|
Today SPDX General Meeting Reminder...More Google Summer of Code Updates
Phil Odence
Please excuse the later reminder. I was shocked this morning to notice it’s August already. Was thinking we had a week.
We will be joined by at least one, maybe two, of our Google SoC students to present their work. Please join.
GENERAL MEETING
Meeting Time: Thurs, Aug 1, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-07-11
GSoC Presentations
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Re: In favour of what are §4.9–4.11 deprecated?
Gary O'Neall
Hi Matija,
toggle quoted messageShow quoted text
-----Original Message-----[G.O.] [G.O.] The idea is that there would be a package definition. It could be in a separate SPDX document, or more likely, as a separate SPDX package definition within the same SPDX document. The originating package definition could have the FilesAnalyzed set to false which allows for a rather small number of required fields. The origin could then be indicated by a relationship between the file and the package. -=-=-=-=-=-=-=-=-=-=-=- [G.O.] Gary
|
|
|
|
In favour of what are §4.9–4.11 deprecated?
Hi all,
I notice that in 2.1 spec the following are marked as deprecated on the file-level: • 4.9 Artifact of Project name • 4.10 Artifact of Project Homepage • 4.11 Artifact of Projecr Uniform Resource Identifier …and I wonder what was the new equivalent to get information of origin for a file in the package. Is the assumption now that files of alien origin to the analysed package must belong to a different package and that package should have its own SPDX file, to which the first SPDX file should refer to? A use common use case I can see could be how to mark font and image files that are commonly copied from elsewhere instead of each piece of software reinventing their icons and type faces. cheers, Matija Šuklje -- gsm: +386 41 849 552 www: http://matija.suklje.name xmpp: matija.suklje@gabbler.org sip: matija_suklje@ippi.fr
|
|
|
|
Minutes from July SPDX General Meeting
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2019-07-11
General Meeting/Minutes/2019-07-11< General Meeting | Minutes · Attendance: 14 · Lead by Phil Odence · Minutes of June meeting approved
Contents[hide] · 1 Special Presentations - Xavier Figouoa/ Philip Ekong Obie, GSoC · 2 Tech Team Report - Kate/Gary · 3 Legal Team Report - Jilayne/Paul/Steve · 4 Outreach Team Report - Kate Special Presentations - Xavier Figouoa/ Philip Ekong Obie, GSoC[edit]· Python Library- Adding support for more formats · Generating SPDX docs from IDs in code Tech Team Report - Kate/Gary[edit]· Spec · All known issues are addressed in 2.2 · Under discussion: · Idea of a short format for copyrights ala license IDs from FSFE · Would be added as an appendix (like license IDs) · Could use a joint tech/legal teams call · Exploring branching strategy · Pared down version, defining minimal subset (from Japan work group) · Still SPDX compliant as it will utilize mandatory fields · Part of the spec · Important to communicate that; it’s not a fork · Tools · GSoC · 8 projects total (a record) · Great progress, all passed first evaluations · Flurry of tooling work with the new license list · Better matching/copyright matching · License format improvements Legal Team Report - Jilayne/Paul/Steve[edit]· License List · 3.6 version went live yesterday · 10 new licenses and exceptions · Other mark up and doc updates · Attention now turning to 3.7 · Other topics of discussion already covered. · Namespace Project · Need to make clear the difference between LL and NS registry · NS is an option for rejected licenses · Could be a stop before being accepted
Outreach Team Report - Kate[edit]· Shane has readied the survey · Based on input from Phil, Jack, Kate, Gary · Will go do the General Meeting mailing list Cross Functional -[edit]· Will designate one Tech Call per month to include Legal Team · Third one of the month · Starting next week Attendees[edit]· Phil Odence, Black Duck/Synopsys · Jilayne Lovejoy, Canonical · Steve Winslow, LF · Gary O’Neall, SourceAuditor · Kate Stewart, Linux Foundation · Philippe Ombrédanne- nexB · Alexios Zavras, Intel · Michael Herzog- nexB · David Ryan · Dave McLaughlin, Rogue Wave · Paul Madick, Dimension Data · Mark Atwood, Amazon · Xavier Figouoa · Philip Ekong Obie
|
|
|
|
Thurs SPDX General Meeting Reminder...special guest stars this month
Phil Odence
Joining us will be two students doing Google Summer of Code projects for us. Xavier will be talking about his and Philip will do a short demo.
Xavier Figueroa, Undergraduate Computer Science student from Ecuador, first time contributing to an Open Source project Title: GSoC Project: Addtional format support for Python libraries Abstract: The GSoC Project Addtional format support for Python libraries initially implied adding support for JSON/XML/YAML formats to the SPDX Python Library, but now some additional work will be done. In this presentation, it will be covered what the project currently entails, where we are and what it is next.
Philip Ekong Obie SPDX Document Generator for projects using SPDXIDs
GENERAL MEETING
Meeting Time: Thurs, July 11, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-06-06
GSoC Presentations
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
SPDX June General Meeting Minutes (slightly belated)
Phil Odence
Note, July Meeting has been moved to July 11. June minutes: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-06-06 Thanks to Paul for hosting in my stead. Phil
L. Philip Odence General Manager, Black Duck On-Demand Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil.odence@...
General Meeting/Minutes/2019-06-06< General Meeting | Minutes · Attendance: 12 (attendance list at bottom) · Lead by Paul Madick · Minutes of May meeting approved
Contents[hide] · 2 Legal Team Report - Jilayne/Paul · 3 Outreach Team Report - Jack Manbeck Tech Team Report - Gary[edit]· Spec No issues remaining to latest spec, 8 GOSC students approved and working. Looking forward to new tools this summer. Lots of new projects adopting SPDX and Linux kernel clean up of licensing still working (about 2/3 through). Making great progress. · Tools
Legal Team Report - Jilayne/Paul[edit]· License List · GSOC student on last call. Great information. Legal Meeting minutes has the description, take a look if you are interested or would like to provide input. · Reworking the license inclusion guidelines and moving into github repository in the documentation folder. Please weigh in if you are interested in more licenses. Still looking for more volunteers to move license submissions into license approvals. · A big welcome to new co-lead of legal team Steve Winslow and a big thank you to Karen for her years of stewardship as she steps away from the co-lead position.
Outreach Team Report - Jack Manbeck[edit]· Not a lot going on now, but working on a survey. Intention is to send the survey to companies to see where they are at in using/implementing SPDX. Maybe include some community in survey, but not sure yet. General Items[edit]· Conversation: are we meeting for summer LF event in SD. Not currently, but Kate will look into getting meeting room for ½ day, etc. Jack, Paul, Kate, Steve and others are potentially available to attend at least one day in SD.
Attendees[edit]· Alexios Zavras, Intel · JC Herz, Ion Channel · Dave McLoughlin · Paul Madick, Dimension Data · Jilayne Lovejoy · Steve Winslow, LF · Kate Stewart, Linux Foundation · Alexios Zavras, Intel · Philippe Ombrédanne- nexB · Jack Manbeck · Mike Herzog · Mark Atwood
|
|
|
|
Thurs SPDX General Meeting Reminder
Phil Odence
Notes:
GENERAL MEETING
Meeting Time: Thurs, June 6, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-05-02
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
SPDX General Meeting 2018 (replacement)
Phil Odence
Moving the July 4 instance of this meeting to July 11 due to the US holiday.
***** I’m extending this recurring meeting to run through 2019. Please accept so it is updated on your calendar, however no need to send a response to me.
New dial in number:
415-881-1586 No PIN needed The weblink for screenshare will stay the same at:
|
|
|
|
Re: SW360 experience
Shane Coughlan <shane@...>
Hi Alberto
toggle quoted messageShow quoted text
FYI, we will have Michael from Siemens presenting on sw360 during the OpenChain First Monday call in June (9am Pacific on June 3rd). As a bonus we will also have Oliver discussing the Open Source Compliance Tool Chain and how we can all collaborate around that. Join the call: https://uberconference.com/openchainproject Optional US dial in number: 855-889-3011 No PIN needed If you need to use an international phone number please check: https://www.uberconference.com/international for country numbers. 1. Dial the country number based on your location. 2. Enter 855 889 3011 and then # to enter the room. Regards Shane
On May 21, 2019, at 3:29, Alberto Pianon <alberto@pianon.eu> wrote:
|
|
|
|
Re: SW360 experience
Alberto Pianon
Hi Oliver, if you arrange a web meeting on sw360 I would be glad to join. I have installed sw360 and started playing with it, but I would like to see it used by someone who masters it... Thanks! Ciao AlbertoIl 20/05/2019 08:46, Oliver Fendt ha
scritto:
|
|
|
|
Re: SW360 experience
J Lovejoy
Thanks for responding, Oliver. I've copied Steve here, as his message got caught up in the mailing list filter, as it looks likes he's not a member of the SPDX general mailing list. (Steve - you can join here: https://spdx.org/participate ) It occurred to me that perhaps a session on sw360 (and how it works with SPDX) might be a good topic for an upcoming general call? Phil - what do you think? Jilayne
On 5/20/19 2:46 AM, Oliver Fendt wrote:
|
|
|
|
Re: SW360 experience
Oliver Fendt
Hi Steve,
sw360 is an open source project under the umbrella of the Eclipse foundation. Its is a software component and product management system, which is on the one hand a system where you can manage the software components you are using no matter whether they are OSS, commercial or internal components or other artifacts on the other hand it is a system to manage your products (aka projects) in order to keep track of the bill of “materials”, to generate the OSS declaration document and source code bundles in scope of a product. For the integration in the CI/CD workflow it provides a REST API You can find the source code here: https://github.com/eclipse/sw360 Some documentation is available here: https://github.com/eclipse/sw360/wiki If you like we can arrange a web meeting since we are using sw360 in our daily work.
Ciao Oliver
Von: spdx@... <spdx@...> Im Auftrag von
Steve Kilbane
Hi all,
I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.
Thanks for any info,
steve
|
|
|
|
SW360 experience
Hi all,
I first heard about SW360 during the presentations at the Linux Open Source Summit in Edinburgh. Searching around, though, I see very little mention of it, to the point where it's difficult to see whether this is a project just finding its feet, or something that has already been abandoned. I'd be interested in hearing from anyone who is actually using it in anger, who is willing to share their experiences.
Thanks for any info,
steve
|
|
|
|
SPDX 2.1.1 specification - final review by 2019/5/21
Kate Stewart
In 2017 the project decided to move the specification from google documents to github and a repository was set up at: https://github.com/spdx/spdx-spec Before we could move forward though, we needed to make sure we weren't loosing content/introducing errors, so the decision was made to create a 2.1.1 version of the specification, with no significant content changes (only bug fixes). 2.1.1 was initially made available at: https://spdx.github.io/spdx-spec/ in 2018 by Thomas Steenbergen, in a beautiful online format (Thank you!), much improved and useful for those accessing the specification online. However we stalled out on being able to generate .pdf version to get a static copy of this version. Thanks to Jack Manbeck's efforts in 2019, we've finally got a .pdf version available to be reviewed and approved. Once this version is approved, we can start to incorporate the 2.2 changes into the specification. If there are no significant regressions found compared to 2.1 in the review window, we will log this as the 2.1.1 version and start to incorporate the 2.2 content and features that have been agreed on over the last year into the reference version of the specification on github. The review window for the 2.1.1 candidate will end on 2019/5/20. If you have any concerns, please either open an issue at https://github.com/spdx/spdx-spec (against 2.1.1 milestone) or join us on the spdx-tech call to discuss. Thanks, Kate
|
|
|
|
Thursday SPDX General Meeting Reminder with Special Presentation
Phil Odence
Our “guest” presentation for this session feature guest Aaron Williamson (whom you are probably aware was counsel for the SFLC) and non-guest Jilayne. The twosome collaborated on the handbook they will discuss:
The Fintech Open Source Foundation (FINOS) recently released the Open Source License Compliance Handbook, a resource of practical compliance information about common open source licenses. FINOS launched the project to support its members in building more mature compliance processes and made the content (and code) open source to encourage adoption and contribution by the community. The handbook's "source code" is a collection of machine-readable YAML text files that can be compiled into a single document (using the supplied python script) or incorporated easily into databases and other systems. Aaron will discuss the project, the decisions behind its design, and plans for the future.
Aaron Williamson is General Counsel and Director of Governance at the Fintech Open Source Foundation (FINOS), a nonprofit foundation promoting open source collaboration in the financial services industry. In addition to managing the Foundation’s legal affairs, he leads the Foundation’s Open Source Readiness Program, helping members to develop policies and processes that enable productive engagement with open source. He also co-organizes the FINOS Open Source Strategy Forum, an annual conference on open source in financial services.
GENERAL MEETING
Meeting Time: Thurs, May 2, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-04-04
Special Presentation – Jilayne/Aaron
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
April SPDX General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2019-04-04
L. Philip Odence General Manager, Black Duck On-Demand Synopsys Software Integrity Group, Burlington, MA M (781) 258-9502 | phil.odence@...
General Meeting/Minutes/2019-04-04< General Meeting | Minutes · Attendance: 18 · Lead by Phil Odence · Minutes of March meeting approved
Contents[hide] · 1 Special Presentation - Gary/Steve · 3 Legal Team Report - Jilayne/Paul · 4 Outreach Team Report - Jack Manbeck Special Presentation - Gary/Steve[edit]· SPDX: Bridging the Compliance Tool Gap Tech Team Report - Gary[edit]· Spec · Starting to put out 2.1.1 in pdf form · Kudos to Jack · Starting in on 2.2 · Tools · GSoc · Very active · Lots of students and mentors · Good project Legal Team Report - Jilayne/Paul[edit]· License List · 3.5 Release out! · 7 new licenses and exceptions · including 3 open hardware licenses · More open hw planned for 3.6
Outreach Team Report - Jack Manbeck[edit]· Rethinking a bit and redefining · Survey is next step
Attendees[edit]· Phil Odence, Black Duck/Synopsys · Steve Winslow, LF · Nisha Kumar, VMWare · Dave Huseby, LF · Alexios Zavras, Intel · Nicolas Toussaint, Orange · Mark Atwood, Amazon · Kate Stewart, Linux Foundation · Gary O’Neall, SourceAuditor · Jilayne Lovejoy · Philippe Ombrédanne- nexB · JC Herz, Ion Channel · Andrew Sinclair, Canonical · Paul Madick, Dimension Data · Jack Manbeck, TI · Michael Herzog- nexB · Mark Baushke, Juniper · Stephanie, Qualcomm · Uwe, Qualcomm
|
|
|
|
SPDX License List version 3.5 now live
J Lovejoy
Hi all,
Version 3.5 of the SPDX License List is now released. Most notably, we have added several open hardware licenses (CERN and TAPR), which I think is a really sensible and exciting addition, considering we already have open documentation and data licenses on the list. We are still missing the Solderpad licenses, but those are slated to be added for the 3.6 release. Highlights include: - New licenses/exceptions added: 7
- Addition of markup to various licenses and other minor updates - Add page describing entire workflow for adding a new license in /DOCS directory thanks, Jilayne
|
|
|
|
Thursday SPDX General Meeting Reminder.
Phil Odence
Our talk for this session with be from Gary O’Neall and Steve Winslow:
SPDX: Bridging the Compliance Tool Gap Any organization which utilizes open source software needs to comply with the open source license terms and the specific security policies of their industry. To satisfy the basic requirement of knowing the specific open source packages included in the software, several tools have been produced which create or manage a software “Bill of Materials”. The Software Package Data Exchange (SPDX) defines a standard format for a Bill of Materials which can facilitate harmonious integration of multiple tools.
This is a reprise of a very well-received talk they gave at the LF Open Source Leadership Summit earlier this month. If you have colleagues, friends or partners that would like to learn SPDX, this would be great 30 minute intro. Please invite them.
GENERAL MEETING
Meeting Time: Thurs, April 4, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-03-07
Special Presentation – Gary/Steve
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Krys Nuvadga
Hi Belen, Welcome to SPDX, We are glad you find our project idea interesting. Join the developers community on gitter at https://gitter.im/spdx-org/Lobby to discuss your ideas and questions. Best regards
On Sat, Mar 30, 2019 at 7:46 PM Maria Belen Guaranda <mabegc@...> wrote: Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License Repository Application" for SPDX in this year's GSoC. I have solid background in web development, both front-end (HTML,CSS,Vue,Boostrapa) and back-end (Django,Node,Nginx,SQL and NoSQL databases), as well as testing (Travis,Pylint,Coveralls,UnitTests). I'd like to discuss some details and doubts with the mentor if possible. -- krys Nuvadga Piar, Inc.
|
|
|
|
Maria Belen Guaranda <mabegc@...>
Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License Repository Application" for SPDX in this year's GSoC. I have solid background in web development, both front-end (HTML,CSS,Vue,Boostrapa) and back-end (Django,Node,Nginx,SQL and NoSQL databases), as well as testing (Travis,Pylint,Coveralls,UnitTests). I'd like to discuss some details and doubts with the mentor if possible.
Best regards, Belen
|
|
|
