SPDX Sept General Meeting Minutes
|
Phil Odence
General Meeting/Minutes/2019-09-05< General Meeting | Minutes · Attendance: 17 · Lead by Phil Odence · Minutes of Aug meeting approved
Contents[hide] · 1 Special Presentations - Hiro Fukuchi, Sony · 3 Legal Team Report - Jilayne/Paul/Steve · 4 Outreach Team Report - Jack Special Presentations - Hiro Fukuchi, Sony[edit]· SPDX- Lite · Open Chain Japan Work Group · Member companies- Toyota, Denso, Panasonic, Pioneer, Sony, Fujitsu, Olympus, Renesas · Common Problem- Can’t get OSS information from suppliers (HW vendors, ODMs, SOC, partners…in Asia (China/Taiwan) and Japan · They don’t have complete information · Don’t have the tools to generate and evaluate · SPDX Lite is part of guidelines · Fits in at a fairly high level of maturity · OpenChain - “Making Process” · SPDX (and OSS tooling) - “Improving Process” · Most suppliers are at low levels of maturity · Looking not to fork, but to expand usage of SPDX Lite · Lite Description · Subset of SPDX · Minimum requirement · Can be manually generated · Proved in actual business use · Scenarios · 1 Unskilled suppliers · Useful at a lower level of maturity than SPDX requires · 2 Non-engineering Staff · More understandable by Legal and Procurement staff. · Skilled suppliers would still use full SPDX · OpenChain compliant suppliers would be sophisticated enough · Question: Is SPDX Lite fully SPDX compliant · Yes, all mandatory fields are included in SPDX Lite plus some of the optional fields may be included. Tech Team Report - Gary[edit]· Spec · Being worked in a GitHub repo · Set up for pull requests for 2.2 · Anyone who has ideas or proposed changes, please submit as a pull request · One in place is SPDX Lite · Proposal is as an Appendix · Thought is a profile for a specific use case · Could be first of a number of profiles · Tools · Successful conclusion to GSoC · All passed · A number of new libraries including Python, Golang · Mentors and students were great · Record number of projects · Challenge now is integrating and putting into production · All legal team tools have been submitted as pull requests · Should be up and running in a month or so. Legal Team Report - Jilayne/Paul/Steve[edit]· Legal Team License Submittal Demo (GSoC) · Video and minutes available · Need to update contribution instructions · Team call today · License List · 3.7 release at end of month · Fewer licenses in release that some recents · Recent discussions have been more high level on principles than specific licenses
Outreach Team Report - Jack[edit]· Survey · Has been out for a few months · 37 responses so far · Will make one more pass · Looking at presenting at Gen Meeting in Nov · Philipe has been talking to the Python community about using SPDX License IDs and expressions in Python package manifest · Could be a model for other communities · …some of which have been using formally or informally · Potentially high leverage · RUST and Go are using sporadically Cross Functional -[edit]· None Attendees[edit]· Phil Odence, Black Duck/Synopsys · Steve Winslow, LF · Gary O’Neall, SourceAuditor · Jack Manbeck, TI · Nicolas Toussaint, Orange · Mark Atwood, Amazon · Jilayne Lovejoy, Canonical · Hiro Fukuchi, Sony · Shinsuke Kato, Panasonic · Philippe Ombrédanne- nexB · Michael Herzog, NexB · Patrice-Emmanuel Schmitz, Trasys International, European Commission · Richard Fontana, Red Hat · Mark Baushke, Juniper · Paul Madick, Dimension Data · Nisha Kumar, VMWare · David Marr, Qualcomm
|
|
|