SPDX Aug General Meeting Minutes

Philip Odence

Here are the minutes






L. Philip Odence
VP/General Manager Black Duck On-Demand
Black Duck Software, Inc.
800 District Avenue, Suite 201
Burlington, MA 01803-5061
E: podence@...
O: +1.781.425.4479
M: +1.781.258.9502
Skype: philip.odence





General Meeting/Minutes/2017-08-03

General Meeting‎ | Minutes

  • Attendance: 10
  • Lead by Phil Odence
  • Minutes of July meeting approved 




Guest Presentation - Rohit[edit]

  • Studying computer science in India
    • Working with SPDX for a number of months
    • Great experience in learning about how open source works
    • And, was surprised to learn about license issues
  • Project- On line SPDX tools
    • move existing tools to web interfaces
    • started with simple UI
      • and, of course, used open source
      • java and python
      • needed a java VM
      • finally found a project that worked for him
  • Three tools
    • Validation tool
    • Converter tool
    • Comparison tool
  • Vailidation Tool
    • Very simple UI
    • Basically just upload a file
    • Returns result of SPDX compatibility errors
    • Works for both tag value and RDF
  • Comparison Tool
    • takes two file inputs (for comparison)
    • after files uploaded, they go through validation
    • If so, they are compared
    • output is Excel sheet, saved on the server, user gets download link
  • Conversion Tool
    • conversions between format types
    • user selects type of conversion
    • returns required format
      • similar to spreadsheet, stored on server with download link
  • Next steps
    • creating API so other applications can call
    • benefit is that java tool prereqs don’t need to be called
  • Rohit went through a very short demo but will set up a more detailed one with the Tech Team


Tech Team Report - Kate/Gary[edit]

  • Spec
    • Got through all of the topics in the Google Doc
    • Making good progress
  • 2.2 v 3.0 discussion
    • Still open to input on burning use cases that aren’t covered
    • Please feel free to provide input 
  • Tooling
    • most of the focus has been on GSoC
      • everyone is making great progress 
      • evaluation last week and everyone passed!
    • Progress on Python libraries
    • Helping legal team with tooling


Legal Team Report - Jilayne/Paul[edit]

  • Uptick in activity on XML review
    • Brad and Alexios have been great
    • This has been a longstanding need, so great to see progress
  • Discussion about Linus’ note on Linux and GPL
    • Will be added to license list
  • On the plate now: Lots of chatter on email list about implications of adding “+” operator
    • background
      • used to have two different licenses to handle “only” and “or later”
      • now using an operator
      • left “GPL only”
    • It’s created some problems
      • current meaning of GPL-2
      • problems with standard header
    • reached a conclusion about how to handle going forward
    • Best option
      • deprecate plus operator
      • go back to two different licenses
        • doesn’t really apply to other licenses anyway
        • we believe, but still open for discussion
    • big topic on legal call today
  • License comparison tool, web-based
  • API thought from Phil
    • Assuming we publish APIs for hosted tools, we will need to specify terms of use.


Outreach Team Report - Jack[edit]

  • Jack unavailable. His email input:
    • Update from my side is that we are still working on fleshing out and documenting the program tools that can scan licenses and generate/read spdx documents.
    • Kate- Also talking about how to come up with a test suite for tools to make sure tools correctly read/generate SPDX



  • Phil Odence, Black Duck
  • Rohit Lodha, Google Summer of Code
  • Gary O’Neall, SourceAuditor
  • Uday Shankar, Black Duck
  • Alexios Zavras, Intel
  • Matija Suklje, FSFE
  • Kate Stewart, Linux Foundation
  • Bradlee Edmondson, Harvard
  • Jilayne Lovejoy, ARM
  • Michael Herzog- nexB