Date   

Re: Jan 3 SPDX General Meeting Reminder

Phil Odence
 

Apologies for the extra email, but someone kindly pointed out an error on my part. The correct time for the General Meeting is 16:00 UTC.

Meeting Time: Thurs, Jan 3, 8am PT / 10 am CT / 11am ET / 16:00 UTC. 

 

From: "podence@..." <podence@...>
Date: Wednesday, January 2, 2019 at 8:17 AM
To: "spdx@..." <spdx@...>
Cc: JC Herz <jc.herz@...>
Subject: FW: Jan 3 SPDX General Meeting Reminder

 

Re-reminding now that most folks are back from the holidays.

 

From: "podence@..." <podence@...>
Date: Thursday, December 20, 2018 at 10:04 AM
To: "spdx@..." <spdx@...>
Cc: JC Herz <jc.herz@...>
Subject: Jan 3 SPDX General Meeting Reminder

 

Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.

 

A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications. 

 

Here's what she’ll be talking about-

“Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)”

In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components. 

 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06

 

Guest Speaker  – JC Herz

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

L. Philip Odence
General Manager, Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 101, Burlington, MA 01803-5061
Note new work #: W: +1.781.313.6801; M: +1.781.258.9502

www.blackducksoftware.com  

 

 


FW: Jan 3 SPDX General Meeting Reminder

Phil Odence
 

Re-reminding now that most folks are back from the holidays.

 

From: "podence@..." <podence@...>
Date: Thursday, December 20, 2018 at 10:04 AM
To: "spdx@..." <spdx@...>
Cc: JC Herz <jc.herz@...>
Subject: Jan 3 SPDX General Meeting Reminder

 

Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.

 

A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications. 

 

Here's what she’ll be talking about-

“Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)”

In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components. 

 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06

 

Guest Speaker  – JC Herz

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

L. Philip Odence
General Manager, Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 101, Burlington, MA 01803-5061
Note new work #: W: +1.781.313.6801; M: +1.781.258.9502

www.blackducksoftware.com  

 

 


Jan 3 SPDX General Meeting Reminder

Phil Odence
 

Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year.

 

A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications. 

 

Here's what she’ll be talking about-

“Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)”

In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components. 

 

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06

 

Guest Speaker  – JC Herz

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

L. Philip Odence
General Manager, Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 101, Burlington, MA 01803-5061
Note new work #: W: +1.781.313.6801; M: +1.781.258.9502

www.blackducksoftware.com  

 

 


Meeting Minutes from December General Meeting

Gary O'Neall
 

Meeting minutes from this month’s general meeting have been published at https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06

 

Regards,
Gary

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

 


SPDX Nov General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-11-01 

 

General Meeting/Minutes/2018-11-01

< General Meeting‎ | Minutes

·         Attendance: 6

·         Lead by Phil Odence

·         Minutes of Oct meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Kate/Gary

·         2 Legal Team Report - Jilayne

·         3 Outreach Team Report - All

·         4 Attendees

Tech Team Report - Kate/Gary[edit]

·         Spec

·         Ceva discussions

·         Looking at fields that we might incorporate

·         Security

·         Evidence

·         Idea is to bring in as a separate section

·         Good Progress

·         Some discussions with NTIA Group as well

·         SWID

·         May start using the security mailing list soon

·         Tooling

·         Multiple formats

·         Challenges solves

·         XML, JSON, YAML, Tag value, RDF

·         Attention back to updating tooling with spec

·         Some concern about file sizes with certain packages/formats

·         May simply be an issue of LOTS of files

·         Generating License List 

·         Didn’t work perfectly

·         Giving another run

·         Updating tooling for license submittal/editing

·         A few bugs need to be worked around

 

Legal Team Report - Jilayne[edit]

·         There’s a fair backlog of issues to work through

·         Ongoing process

·         3.1 Is out

·         Started new practice of release notes

·         Tooling and new request system has to be nailed down

·         People are going through multiple paths/processes

·         Need to standardize

·         Tooling is close

·         Need a few more text fields

·         All submissions seem to come from Gary

·         License inclusion guidelines

·         Inbound request regarding open hardware languages

·         Already included open data license

·         May need to revisit inclusion guidelines

·         OSI discussion about naming issues with SPDX

·         Need to find opportunity for better collaboration 

 

Outreach Team Report - All[edit]

·         Seems to be a lot more use of SPDX in the wild than we are aware of

·         How do we run down and catalog?

·         Wonder if it’s time for another poll

·         Last poll results: https://spdx.org/sites/cpstandard/files/pages/files/spdx_survey_results_may_2013.zip

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Kate Stewart, Linux Foundation

·         Gary O’Neall, SourceAuditor

·         Andrew Katz, Orcro

·         Jilayne Lovejoy

·         Steve Winslow, LF

 


Re: Today SPDX General Meeting Reminder

Paul Madick
 

Hi Phil, 

I have a conflict today so will miss the meeting. I will be on the legal call after. 

Best, 

Paul






-------- Original message --------
From: Phil Odence <phil.odence@...>
Date: 11/1/18 12:48 AM (GMT-08:00)
To: spdx@...
Subject: [spdx] Today SPDX General Meeting Reminder



No guest presentation this month, so anticipate a shorter meeting.

 

(I’m open to ideas for guest presentations.)

 

GENERAL MEETING

 

Meeting Time: Thurs, Nov 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04

 

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

L. Philip Odence
General Manager, Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 101, Burlington, MA 01803-5061
Note new work #: W: +1.781.313.6801; M: +1.781.258.9502

www.blackducksoftware.com  

 

 



itevomcid


Today SPDX General Meeting Reminder

Phil Odence
 

No guest presentation this month, so anticipate a shorter meeting.

 

(I’m open to ideas for guest presentations.)

 

GENERAL MEETING

 

Meeting Time: Thurs, Nov 1, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04

 

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

L. Philip Odence
General Manager, Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 101, Burlington, MA 01803-5061
Note new work #: W: +1.781.313.6801; M: +1.781.258.9502

www.blackducksoftware.com  

 

 


OpenChain Recap - Week of 22nd October - Open Source Summit Europe

Shane Coughlan <coughlan@...>
 

It was a huge week last week. Quick recap of the major items below.
tl;dr - Toshiba is a Platinum Member, SUSE is OpenChain Conformant, Sony and Fujitsu shared knowledge

We had two slide decks shared via the OpenChain Workshop (see bottom of mail). These boil down to two data points:
(1) Fujitsu is actively using SPDX and wants to work with everyone else using this standard for describing information in software packages.
(2) Sony has identified that it is important to include Sales/Marketing in the discussions around OpenChain and open source compliance. This builds on prior identification of the importance of making sure Procurement can understand OpenChain.

For (1), I am going to hand over to Kate and the team at SPDX to discuss collaboration with Ueba San at Fujitsu. All in CC.

For (2), we have a clear understanding that we need to formulate onboarding/introduction material for:
(i) Procurement
(ii) Sales/Marketing
Nathan (chair of onboarding), would it make sense for us to open a couple of Google Docs to collaborate on this?

== Big News ==

Toshiba Joins the OpenChain Project as a Platinum Member:
“OpenChain is not just a project for OSS license compliance, it also helps to improve mutual trust and effective communication between open source developers and users,” says Tetsuji Fukaya, Director of the Corporate Software Engineering and Technology Center of Toshiba Corporation. “Open source is publicly recognized as an essential part of digital transformation and widely used in numerous products. In order to use open source appropriately, we think that license compliance alone is not enough. Mutual trust between developers and users is also essential. OpenChain will be key to achieve both. For that reason, we feel proud of being part of the OpenChain Project.”
https://www.linuxfoundation.org/press-release/2018/10/toshiba-joins-the-openchain-project-as-a-platinum-member/

SUSE Joins the OpenChain Community of Conformance:
“For more than 25 years, SUSE has created and engaged with open source communities as a foundation for its enterprise solutions,” said Thomas Di Giacomo, SUSE CTO. “We always engage with the community to better meet customer needs, and our OpenChain certification is another indication to enterprises that we are committed to making their experience with open source software more reliable and cost effective.”
https://www.linuxfoundation.org/press-release/2018/10/suse-joins-the-openchain-community-of-conformance/

== OpenChain Workshop Contributions ==

Improvements in meta spdxscanner through FOSSology - Ueba San:
https://www.slideshare.net/ShaneCoughlan3/improvements-in-meta-spdxscanner-through-fossology-ueba-san

Two aspects for OpenChain BoF session - Ueda San:
https://www.slideshare.net/ShaneCoughlan3/two-aspects-for-openchain-bof-session-ueda-san

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance


SPDX Sept General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-10-04

 

General Meeting/Minutes/2018-10-04

< General Meeting‎ | Minutes

·         Attendance: 8

·         Lead by Phil Odence

·         Minutes of Sept meeting approved 

 

Contents

 [hide

·         1 Tech Team Report - Kate/Gary

·         2 Legal Team Report - Jilayne

·         3 Outreach Team Report - Jack

·         4 Attendees

Tech Team Report - Kate/Gary[edit]

·         Spec

·         Focus on multiple formats

·         How do deal with XML, JSON, YAML

·         Proposal to link to software heritage identifies

·         SW heritage- presentation came out recently on how code should be ID’ed in repos

·         Seems to make sense to extend references to point to

·         General agreement on last tech call

·         Tooling

·         Got integrated on line tools up

·         License submittal

·         XML editor

·         Beta quality, ready to go. http://spdxtools.sourceauditor.com

·         GSOC has worked very well

·         Should thank Google

·         Post on Website

·         Could use some social media

·         Topic for Outreach 

·         May want to point projects to FSF software reuse site which advocates SPDX

·         Would be a good credibility builder

·         The link is on the site, but not easy to find

·         Other Groups

·         NTIA- Government group defining a BoM standard

·         Prototype work in health care

·         Fingers crossed that they will use SPDX

·         SWID

·         Active discussion

·         Mapping fields between SPDX an SW

·         Other groups may be able to use our use cases

·         They are wrestling with what is a components

·         Also, how a company can keep their own supplementary license list

·         Can do via a SPDX doc that is just licenses and make external reference to

·         Steve W will help out

Legal Team Report - Jilayne[edit]

·         New license backlog

·         Trying to clear out for next release

·         Looking forward to new tooling

·         Could use testing help

·         Need some Python help on the tools

·         Mostly fixing up formatting stuff

Outreach Team Report - Jack[edit]

·         Little activity

·         Regrouping

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Kate Stewart, Linux Foundation

·         Gary O’Neall, SourceAuditor

·         Matthew Crawford, ARM

·         Jilayne Lovejoy, ARM

·         Jack Manbeck, TI

·         Steve Winslow, LF

·         Mark Atwood, Amazon

 


Thursday SPDX General Meeting Reminder

Phil Odence
 

 No guest presentation this month, so anticipate a shorter meeting.

 

(I’m open to ideas for guest presentations.)

 

GENERAL MEETING

 

Meeting Time: Thurs, Oct 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-09-06

 

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 

L. Philip Odence
General Manager, Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 101, Burlington, MA 01803-5061
Note new work #: W: +1.781.313.6801; M: +1.781.258.9502

www.blackducksoftware.com  

 

 


Re: Thursday SPDX General Meeting Reminder

Häb Tïñø
 

On 4 Sep 2018 10:45 p.m., "Phil Odence" <phil.odence@...> wrote:
>
> This month’s guest speaker is Mark Gisi.  Many of you know Mark from his big contributions over the years to SPDX and OpenChaiun. He has a really interesting topic to share.
>
> I’m disappointed that I have a conflict. One of the other SPDX Core Team Members will host.
>
> Phil Odence
>
>  
>
> Abstract
>
> -----------
>
> The union of SPDX data and a blockchain ledger is a match made in heaven. This union enables us to provide both *accountability* and *access* to SPDX data for manufactured products that are comprised on software components contributed by dozens of suppliers. We will present a use case of how we track SPDX data (along with source code and notices)  across the manufacturing supply chain of a device running the Zephyr operating system runtime.
>
> Bio
>
> ----
>
> Mark Gisi, Directory of Intellectual Property and Open Source at Wind River Systems, has been managing Open Source policies and programs for the past 12 years. Mark contributes to the Linux Foundation’s SPDX project, OpenChain Project and the Hyperledger Project’s SParts (Software Parts) lab initiative. Mark holds a MS degree in Computer Science and a BS degree in Mathematics.
>
>  
>
>  
>
> GENERAL MEETING
>
>  
>
> Meeting Time: Thurs, Sept 6, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
>
>
> Conf call dial-in:
>
> New dial in number: 415-881-1586
>
> No PIN needed
>
> The weblink for screenshare will stay the same at: 
> http://uberconference.com/SPDXTeam
>
>  
>
> Administrative Agenda
>
> Attendance
>
> Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-08-02
>
>  
>
> Guest Presentation – Mark
>
>  
>
> Technical Team Report – Kate/Gary
>
>  
>
> Legal Team Report – Jilayne/Paul
>
>  
>
> Outreach Team Report – Jack
>
>  
>
> Any Cross Functional Issues –All
>
>  
>


Thursday SPDX General Meeting Reminder

Phil Odence
 

This month’s guest speaker is Mark Gisi.  Many of you know Mark from his big contributions over the years to SPDX and OpenChaiun. He has a really interesting topic to share.

I’m disappointed that I have a conflict. One of the other SPDX Core Team Members will host.

Phil Odence

 

Abstract

-----------

The union of SPDX data and a blockchain ledger is a match made in heaven. This union enables us to provide both *accountability* and *access* to SPDX data for manufactured products that are comprised on software components contributed by dozens of suppliers. We will present a use case of how we track SPDX data (along with source code and notices)  across the manufacturing supply chain of a device running the Zephyr operating system runtime.

Bio

----

Mark Gisi, Directory of Intellectual Property and Open Source at Wind River Systems, has been managing Open Source policies and programs for the past 12 years. Mark contributes to the Linux Foundation’s SPDX project, OpenChain Project and the Hyperledger Project’s SParts (Software Parts) lab initiative. Mark holds a MS degree in Computer Science and a BS degree in Mathematics.

 

 

GENERAL MEETING

 

Meeting Time: Thurs, Sept 6, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-08-02

 

Guest Presentation – Mark

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 


Re: OpenChain @ Open Source Summit 2018 (Vancouver) on August 28th

Shane Coughlan <coughlan@...>
 

Dear all

This is the final schedule for the OpenChain workshop at Open Source Summit North America today:
13:00 - Welcome and Status Update
13:10 - Work Team - Conformance
13:30 - Adjacent Project Status Overviews
- SPDX
- FOSSology
- Clearly Defined
14:00 - Networking Break
14:30 - Forward Planning - Strategy and Tactics
15:00 - Work Team - Specification
15:50 - Networking Break
16:20 - Work Team - Curriculum
16:40 - Work Team - Onboarding
17:00 - Close

Join us between 1:00 – 5:00 pm at Room 205, Vancouver Convention Centre West

Regards

Shane

On Aug 27, 2018, at 3:10, Shane Coughlan <coughlan@...> wrote:

Dear all

This is a reminder that there will be an OpenChain workshop at Open Source Summit North America this week. We are coordinating with our friends at the SPDX Project, who also have a workshop on the 28th, to ensure people can attend key parts of both.

Here are our details:

OpenChain Mini Summit
Date: Tuesday, August 28
Time: 1:00 – 5:00 pm
Location: Room 205, Vancouver Convention Centre West
Registration Costs: Complimentary

Here is our schedule:
13:00 - Welcome and Status Update
13:10 - Work Team - Conformance
13:30 - Forward Planning - Strategy and Tactics
14:00 - Networking Break
14:30 - Adjacent Project Status Overviews
- SPDX
- FOSSology
- Clearly Defined
15:00 - Work Team - Specification
15:50 - Networking Break
16:20 - Work Team - Curriculum
16:40 - Work Team - Onboarding
17:00 - Close

Public announcement here:
https://www.openchainproject.org/news/2018/08/17/openchain-workshop-open-source-summit-north-america

There will be an informal OpenChain social gathering at 6pm in the Mosaic Grill in the Hyatt Regency at 6pm. Spaces are limited to 20 people. We only have a couple of spots (literally) left so RSVP is strongly advised.

I look forward to seeing you in Vancouver!

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance




OpenChain @ Open Source Summit 2018 (Vancouver) on August 28th

Shane Coughlan <coughlan@...>
 

Dear all

This is a reminder that there will be an OpenChain workshop at Open Source Summit North America this week. We are coordinating with our friends at the SPDX Project, who also have a workshop on the 28th, to ensure people can attend key parts of both.

Here are our details:

OpenChain Mini Summit
Date: Tuesday, August 28
Time: 1:00 – 5:00 pm
Location: Room 205, Vancouver Convention Centre West
Registration Costs: Complimentary

Here is our schedule:
13:00 - Welcome and Status Update
13:10 - Work Team - Conformance
13:30 - Forward Planning - Strategy and Tactics
14:00 - Networking Break
14:30 - Adjacent Project Status Overviews
- SPDX
- FOSSology
- Clearly Defined
15:00 - Work Team - Specification
15:50 - Networking Break
16:20 - Work Team - Curriculum
16:40 - Work Team - Onboarding
17:00 - Close

Public announcement here:
https://www.openchainproject.org/news/2018/08/17/openchain-workshop-open-source-summit-north-america

There will be an informal OpenChain social gathering at 6pm in the Mosaic Grill in the Hyatt Regency at 6pm. Spaces are limited to 20 people. We only have a couple of spots (literally) left so RSVP is strongly advised.

I look forward to seeing you in Vancouver!

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance


August SPDX General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-08-02


 

General Meeting/Minutes/2018-08-02

< General Meeting‎ | Minutes

·         Attendance: 12

·         Lead by Phil Odence

·         Minutes of July meeting approved 

Contents

 [hide

·         1 Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi

·         2 Tech Team Report - Kate/Gary

·         3 Legal Team Report - Jilayne/Paul

·         4 Outreach Team Report - Jack

·         5 Attendees

Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi[edit]

·         Idea- Automatically generating SPDX docs as part of CI process

·         Scope

·         Focused on Travis CI, NPM and Python

·         Demo

·         Add an install and SPDX build script to build script

·         And some statements to push the SPDX docs to the repo

·         Future extensions

·         Pushing to GItHub as a commit

·         Other CI systems

·         Has been designed generically enough to be extensible to other languages and environments

 

Tech Team Report - Kate/Gary[edit]

·         Tooling

·         Mostly GSoC work

·         License XML Editor

·         Gary posting new version today  http://spdxtools.sourceauditor.com

·         If you want to test, make it clear that these are tests, to make clear in the pull requests

·         Spec work

·         Working for consistency in external identifiers

·         Interest coming up from security community

·         SWID

·         NTIA conference that featured SPDX

·         Working in interop and SPDX standardization

·         Looking at spinning up a security subgroup

·         Interest from US House and Senate in a SW BoM and SPDX is on the docket

·         NIST and other organizations are involved in the background 

 

Legal Team Report - Jilayne/Paul[edit]

·         3.2 is out

·         Some clean up of old issues in process

·         Request to that legal folks try out Tushar’s tool

·         Exceptions

·         The term is imperfect as it handles some items that are not “exceptions” per se

·         Patent grants, for example

·         Considering changing the term to be more neutral and inclusive

·         “Modifiers” maybe? 

·         Will send an email to a wide audience get people thinking about it and set up a special meeting

 

Outreach Team Report - Jack[edit]

·         Website

·         Making more sense of the License List and Documents section

·         Shane Coughlin, from Open Chain, is getting involved

·         Outreach to companies

·         New time for Outreach calls is 7pm EDT

·         (Shane is in Japan)

·         OSS Summit

·         Backoff on the Tuesday

·         And a session on Consuming SPDX

 

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Ndip Tanyi, Alberta University

·         Tushar Mittal, GSoC Student

·         Gary O’Neall, SourceAuditor

·         Yash Nisar, GSoC Student

·         Jack Manbeck, TI

·         Steve Winslow, LF

·         Jilayne Lovejoy, ARM

·         Paul Madick, Dimension Data

·         Mike Dolan, Linux Foundation

·         Matije Suklje, Liferay

·         Mark Atwood, Amazon

 


Thursday SPDX General Meeting Reminder

Phil Odence
 

This month’s guest speaker is one of our Google Summer of Code Students, Ndip Tanyi.  Originally from Cameroon where he did his undergraduate. He is currently enrolled in a masters degree in computer science at Alberta University. He is passionate about computer code and innovation as a whole.

 

Ndip will be speaking about his project, a build tool for SPDX file generation. The idea is to create plug-ins to support generating valid SPDX docs in continuous integration environments.

 

GENERAL MEETING

 

Meeting Time: Thurs, Aug, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-07-11

 

Guest Presentation – Ndip

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul

 

Outreach Team Report – Jack

 

Cross Functional Issues –All

 


SPDX July General Meeting Minutes

Phil Odence
 

https://wiki.spdx.org/view/General_Meeting/Minutes/2018-07-11

 

 

General Meeting/Minutes/2018-07-11

< General Meeting‎ | Minutes

·         Attendance: 10

·         Lead by Phil Odence

·         Minutes of June meeting approved 

Contents

 [hide

·         1 Guest Presentation, Online XML Editor- Tushar Mittal

·         2 Tech Team Report - Gary

·         3 Outreach Team Report - SteveW

·         4 Legal Team Report - Jilayne

·         5 Attendees

Guest Presentation, Online XML Editor- Tushar Mittal[edit]

·         XML Editor for Editing Licenses

·         For contributors to License List

·         Demo

·         User can 

·         upload flies, or

·         Specify one of the current licenses

·         Options

·         Text, Tree, Split View Editor

·         Text

·         Editor guides to sticking with SPDX license schema

·         Beautify cleans up XML nicely

·         Tree Editor

·         Operates on the same file

·         Easy way to modify attributes

·         Legal team is very enthusiastic about the tool

·         It will make their lives much easier.

 

Tech Team Report - Gary[edit]

·         GSoC

·         Good progress across the board

·         Tushar obviously has done some great work

·         Additionally upgrading Python libraries and work on build tools

·         Most calls focused on 2.2 list of potential enhancements and issues

·         Progress a little slow due to vacations

·         LinuxCon NA, Vancouver

·         There will be some tools work going on

·         Anyone interested should contact Gary or email the list

 

Outreach Team Report - SteveW[edit]

·         SPDX short form IDs has gone live

·         Includes guidelines for developers who want to add IDs to their files

·         https://spdx.org/ids

Legal Team Report - Jilayne[edit]

·         V3.2 of License List just released

·         Will be updating General Mailing list including stats on new licenses

·         Continuing to monitor pull requests

·         Today’s meeting will recap old/stale

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Tushar Mittal, GSoC Student

·         Gary O’Neall, SourceAuditor

·         Yash Nisar, GSoC Student

·         Dave Marr, Qualcomm

·         Steve Winslow, LF

·         Matthew Crawford, ARM

·         Mark Atwood, Amazon

·         Jilayne Lovejoy, ARM

·         Bradlee Edmondson, Harvard

 

 


Software Component Transparency - remote participation for July 19 meeting

John Scott
 

Fyi

On July 10, 2018 at 4:12:18 PM, John Scott (john.scott@...) wrote:

Thank you for your interest in NTIA’s multistakeholder process on Software Component Transparency. We will circulate a draft agenda and final details shortly, but many of you have asked for the remote participation information.  The meeting will be:

 

Date: July 19, 2018

Time: 10:00 a.m. to 4:00 p.m., ET

Location: 1735 New York Ave., NW., Washington, DC 20006

Webcast: https://www.ntia.doc.gov/other-publication/2018/webcast-071918-meeting-promoting-software-component-transparency  

Toll free Call Bridge:  888-989-6417   Passphrase: NTIA

Toll & International Dial-in:  517-308-9221   Passphrase: NTIA

 

More information is available on the website at https://www.ntia.doc.gov/SoftwareTransparency. No registration is necessary.  

 

As always, please don’t hesitate to reach out if you have any questions.

allan


Reminder: Next SPDX General Meeting and Special Guest July 12

Phil Odence
 

Hello All,

 

A reminder that we are pushing this month’s meeting out a week due to the US Holiday on Wednesday.

 

Joining us on the 12th will be one of our Google Summer of Code students, Tushar Mittal. Here’s what he’ll be presenting:

 

[GSoC Project Overview] Online XML Editor

In this presentation, we'll talk about the work done on the XML editor project. It will include talking about the project and then a small presentation on what all features are provided and how to use them. This will help the members to understand the project better and give reviews, which would sum up to make the project more usable and user-friendly.  

 

Tushar Mittal is a Computer Science undergraduate who loves to make things which makes life easier and solve problems. He is an active Open Source contributor and GSoC intern. He has a keen interest in everything related to Machine Learning and Blockchain. His favorite programming language is Python and currently, he mostly works with web development projects.

 

See you then!

 

Best,

Phil

L. Philip Odence
General Manager, Black Duck On-Demand
Synopsys Software Integrity Group
800 District Avenue, Suite 101, Burlington, MA 01803-5061
Note new work #: W: +1.781.313.6801; M: +1.781.258.9502

www.blackducksoftware.com  

 

 


SPDX General Meeting 2018 (replacement)

Phil Odence
 

When: Occurs every month on the first Thursday of the month from 11:00 AM to 12:00 PM effective 8/2/2018 until 2/2/2019. (UTC-05:00) Eastern Time (US & Canada)
Where: Bridge info enclosed

*~*~*~*~*~*~*~*~*~*

Please accept so this recurring meeting is on your calendar, however no need to send a response to me.



New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:
http://uberconference.com/SPDXTeam



MEETING MINUTES FOR REVIEW: http://spdx.org/wiki/meeting-minutes-and-decisions