Date   

Thursday SPDX General Meeting Reminder.

Phil Odence
 

Our talk for this session with be from Gary O’Neall and Steve Winslow:

 

SPDX: Bridging the Compliance Tool Gap

Any organization which utilizes open source software needs to comply with the open source license terms and the specific security policies of their industry.  To satisfy the basic requirement of knowing the specific open source packages included in the software, several tools have been produced which create or manage a software “Bill of Materials”.  The Software Package Data Exchange (SPDX) defines a standard format for a Bill of Materials which can facilitate harmonious integration of multiple tools.

 

This is a reprise of a very well-received talk they gave at the LF Open Source Leadership Summit earlier this month. If you have colleagues, friends or partners that would like to learn SPDX, this would be great 30 minute intro. Please invite them.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, April 4, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-03-07  

 

Special Presentation – Gary/Steve

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 


Re: #spdx #gsoc #spdx #gsoc

Krys Nuvadga
 

Hi Belen,

Welcome to SPDX, We are glad you find our project idea interesting. Join the developers community on gitter at https://gitter.im/spdx-org/Lobby to discuss your ideas and questions.

Best regards

On Sat, Mar 30, 2019 at 7:46 PM Maria Belen Guaranda <mabegc@...> wrote:
Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License Repository Application" for SPDX in this year's GSoC. I have solid background in web development, both front-end (HTML,CSS,Vue,Boostrapa) and back-end (Django,Node,Nginx,SQL and NoSQL databases), as well as testing (Travis,Pylint,Coveralls,UnitTests). I'd like to discuss some details and doubts with the mentor if possible.

Best regards,

Belen



--
krys Nuvadga
Piar, Inc.


#spdx #gsoc #spdx #gsoc

Maria Belen Guaranda <mabegc@...>
 

Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License Repository Application" for SPDX in this year's GSoC. I have solid background in web development, both front-end (HTML,CSS,Vue,Boostrapa) and back-end (Django,Node,Nginx,SQL and NoSQL databases), as well as testing (Travis,Pylint,Coveralls,UnitTests). I'd like to discuss some details and doubts with the mentor if possible.

Best regards,

Belen


GSOC-2019

Hardik Sapra
 

Hello everyone,

My name is Hardik. I am a first-year Computer Science student from India. I'm completely new to Open Source Organizations and their working.
I would like to contribute to "SPDX Document Generator for projects using SPDXIDs" using my knowledge of Python.

Any help on how to get started with it and help the community would be helpful.


Thanks Hardik


Re: Special SPDX Talk Next Week - CORRECTION

Phil Odence
 

April 4, fixed below.

 

The good news is we also have speaker for the May call I was in contact with at the same time which is why I was crossing wires.

 

From: "podence@..." <podence@...>
Date: Friday, March 29, 2019 at 7:27 AM
To: "spdx@..." <spdx@...>
Subject: Special SPDX Talk Next Week

 

For our SPDX General Meeting call next week we will have a presentation from Gary O’Neall and Steve Winslow called:

SPDX: Bridging the Compliance Tool Gap

Any organization which utilizes open source software needs to comply with the open source license terms and the specific security policies of their industry.  To satisfy the basic requirement of knowing the specific open source packages included in the software, several tools have been produced which create or manage a software “Bill of Materials”.  The Software Package Data Exchange (SPDX) defines a standard format for a Bill of Materials which can facilitate harmonious integration of multiple tools.

 

This is a reprise of a very well-received talk they gave at the LF Open Source Leadership Summit earlier this month. I will send out the normal General Meeting reminder, however I wanted to mention this earlier because you might want to share with others. If you have colleagues, friends or partners that would like to learn SPDX, this would be great 30 minute intro. Please invite them.

 

April 4, 11am EDT, 8am PDT, 4pm UK summer time, too late Japan time

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:
http://uberconference.com/SPDXTeam

 


Special SPDX Talk Next Week

Phil Odence
 

For our SPDX General Meeting call next week we will have a presentation from Gary O’Neall and Steve Winslow called:

SPDX: Bridging the Compliance Tool Gap

Any organization which utilizes open source software needs to comply with the open source license terms and the specific security policies of their industry.  To satisfy the basic requirement of knowing the specific open source packages included in the software, several tools have been produced which create or manage a software “Bill of Materials”.  The Software Package Data Exchange (SPDX) defines a standard format for a Bill of Materials which can facilitate harmonious integration of multiple tools.

 

This is a reprise of a very well-received talk they gave at the LF Open Source Leadership Summit earlier this month. I will send out the normal General Meeting reminder, however I wanted to mention this earlier because you might want to share with others. If you have colleagues, friends or partners that would like to learn SPDX, this would be great 30 minute intro. Please invite them.

 

May 4, 11am EDT, 8am PDT, 4pm UK summer time, too late Japan time

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:
http://uberconference.com/SPDXTeam

 


Re: announcing: Open Source Compliance Handbook

J Lovejoy
 

and here is the link to that announcement that I forgot to include before: https://www.finos.org/blog/announcing-the-open-source-license-compliance-handbook

;)
Jilayne

On Mar 12, 2019, at 12:18 PM, J Lovejoy <opensource@...> wrote:

Hi SPDX folks (legal and general list),

I want to tell you about a project I’ve been working on with Aaron Williamson and the Fintech Open Source Foundation (FINOS) that I think many of you may be interested in. 

FINOS has announced the initial release of the Open Source License Compliance Handbook. The Handbook is itself an open source project, available on Github. It consists of:
  • Structured compliance data about open source licenses, stored in a simple YAML format for easy consumption by machines and lawyers alike (licensed CC-BY-SA-4.0),
  • A Python script to compile the license entries and introductory material into an asciidoc-formatted markup document (licensed Apache 2.0), and
  • "Binaries" of the document in docx and PDF formats (as well as an intermediate DocBook version) (CC-BY-SA-4.0).
We're excited to get this resource into the hands of the community and get your input and contributions, as well as ideas on the potential to integrate this into all the great open source tooling that is out there. Aaron and I recognize that there's always the potential for ruffled feathers at efforts to "summarize" licenses and I have no doubt some of our efforts are imperfect. But the Handbook is meant for a particular purpose -- not to exhaustively summarize licenses or address every GPL corner case, but to help developers and compliance professionals address the most common requirements in the most common use cases.

Please take a look, file an issue, or submit a pull request :) (Be warned, FINOS requires signing a dreaded CLA first!)

Thanks,
Jilayne


announcing: Open Source Compliance Handbook

J Lovejoy
 

Hi SPDX folks (legal and general list),

I want to tell you about a project I’ve been working on with Aaron Williamson and the Fintech Open Source Foundation (FINOS) that I think many of you may be interested in. 

FINOS has announced the initial release of the Open Source License Compliance Handbook. The Handbook is itself an open source project, available on Github. It consists of:
  • Structured compliance data about open source licenses, stored in a simple YAML format for easy consumption by machines and lawyers alike (licensed CC-BY-SA-4.0),
  • A Python script to compile the license entries and introductory material into an asciidoc-formatted markup document (licensed Apache 2.0), and
  • "Binaries" of the document in docx and PDF formats (as well as an intermediate DocBook version) (CC-BY-SA-4.0).
We're excited to get this resource into the hands of the community and get your input and contributions, as well as ideas on the potential to integrate this into all the great open source tooling that is out there. Aaron and I recognize that there's always the potential for ruffled feathers at efforts to "summarize" licenses and I have no doubt some of our efforts are imperfect. But the Handbook is meant for a particular purpose -- not to exhaustively summarize licenses or address every GPL corner case, but to help developers and compliance professionals address the most common requirements in the most common use cases.

Please take a look, file an issue, or submit a pull request :) (Be warned, FINOS requires signing a dreaded CLA first!)

Thanks,
Jilayne


SPDX General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-03-07

 

 

General Meeting/Minutes/2019-03-07

< General Meeting‎ | Minutes

·         Attendance: 5

·         Lead by Phil Odence

·         Minutes of Feb meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Gary

·         2 Legal Team Report - Paul

·         3 Outreach Team Report

·         4 Cross Function

·         5 Attendees

Tech Team Report - Gary[edit]

·         Tools

·         Google Summer of Code

·         Accepted again

·         Lots of activity from students

·         *Plenty of ideas

·         Spec

·         Jack jumped in to help with publishing from GitHub 

·         Started up APAC SPDX call

·         Lots of interest from Automotive

·         Discussion of “SPDX Lite”

·         “Files analyzed” field set to zero changes many required fields to option

·         Will be monthly

 

Legal Team Report - Paul[edit]

·         License List

·         Working through new licenses, normal stuff

 

Outreach Team Report[edit]

·         No update.

Cross Function[edit]

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Steve Winslow, LF

·         Mark Atwood, Amazon

·         Paul Madick, Dimension Data

·         Gary O’Neall, SourceAuditor

 


Reminder SPDX General Meeting today

Phil Odence
 


Re: Mentorship for GSOC Project

J Lovejoy
 

Hi Kumar,

Thanks for your interest in SPDX!  As you have not joined the SPDX mailing list, I have approved your message and also copied the SPDX tech team here.  I believe the tech team is who you need to talk to about a GSOC mentor. 

More information about our 3 working teams and the general list can be found here: https://spdx.org/participate 

I would recommend that you sign up for the tech mailing list as soon as possible! The direct link for that is: https://lists.spdx.org/g/spdx-tech


thanks!
Jilayne
SPDX legal co-lead 

On Mar 4, 2019, at 11:05 AM, Kumar Saurabh <b115012@...> wrote:

Hi , 

I, Kumar Saurabh, a final year student at IIIT Bhubaneswar, majoring in Computer Science and engineering. Being passionate about product development, I find developing application development exciting.  A background in engineering has allowed me to develop an in-depth, analytical approach and strengthen my critical thinking ability; 

I have written this email to seek mentorship for GSOC project .I thoroughly gone through the projects.Enhanced Workflow for online license request and Additional format support for Python interests me lot.I am quite proficient in python and done quite amount of projects in XML,JSON and PDF parsing.I am quite comfortable in API development using FLASK .I would like to contribute to these projects. Could you help me with some basic initial information,so that i can get some head-start .Once i get acquainted with the existing workflow,I will present you a Proof of Concept ,so that we can be on same page. 

 I look forward hearing from you.

Thank you.

Kind regards,


--
Kumar Saurabh
Dept. of Computer Science & Engineering
BTech | Class of 2019
IIIT Bhubaneswar


Mentorship for GSOC Project

b115012@...
 

Hi , 

I, Kumar Saurabh, a final year student at IIIT Bhubaneswar, majoring in Computer Science and engineering. Being passionate about product development, I find developing application development exciting.  A background in engineering has allowed me to develop an in-depth, analytical approach and strengthen my critical thinking ability; 

I have written this email to seek mentorship for GSOC project .I thoroughly gone through the projects.Enhanced Workflow for online license request and Additional format support for Python interests me lot.I am quite proficient in python and done quite amount of projects in XML,JSON and PDF parsing.I am quite comfortable in API development using FLASK .I would like to contribute to these projects. Could you help me with some basic initial information,so that i can get some head-start .Once i get acquainted with the existing workflow,I will present you a Proof of Concept ,so that we can be on same page. 

 I look forward hearing from you.

Thank you.

Kind regards,


--
Kumar Saurabh
Dept. of Computer Science & Engineering
BTech | Class of 2019
IIIT Bhubaneswar


Joining technical team of SPDX

bhavys@iitk.ac.in <bhavys@...>
 

Hello everyone,

i am interested for working with the technical team of SPDX. The GSoC project 'SPDX Document Generator for projects using SPDXIDs' seems very interesting to me. I have got the myself familiar with the working of the python-tools by running it on my laptop and have made some PRs to the easy beginner issues on github of spdx/tools-python.

I want to begin contributing towards the project, could you guide me to begin making some good contributions to SPDX and the project. I have joined the general and technical mailing list.

Thanks

Bhavy

 


On 2019-03-01 20:07, Manbeck, Jack via Lists.Spdx.Org wrote:

Just echoing what Jilayne said. If you can give us an idea of where your interest lie participation wise, after reading about the work groups on the site,  we can guide you.  Or feel free to ask questions about them.

Jack


-----Original Message-----
From: spdx@... [mailto:spdx@...] On Behalf Of J Lovejoy
Sent: Thursday, February 28, 2019 11:09 PM
To: SPDX-general
Cc: bhavys@...
Subject: [EXTERNAL] Re: [spdx] Newcomer introduction

Hi Bhavy,

Welcome! I have just approved your message, as it appears you have not joined the mailing list.  Can you please do so?  We actually have 4 mailing lists - this general one and one for each sub-team: tech, legal, and outreach. I'm not sure which is appropriate for you, but there is a description of each and how to join here: https://spdx.org/participate.

Thanks,
Jilayne
SPDX legal co-lead

On Feb 26, 2019, at 10:42 AM, bhavys@... wrote:

Hello everyone,
I got to know about Spdx from a friend and I found the organisation's idea of merging multiple licences into one file for easy utility very interesting.
I would like to contribute to the organisation and have already opened minor PRs on github of spdx. Could you guide me where to begin.
Thanks
Bhavy








Re: [EXTERNAL] Re: [spdx] Newcomer introduction

Manbeck, Jack
 

Just echoing what Jilayne said. If you can give us an idea of where your interest lie participation wise, after reading about the work groups on the site, we can guide you. Or feel free to ask questions about them.

Jack

-----Original Message-----
From: spdx@... [mailto:spdx@...] On Behalf Of J Lovejoy
Sent: Thursday, February 28, 2019 11:09 PM
To: SPDX-general
Cc: bhavys@...
Subject: [EXTERNAL] Re: [spdx] Newcomer introduction

Hi Bhavy,

Welcome! I have just approved your message, as it appears you have not joined the mailing list. Can you please do so? We actually have 4 mailing lists - this general one and one for each sub-team: tech, legal, and outreach. I’m not sure which is appropriate for you, but there is a description of each and how to join here: https://spdx.org/participate.

Thanks,
Jilayne
SPDX legal co-lead

On Feb 26, 2019, at 10:42 AM, bhavys@... wrote:

Hello everyone,
I got to know about Spdx from a friend and I found the organisation's idea of merging multiple licences into one file for easy utility very interesting.
I would like to contribute to the organisation and have already opened minor PRs on github of spdx. Could you guide me where to begin.
Thanks
Bhavy


Re: Newcomer introduction

J Lovejoy
 

Hi Bhavy,

Welcome! I have just approved your message, as it appears you have not joined the mailing list. Can you please do so? We actually have 4 mailing lists - this general one and one for each sub-team: tech, legal, and outreach. I’m not sure which is appropriate for you, but there is a description of each and how to join here: https://spdx.org/participate.

Thanks,
Jilayne
SPDX legal co-lead

On Feb 26, 2019, at 10:42 AM, bhavys@... wrote:

Hello everyone,
I got to know about Spdx from a friend and I found the organisation's idea of merging multiple licences into one file for easy utility very interesting.
I would like to contribute to the organisation and have already opened minor PRs on github of spdx. Could you guide me where to begin.
Thanks
Bhavy


Newcomer introduction

bhavys@...
 

Hello everyone,
I got to know about Spdx from a friend and I found the organisation's idea of merging multiple licences into one file for easy utility very interesting.
I would like to contribute to the organisation and have already opened minor PRs on github of spdx. Could you guide me where to begin.
Thanks
Bhavy


Seeking public comments for the OpenChain Specification version 2.0

Mark Gisi
 

We are seeking public comments for the next version of OpenChain Specification.

 

For those new to the OpenChain Specification  - The OpenChain project developed a specification that defines a core set of requirements that a high quality Open Source Compliance program is expected to satisfy.  Although specification provides a minimum set of “must have” requirements, a great deal of flexibility is given on how an organization can implement them.

 

We have recently completed the last round of feedback from the OpenChain community and the spec draft is now being circulated more broadly for public comments which concludes on March 22nd. The current draft is available at:

   https://wiki.linuxfoundation.org/_media/openchain/openchainspec-2.0.draft.pdf  

past readers of the spec might find the marked up version useful:

   https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.0.draft.MarkUp.pdf       

A high level summary of the changes made over the current version (1.2) can be found on page 3.

 

You can send feedback via:

·       the Mailing list: Openchain-specification@...;

·       the issues wiki: https://github.com/OpenChain-Project/Specification/issues; or

·       replying to me directly if you wish to remain anonymous (mark.gisi@...)

 

To obtain a better understanding of the goals and the context in which the Specification was developed before providing feedback, you can review the following FAQ list:

              https://wiki.linuxfoundation.org/openchain/specification-questions-and-answers

 

We look forward to your feedback.

 

best,

Mark

 

Mark Gisi | Wind River | Director, IP & Open Source

Tel (510) 749-2016 | Fax (510) 749-4552

 


Re: SPDX Feb General Meeting Minutes

Phil Odence
 

Thanks for the updates.

 

From: "spdx@..." <spdx@...> on behalf of "kstewart@..." <kstewart@...>
Reply-To: "spdx@..." <spdx@...>
Date: Thursday, February 7, 2019 at 12:36 PM
To: "spdx@..." <spdx@...>
Subject: Re: [spdx] SPDX Feb General Meeting Minutes

 

Hi Phil,

    I've gone in and updated the tech section to put links into some of the 

items we discussed and added details of Asia SPDX tech call.    

Please let me know if you want me to revert.

 

Tech Team Report - Kate/Gary[edit]

·         Tools

·         Applying to participate in GSoC for 2019

·         Variety of proposals on Wiki: https://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeas

·         We’ll hear back end of Feb 26 if we are selected.

·         tools-golang

·         Steve Winslow has contributed new Go libraries to SPDX to support generating SPDX documents see: https://github.com/spdx/tools-golang

·         He also created a tool to scan the kernel looking for SPDXIDs that Kate used for her talk at LCA to get latest status of the Kernel.

·         Go Steve!

·         Specification

·         Discussing Mark Atwood's Idea for alternative name spaces for companies licenses that are not open source.

·         Spec can handle via "LicenseRef-"

·         What guidance do we provide?

·         Unblocking contributions to 2.2

·         Kate is working with Thomas to unblock contributions to 2.2 (switch master over to 2.2 from 2.1.1)

·         We will be starting to take pull requests into 2.2 spec, for features approved, please assign issue to yourself if you want to write up the feature.

·         Focus for next few months

·         Started a tech call in Asia friendly time

·         Call will be on 2nd Tuesday of each month 10am Japan/12pm Australia (and 5pm PST Monday) on https://www.uberconference.com/SPDXTeam

·         First topic will be SPDX-lite discussion that's started in the OpenChain workgroup.


Thanks, Kate

On Thu, Feb 7, 2019 at 11:02 AM Phil Odence <phil.odence@...> wrote:

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-02-07

 

For techies, interesting discussion of custom license name space proposal. I hope my non-techie notes capture the essence.

 

Phil

 

General Meeting/Minutes/2019-02-07

< General Meeting‎ | Minutes

·         Attendance: 10

·         Lead by Phil Odence

·         Minutes of Jan meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Kate/Gary

·         2 Legal Team Report - Jilayne

·         3 Outreach Team Report - Jack

·         4 Cross Functions

·         5 Attendees

Tech Team Report - Kate/Gary[edit]

·         Tools

·         SoC in again

·         Variety of proposals on Wiki

·         We’ll hear back end of Feb

·         Steve W 

·         created a tool to scan the kernel looking for SPDX

·         Contributed Go libraries

·         Go Steve

·         Specification

·         Discussing Marks Idea for alternative name spaces

·         Spec can handle

·         What guidance do we provide?

·         Starting to take pull requests into 2.2 spec

·         Focus for next few months

·         Started a tech call in Asia friendly 

Legal Team Report - Jilayne[edit]

·         License List

·         New process and links posted

·         Published policy says advocates need to stay engaged or requests may drop off the radar

·         GitHub process seems like a great way to handle requests

·         Need work outside the call 

 

Outreach Team Report - Jack[edit]

·         LinuxCon Aussie Presentation

·         Included Stat1/3 of files in Kernel have SPDX in them

·         Great momentum

·         Panel at FOSDEM on OSS Compliance tooling

·         Alexios attended

·         Lots or proposals on tools, so organizers turned into a panel w/ Bradley K moderating

·         Theme was need for interoperatblity

·         Video will be published

·         Alexios also mentioned that at recent copyleft conference, SPDX came up in every talk

·         Website

·         Looking into status of move to Wordpress with LF

·         Request a new license page has been directed to GitHub repo

·         Need an Outreach reboot

Cross Functions[edit]

·         Alternate name space

·         Basics

·         Many companies have source available non-OSS licenses

·         Would be good for companies to be able to have standard local names

·         Proposal is to use DNS

·         Addresses issues with flat, first come first served

·         DNS will be around for a long time

·         Allows companies to self-assign

·         Internationalized by default

·         Immediately readable

·         Leading dot clearly differentiates from SPDX standard names

·         Challenges

·         Doesn’t cary text

·         Companies’ names may change through M&A and may lose domains in the process

·         How to ensure that a company doesn’t change license text 

·         Sentiment is in favor of

·         Retain “License Ref” prefix

·         Standardize on place to log license data

·         In a one-license SPDX doc

·         Mark will mock up with one of the Amazon licenses, collaborating with Kate

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Kate Stewart, Linux Foundation

·         Mark Atwood, Amazon

·         Jilayne Lovejoy

·         Gary O’Neall, SourceAuditor

·         Dennis Clark, NexB

·         Alexios Zavras, Intel

·         Jack Manbeck, TI

·         Mark Baushke, Juniper

·         David Ryan

 


Re: SPDX Feb General Meeting Minutes

Kate Stewart
 

Hi Phil,
    I've gone in and updated the tech section to put links into some of the 
items we discussed and added details of Asia SPDX tech call.    
Please let me know if you want me to revert.

Tech Team Report - Kate/Gary[edit]

  • Tools
    • Applying to participate in GSoC for 2019
    • tools-golang
      • Steve Winslow has contributed new Go libraries to SPDX to support generating SPDX documents see: https://github.com/spdx/tools-golang
      • He also created a tool to scan the kernel looking for SPDXIDs that Kate used for her talk at LCA to get latest status of the Kernel.
      • Go Steve!
  • Specification
    • Discussing Mark Atwood's Idea for alternative name spaces for companies licenses that are not open source.
      • Spec can handle via "LicenseRef-"
      • What guidance do we provide?
    • Unblocking contributions to 2.2
      • Kate is working with Thomas to unblock contributions to 2.2 (switch master over to 2.2 from 2.1.1)
      • We will be starting to take pull requests into 2.2 spec, for features approved, please assign issue to yourself if you want to write up the feature.
      • Focus for next few months
  • Started a tech call in Asia friendly time
    • Call will be on 2nd Tuesday of each month 10am Japan/12pm Australia (and 5pm PST Monday) on https://www.uberconference.com/SPDXTeam
    • First topic will be SPDX-lite discussion that's started in the OpenChain workgroup.

Thanks, Kate


On Thu, Feb 7, 2019 at 11:02 AM Phil Odence <phil.odence@...> wrote:

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-02-07

 

For techies, interesting discussion of custom license name space proposal. I hope my non-techie notes capture the essence.

 

Phil

 

General Meeting/Minutes/2019-02-07

< General Meeting‎ | Minutes

·         Attendance: 10

·         Lead by Phil Odence

·         Minutes of Jan meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Kate/Gary

·         2 Legal Team Report - Jilayne

·         3 Outreach Team Report - Jack

·         4 Cross Functions

·         5 Attendees

Tech Team Report - Kate/Gary[edit]

·         Tools

·         SoC in again

·         Variety of proposals on Wiki

·         We’ll hear back end of Feb

·         Steve W 

·         created a tool to scan the kernel looking for SPDX

·         Contributed Go libraries

·         Go Steve

·         Specification

·         Discussing Marks Idea for alternative name spaces

·         Spec can handle

·         What guidance do we provide?

·         Starting to take pull requests into 2.2 spec

·         Focus for next few months

·         Started a tech call in Asia friendly 

Legal Team Report - Jilayne[edit]

·         License List

·         New process and links posted

·         Published policy says advocates need to stay engaged or requests may drop off the radar

·         GitHub process seems like a great way to handle requests

·         Need work outside the call 

 

Outreach Team Report - Jack[edit]

·         LinuxCon Aussie Presentation

·         Included Stat1/3 of files in Kernel have SPDX in them

·         Great momentum

·         Panel at FOSDEM on OSS Compliance tooling

·         Alexios attended

·         Lots or proposals on tools, so organizers turned into a panel w/ Bradley K moderating

·         Theme was need for interoperatblity

·         Video will be published

·         Alexios also mentioned that at recent copyleft conference, SPDX came up in every talk

·         Website

·         Looking into status of move to Wordpress with LF

·         Request a new license page has been directed to GitHub repo

·         Need an Outreach reboot

Cross Functions[edit]

·         Alternate name space

·         Basics

·         Many companies have source available non-OSS licenses

·         Would be good for companies to be able to have standard local names

·         Proposal is to use DNS

·         Addresses issues with flat, first come first served

·         DNS will be around for a long time

·         Allows companies to self-assign

·         Internationalized by default

·         Immediately readable

·         Leading dot clearly differentiates from SPDX standard names

·         Challenges

·         Doesn’t cary text

·         Companies’ names may change through M&A and may lose domains in the process

·         How to ensure that a company doesn’t change license text 

·         Sentiment is in favor of

·         Retain “License Ref” prefix

·         Standardize on place to log license data

·         In a one-license SPDX doc

·         Mark will mock up with one of the Amazon licenses, collaborating with Kate

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Kate Stewart, Linux Foundation

·         Mark Atwood, Amazon

·         Jilayne Lovejoy

·         Gary O’Neall, SourceAuditor

·         Dennis Clark, NexB

·         Alexios Zavras, Intel

·         Jack Manbeck, TI

·         Mark Baushke, Juniper

·         David Ryan

 


SPDX Feb General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2019-02-07

 

For techies, interesting discussion of custom license name space proposal. I hope my non-techie notes capture the essence.

 

Phil

 

General Meeting/Minutes/2019-02-07

< General Meeting‎ | Minutes

·         Attendance: 10

·         Lead by Phil Odence

·         Minutes of Jan meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Kate/Gary

·         2 Legal Team Report - Jilayne

·         3 Outreach Team Report - Jack

·         4 Cross Functions

·         5 Attendees

Tech Team Report - Kate/Gary[edit]

·         Tools

·         SoC in again

·         Variety of proposals on Wiki

·         We’ll hear back end of Feb

·         Steve W 

·         created a tool to scan the kernel looking for SPDX

·         Contributed Go libraries

·         Go Steve

·         Specification

·         Discussing Marks Idea for alternative name spaces

·         Spec can handle

·         What guidance do we provide?

·         Starting to take pull requests into 2.2 spec

·         Focus for next few months

·         Started a tech call in Asia friendly 

Legal Team Report - Jilayne[edit]

·         License List

·         New process and links posted

·         Published policy says advocates need to stay engaged or requests may drop off the radar

·         GitHub process seems like a great way to handle requests

·         Need work outside the call 

 

Outreach Team Report - Jack[edit]

·         LinuxCon Aussie Presentation

·         Included Stat1/3 of files in Kernel have SPDX in them

·         Great momentum

·         Panel at FOSDEM on OSS Compliance tooling

·         Alexios attended

·         Lots or proposals on tools, so organizers turned into a panel w/ Bradley K moderating

·         Theme was need for interoperatblity

·         Video will be published

·         Alexios also mentioned that at recent copyleft conference, SPDX came up in every talk

·         Website

·         Looking into status of move to Wordpress with LF

·         Request a new license page has been directed to GitHub repo

·         Need an Outreach reboot

Cross Functions[edit]

·         Alternate name space

·         Basics

·         Many companies have source available non-OSS licenses

·         Would be good for companies to be able to have standard local names

·         Proposal is to use DNS

·         Addresses issues with flat, first come first served

·         DNS will be around for a long time

·         Allows companies to self-assign

·         Internationalized by default

·         Immediately readable

·         Leading dot clearly differentiates from SPDX standard names

·         Challenges

·         Doesn’t cary text

·         Companies’ names may change through M&A and may lose domains in the process

·         How to ensure that a company doesn’t change license text 

·         Sentiment is in favor of

·         Retain “License Ref” prefix

·         Standardize on place to log license data

·         In a one-license SPDX doc

·         Mark will mock up with one of the Amazon licenses, collaborating with Kate

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Kate Stewart, Linux Foundation

·         Mark Atwood, Amazon

·         Jilayne Lovejoy

·         Gary O’Neall, SourceAuditor

·         Dennis Clark, NexB

·         Alexios Zavras, Intel

·         Jack Manbeck, TI

·         Mark Baushke, Juniper

·         David Ryan