August SPDX General Meeting Minutes

Phil Odence


General Meeting/Minutes/2018-08-02

< General Meeting‎ | Minutes

·         Attendance: 12

·         Lead by Phil Odence

·         Minutes of July meeting approved 



·         1 Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi

·         2 Tech Team Report - Kate/Gary

·         3 Legal Team Report - Jilayne/Paul

·         4 Outreach Team Report - Jack

·         5 Attendees

Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi[edit]

·         Idea- Automatically generating SPDX docs as part of CI process

·         Scope

·         Focused on Travis CI, NPM and Python

·         Demo

·         Add an install and SPDX build script to build script

·         And some statements to push the SPDX docs to the repo

·         Future extensions

·         Pushing to GItHub as a commit

·         Other CI systems

·         Has been designed generically enough to be extensible to other languages and environments


Tech Team Report - Kate/Gary[edit]

·         Tooling

·         Mostly GSoC work

·         License XML Editor

·         Gary posting new version today

·         If you want to test, make it clear that these are tests, to make clear in the pull requests

·         Spec work

·         Working for consistency in external identifiers

·         Interest coming up from security community

·         SWID

·         NTIA conference that featured SPDX

·         Working in interop and SPDX standardization

·         Looking at spinning up a security subgroup

·         Interest from US House and Senate in a SW BoM and SPDX is on the docket

·         NIST and other organizations are involved in the background 


Legal Team Report - Jilayne/Paul[edit]

·         3.2 is out

·         Some clean up of old issues in process

·         Request to that legal folks try out Tushar’s tool

·         Exceptions

·         The term is imperfect as it handles some items that are not “exceptions” per se

·         Patent grants, for example

·         Considering changing the term to be more neutral and inclusive

·         “Modifiers” maybe? 

·         Will send an email to a wide audience get people thinking about it and set up a special meeting


Outreach Team Report - Jack[edit]

·         Website

·         Making more sense of the License List and Documents section

·         Shane Coughlin, from Open Chain, is getting involved

·         Outreach to companies

·         New time for Outreach calls is 7pm EDT

·         (Shane is in Japan)

·         OSS Summit

·         Backoff on the Tuesday

·         And a session on Consuming SPDX



·         Phil Odence, Black Duck/Synopsys

·         Ndip Tanyi, Alberta University

·         Tushar Mittal, GSoC Student

·         Gary O’Neall, SourceAuditor

·         Yash Nisar, GSoC Student

·         Jack Manbeck, TI

·         Steve Winslow, LF

·         Jilayne Lovejoy, ARM

·         Paul Madick, Dimension Data

·         Mike Dolan, Linux Foundation

·         Matije Suklje, Liferay

·         Mark Atwood, Amazon