Minutes from Sept SPDX General Meeting

Philip Odence

General Meeting/Minutes/2015-09-03

  • Attendance: 12
  • Lead by Phil Odence
  • Minutes of August meeting approved

Open Compliance Program - Kate[edit]

  • Motivations for relaunch:
    • Information on the web site is stale. (FOSSbazaar community isn't active anymore, etc.)
    • Recognition we need to make useful information more accessible to developers
    • The OSS world is changing- cybersecurity for example
    • FOSSology is coming into LF as a project
  • What’s happening
    • New look, new content
    • Highlighting open standards that help with compliance
    • Funneling people to projects and workgroups
    • Highlighting OSS and commercial tools that support SPDX
      • FOSSology will help with upstream adoption
      • Hope is to attract developers
    • Updating educational materials
      • Currently only targeted at large organizations
      • Putting the focus on what the developers need to know and will find useful. 
  • Will be rolled out and announced in first part of Q4 
    • New logos and branding for compliance
    • Target to get SPDX pages lined up to take advantage by start of October. 
    • Current pillar approach will persist, but details under will change/consolidate
  • New Logo for SPDX
    • Group preference is for Option 2
  • Kate is looking for help in identifying companies and products using SPDX and the License List
    • Please send Kate pointer to any projects you're aware of that consume or produce SPDX
    • Jack suggested starting with what's on the SPDX page, and building up from there. 
  • Would like to get 2.0 spec rendered as a web page
    • Jack has starting point, Kate volunteers to help clean up
    • Discussion as to future representations of spec. 
  • LF will help with other aspects of branding now that logo decision made. 
    • Powerpoint templates, etc.
    • Style guide, fonts, etc?
  • LC Europe Add on Event
    • Supply chain mini summit on October 8
    • Stefano will present on Debsource DB work
    • Also presenting will be Uday from UNO
    • Rough agenda and signup sheet will be going up soon

Tech Team Report - Kate[edit]

  • New development over the summer
    • Debsources DB now generating SPDX. work done as GSOC project by Orestis advised by Stefano Zacchiroli
    • some discussion about adding sha256 as alternative to sha1 for manditory field. 
  • 2.1 Progress
    • External package proposal from Yev reviewed and is slated to be included.
    • External ID proposal has some feedback on Debian Repository aspect which will be discussed on spdx-tech list
    • Some further work on Security inclusion for 2.1
    • Snippet work coming back to the fore of active discussions.

Legal Team Report - Jilayne[edit]

  • Some bug reports on template markups
    • Maintenance is getting burdensome
    • Triggered discussion about how to set License List up for multiple contributions
    • Somewhat like an open source project
    • Active work going on to define how it would work
  • Other discussions
    • MarkG working on proposal for handling standard headers
      • Mark up existing
      • Concept of suggested header for licenses that don’t have standard

Biz Team Report - Jack[edit]

  • Mostly focused on website changes

Cross Functional Topics - Phil[edit]


  • Phil Odence, Black Duck
  • Mark Gisi, Wind River 
  • Scott Sterling, Palamida 
  • Kate Stewart, Linux Foundation
  • Jack Manbeck, TI
  • Michael Herzog- nexB
  • Pierre LaPointe, nexB 
  • Yev Bronshteyn, Black Duck
  • Jilayne Lovejoy, ARM
  • Hassib Khanafer, Protecode
  • Matt Germonprez, UNO
  • Brian Gartner, SuSE