in 2.2

·         Under discussion: 

·         Idea of a short format for copyrights ala license IDs from FSFE

·         Would be added as an appendix (like license IDs)

·         Could use a joint tech/legal teams call

·         Exploring branching strategy

·         Pared down version, defining minimal subset (from Japan work group)

·         Still SPDX compliant as it will utilize mandatory fields

·         Part of the spec

·         Important to communicate that; it’s not a fork

·         Tools

·         GSoC

·         8 projects total (a record)

·         Great progress, all passed first evaluations 

·         Flurry of tooling work with the new license list

·         Better matching/copyright matching

·         License format improvements

Legal Team Report - Jilayne/Paul/Steve[edit]

·         License List

·         3.6 version went live yesterday

·         10 new licenses and exceptions

·         Other mark up and doc updates

·         Attention now turning to 3.7

·         Other topics of discussion already covered.

·         Namespace Project

·         Need to make clear the difference between LL and NS registry

·         NS is an option for rejected licenses

·         Could be a stop before being accepted

 

Outreach Team Report - Kate[edit]

·         Shane has readied the survey

·         Based on input from Phil, Jack, Kate, Gary

·         Will go do the General Meeting mailing list

Cross Functional -[edit]

·         Will designate one Tech Call per month to include Legal Team

·         Third one of the month

·         Starting next week

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Jilayne Lovejoy, Canonical

·         Steve Winslow, LF

·         Gary O’Neall, SourceAuditor

·         Kate Stewart, Linux Foundation

·         Philippe Ombrédanne- nexB

·         Alexios Zavras, Intel

·         Michael Herzog- nexB

·         David Ryan

·         Dave McLaughlin, Rogue Wave

·         Paul Madick, Dimension Data

·         Mark Atwood, Amazon

·         Xavier Figouoa

·         Philip Ekong Obie

 


Thurs SPDX General Meeting Reminder...special guest stars this month

Phil Odence
 

Joining us will be two students doing Google Summer of Code projects for us. Xavier will be talking about his and Philip will do a short demo.

 

Xavier Figueroa, Undergraduate Computer Science student from Ecuador, first time contributing to an Open Source project

Title: GSoC Project: Addtional format support for Python libraries

Abstract: The GSoC Project Addtional format support for Python libraries initially implied adding support for JSON/XML/YAML formats to the SPDX Python Library, but now some additional work will be done. In this presentation, it will be covered what the project currently entails, where we are and what it is next.

 

Philip Ekong Obie

SPDX Document Generator for projects using SPDXIDs

 

 

GENERAL MEETING

 

Meeting Time: Thurs, July 11, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:  https://wiki.spdx.org/view/General_Meeting/Minutes/2019-06-06

  

 

GSoC Presentations

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


SPDX June General Meeting Minutes (slightly belated)

Phil Odence
 

Note, July Meeting has been moved to July 11.

June minutes: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-06-06

Thanks to Paul for hosting in my stead.

Phil

 

L. Philip Odence

General Manager, Black Duck On-Demand

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 

 

 

         

 

 

 

General Meeting/Minutes/2019-06-06

< General Meeting‎ | Minutes

·         Attendance: 12 (attendance list at bottom)

·         Lead by Paul Madick

·         Minutes of May meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Gary

·         2 Legal Team Report - Jilayne/Paul

·         3 Outreach Team Report - Jack Manbeck

·         4 General Items

·         5 Attendees

Tech Team Report - Gary[edit]

·         Spec No issues remaining to latest spec, 8 GOSC students approved and working. Looking forward to new tools this summer. Lots of new projects adopting SPDX and Linux kernel clean up of licensing still working (about 2/3 through). Making great progress.

·         Tools

 

Legal Team Report - Jilayne/Paul[edit]

·         License List 

·         GSOC student on last call. Great information. Legal Meeting minutes has the description, take a look if you are interested or would like to provide input.

·         Reworking the license inclusion guidelines and moving into github repository in the documentation folder. Please weigh in if you are interested in more licenses. Still looking for more volunteers to move license submissions into license approvals. 

·         A big welcome to new co-lead of legal team Steve Winslow and a big thank you to Karen for her years of stewardship as she steps away from the co-lead position.

 

Outreach Team Report - Jack Manbeck[edit]

·         Not a lot going on now, but working on a survey. Intention is to send the survey to companies to see where they are at in using/implementing SPDX. Maybe include some community in survey, but not sure yet.

General Items[edit]

·         Conversation: are we meeting for summer LF event in SD. Not currently, but Kate will look into getting meeting room for ½ day, etc. Jack, Paul, Kate, Steve and others are potentially available to attend at least one day in SD. 

 

Attendees[edit]

·         Alexios Zavras, Intel

·         JC Herz, Ion Channel

·         Dave McLoughlin

·         Paul Madick, Dimension Data

·         Jilayne Lovejoy

·         Steve Winslow, LF

·         Kate Stewart, Linux Foundation

·         Alexios Zavras, Intel

·         Philippe Ombrédanne- nexB

·         Jack Manbeck

·         Mike Herzog

·         Mark Atwood

 


Thurs SPDX General Meeting Reminder

Phil Odence
 

Notes:

 

 

GENERAL MEETING

 

Meeting Time: Thurs, June 6, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-05-02

  

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 


SPDX General Meeting 2018 (replacement)

Phil Odence
 

Moving the July 4 instance of this meeting to July 11 due to the US holiday.


*****

I’m extending this recurring meeting to run through 2019. Please accept so it is updated on your calendar, however no need to send a response to me.



New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:
http://uberconference.com/SPDXTeam



MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions



Re: SW360 experience

Shane Coughlan <shane@...>
 

Hi Alberto

FYI, we will have Michael from Siemens presenting on sw360 during the OpenChain First Monday call in June (9am Pacific on June 3rd). As a bonus we will also have Oliver discussing the Open Source Compliance Tool Chain and how we can all collaborate around that.

Join the call: https://uberconference.com/openchainproject
Optional US dial in number: 855-889-3011
No PIN needed
If you need to use an international phone number please check:
https://www.uberconference.com/international for country numbers.
1. Dial the country number based on your location.
2. Enter 855 889 3011 and then # to enter the room.

Regards

Shane

On May 21, 2019, at 3:29, Alberto Pianon <alberto@pianon.eu> wrote:

Hi Oliver,

if you arrange a web meeting on sw360 I would be glad to join. I have installed sw360 and started playing with it, but I would like to see it used by someone who masters it...

Thanks!

Ciao

Alberto

Il 20/05/2019 08:46, Oliver Fendt ha scritto:
Hi Steve,



sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.



Ciao

Oliver



Von: spdx@lists.spdx.org <spdx@lists.spdx.org> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@lists.spdx.org
Cc: Kilbane, Stephen <Stephen.Kilbane@analog.com>
Betreff: [spdx] SW360 experience



Hi all,



I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.



Thanks for any info,



steve



Re: SW360 experience

Alberto Pianon
 

Hi Oliver,

if you arrange a web meeting on sw360 I would be glad to join. I have installed sw360 and started playing with it, but I would like to see it used by someone who masters it...

Thanks!

Ciao

Alberto

Il 20/05/2019 08:46, Oliver Fendt ha scritto:

Hi Steve,

 

sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.

 

Ciao

Oliver

 

Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <Stephen.Kilbane@...>
Betreff: [spdx] SW360 experience

 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 



Re: SW360 experience

J Lovejoy
 

Thanks for responding, Oliver.

I've copied Steve here, as his message got caught up in the mailing list filter, as it looks likes he's not a member of the SPDX general mailing list. (Steve - you can join here: https://spdx.org/participate )

It occurred to me that perhaps a session on sw360 (and how it works with SPDX) might be a good topic for an upcoming general call? Phil - what do you think?

Jilayne


On 5/20/19 2:46 AM, Oliver Fendt wrote:

Hi Steve,

 

sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.

 

Ciao

Oliver

 

Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <Stephen.Kilbane@...>
Betreff: [spdx] SW360 experience

 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 


Re: SW360 experience

Oliver Fendt
 

Hi Steve,

 

sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product.

For the integration in the CI/CD workflow it provides a REST API

You can find the source code here: https://github.com/eclipse/sw360

Some documentation is available here: https://github.com/eclipse/sw360/wiki

If you like we can arrange a web meeting since we are using sw360 in our daily work.

 

Ciao

Oliver

 

Von: spdx@... <spdx@...> Im Auftrag von Steve Kilbane
Gesendet: Donnerstag, 16. Mai 2019 18:15
An: spdx@...
Cc: Kilbane, Stephen <Stephen.Kilbane@...>
Betreff: [spdx] SW360 experience

 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 


SW360 experience

Steve Kilbane
 

Hi all,

 

I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.

 

Thanks for any info,

 

steve

 


SPDX 2.1.1 specification - final review by 2019/5/21

Kate Stewart
 

In 2017 the project decided to move the specification from google documents to github and a repository was set up at: https://github.com/spdx/spdx-spec

Before we could move forward though, we needed to make sure we weren't loosing content/introducing errors,  so the decision was made to create a 2.1.1 version of the specification, with no significant content changes (only bug fixes).

2.1.1 was initially made available at: https://spdx.github.io/spdx-spec/ in 2018 by Thomas Steenbergen, in a beautiful online format (Thank you!), much improved and useful for those accessing the specification online.   However we stalled out on being able to generate .pdf version to get a static copy of this version.

Thanks to Jack Manbeck's efforts in 2019,  we've finally got a .pdf version available to be reviewed and approved.   Once this version is approved, we can start to incorporate the 2.2 changes into the specification.

A final candidate pdf version of the SPDX 2.1.1 specification is attached to this document, please review and open an issue at https://github.com/spdx/spdx-spec if you see a regression compared to SPDX 2.1 content which is at: 

If there are no significant regressions found compared to 2.1 in the review window, we will log this as the 2.1.1 version and start to incorporate the 2.2 content and features that have been agreed on over the last year into the reference version of the specification on github.

The review window for the 2.1.1 candidate will end on 2019/5/20.

If you have any concerns,  please either open an issue at https://github.com/spdx/spdx-spec  (against 2.1.1 milestone) or join us on the spdx-tech call to discuss. 

Thanks, 
Kate




Thursday SPDX General Meeting Reminder with Special Presentation

Phil Odence
 

Our “guest” presentation for this session feature guest Aaron Williamson (whom you are probably aware was counsel for the SFLC) and non-guest Jilayne. The twosome collaborated on the handbook they will discuss:

 

The Fintech Open Source Foundation (FINOS) recently released the Open Source License Compliance Handbook, a resource of practical compliance information about common open source licenses. FINOS launched the project to support its members in building more mature compliance processes and made the content (and code) open source to encourage adoption and contribution by the community. The handbook's "source code" is a collection of machine-readable YAML text files that can be compiled into a single document (using the supplied python script) or incorporated easily into databases and other systems. Aaron will discuss the project, the decisions behind its design, and plans for the future.

 

Aaron Williamson is General Counsel and Director of Governance at the Fintech Open Source Foundation (FINOS), a nonprofit foundation promoting open source collaboration in the financial services industry. In addition to managing the Foundation’s legal affairs, he leads the Foundation’s Open Source Readiness Program, helping members to develop policies and processes that enable productive engagement with open source. He also co-organizes the FINOS Open Source Strategy Forum, an annual conference on open source in financial services. 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, May 2, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-04-04

 

Special Presentation – Jilayne/Aaron

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 


April SPDX General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-04-04

 

 

L. Philip Odence

General Manager, Black Duck On-Demand

Synopsys Software Integrity Group, Burlington, MA

M (781) 258-9502 | phil.odence@...

 

 

 

 

         

 

 

General Meeting/Minutes/2019-04-04

< General Meeting‎ | Minutes

·         Attendance: 18

·         Lead by Phil Odence

·         Minutes of March meeting approved 

 

Contents

 [hide

·         1 Special Presentation - Gary/Steve

·         2 Tech Team Report - Gary

·         3 Legal Team Report - Jilayne/Paul

·         4 Outreach Team Report - Jack Manbeck

·         5 Attendees

Special Presentation - Gary/Steve[edit]

·         SPDX: Bridging the Compliance Tool Gap

·         https://events.linuxfoundation.org/wp-content/uploads/2018/07/SPDX-Bridging-the-Compliance-Tooling-Gap.pdf

Tech Team Report - Gary[edit]

·         Spec

·         Starting to put out 2.1.1 in pdf form

·         Kudos to Jack

·         Starting in on 2.2

·         Tools

·         GSoc

·         Very active

·         Lots of students and mentors

·         Good project

Legal Team Report - Jilayne/Paul[edit]

·         License List

·         3.5 Release out! 

·         7 new licenses and exceptions

·         including 3 open hardware licenses

·         More open hw planned for 3.6

 

Outreach Team Report - Jack Manbeck[edit]

·         Rethinking a bit and redefining 

·         Survey is next step

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Steve Winslow, LF

·         Nisha Kumar, VMWare

·         Dave Huseby, LF

·         Alexios Zavras, Intel

·         Nicolas Toussaint, Orange

·         Mark Atwood, Amazon

·         Kate Stewart, Linux Foundation

·         Gary O’Neall, SourceAuditor

·         Jilayne Lovejoy

·         Philippe Ombrédanne- nexB

·         JC Herz, Ion Channel

·         Andrew Sinclair, Canonical

·         Paul Madick, Dimension Data

·         Jack Manbeck, TI

·         Michael Herzog- nexB

·         Mark Baushke, Juniper

·         Stephanie, Qualcomm

·         Uwe, Qualcomm

 


SPDX License List version 3.5 now live

J Lovejoy
 

Hi all,

Version 3.5 of the SPDX License List is now released.  Most notably, we have added several open hardware licenses (CERN and TAPR), which I think is a really sensible and exciting addition, considering we already have open documentation and data licenses on the list. We are still missing the Solderpad licenses, but those are slated to be added for the 3.6 release. 

Highlights include:

- New licenses/exceptions added: 7
  1. JPNIC
  2. libpng-2.0
  3. HPND-sell-variant
  4. GPL-CC-1.0
  5. TAPR-OHL-1.0
  6. CERN-OHL-1.1
  7. CERN-OHL-1.2
- Addition of markup to various licenses and other minor updates
- Add page describing entire workflow for adding a new license in /DOCS directory

thanks,
Jilayne


Thursday SPDX General Meeting Reminder.

Phil Odence
 

Our talk for this session with be from Gary O’Neall and Steve Winslow:

 

SPDX: Bridging the Compliance Tool Gap

Any organization which utilizes open source software needs to comply with the open source license terms and the specific security policies of their industry.  To satisfy the basic requirement of knowing the specific open source packages included in the software, several tools have been produced which create or manage a software “Bill of Materials”.  The Software Package Data Exchange (SPDX) defines a standard format for a Bill of Materials which can facilitate harmonious integration of multiple tools.

 

This is a reprise of a very well-received talk they gave at the LF Open Source Leadership Summit earlier this month. If you have colleagues, friends or partners that would like to learn SPDX, this would be great 30 minute intro. Please invite them.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 4, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-03-07  

 

Special Presentation – Gary/Steve

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 


Re: #spdx #gsoc #spdx #gsoc

Krys Nuvadga
 

Hi Belen,

Welcome to SPDX, We are glad you find our project idea interesting. Join the developers community on gitter at https://gitter.im/spdx-org/Lobby to discuss your ideas and questions.

Best regards

On Sat, Mar 30, 2019 at 7:46 PM Maria Belen Guaranda <mabegc@...> wrote:
Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License Repository Application" for SPDX in this year's GSoC. I have solid background in web development, both front-end (HTML,CSS,Vue,Boostrapa) and back-end (Django,Node,Nginx,SQL and NoSQL databases), as well as testing (Travis,Pylint,Coveralls,UnitTests). I'd like to discuss some details and doubts with the mentor if possible.

Best regards,

Belen



--
krys Nuvadga
Piar, Inc.


#spdx #gsoc #spdx #gsoc

Maria Belen Guaranda <mabegc@...>
 

Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License Repository Application" for SPDX in this year's GSoC. I have solid background in web development, both front-end (HTML,CSS,Vue,Boostrapa) and back-end (Django,Node,Nginx,SQL and NoSQL databases), as well as testing (Travis,Pylint,Coveralls,UnitTests). I'd like to discuss some details and doubts with the mentor if possible.

Best regards,

Belen

121 - 140 of 1373