FW: Thursday SPDX General Meeting
|
Philip Odence
No special guest star this month, so plan on a <30minute meeting.
Note: I only just realized that I neglected to publish the minutes from the August meeting, so I am including at the bottom.
GENERAL MEETING
Meeting Time: Thurs, Aug 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the call: https://www.uberconference.com/katestewart Optional dial in number: 877-297-7470 Alternate number: 512-910-4433 No PIN needed
Administrative Agenda Attendance Minutes Approval http://wiki.spdx.org/view/General_Meeting/Minutes/2016-08-04
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Business Team Report – Jack
Cross Functional Issues – Phil
General Meeting/Minutes/2016-08-04 < General Meeting | Minutes Jump to: navigation, search • Attendance: 12 • Lead by Phil Odence • Minutes of July meeting approved
Contents [hide] 1 Special Guest - Alexios Zavras, Intel 2 Tech Team Report - Kate 3 Outreach Team Report - Jack 4 Legal Team Report - Jilayne 5 Cross Functional Topics - Phil 6 Attendees Special Guest - Alexios Zavras, Intel[edit] • His role is open source compliance at Intel, based in Munich • Now at open source tech center • Will be talking about his previous role with Intel Mobile Comms • Mobile Comms • Based in Germany • Germans are very process-oriented, well-documented • His role was SW legal compliance. • Ensuring all software legally compliant across all kinds of software • They treat all compliance issues as a bug, just like any problem in the software • Alexis learned of SPDX and was very pleased and excited about it • Didn’t manage to get everything SPDX based • Started slowly • SPDX is very valuable at many levels • Even just the license list and standard way of expressing was very helpful • Quickly standardized on SPDX notations and it started appearing in their documentation etc • Included in training that was mandatory for SW devs and later extended to marketing, legal, biz dev • Everyone who touches software had to take on-line course with a deeper course available for some • Have developed number of tools, tightly coupled with dev environment • All developed internally • very tightly controlled, eg can’t check out code without a ticket • Tool chain includes license compliance • Central team provides compliance services to dev • too much for all devs to worry about • Fits with org structure • Internal teams reviews all code • Started small, then more widespread and more automated • Today every release goes though this license compliance check • Requires ‘stamp of approval’ from central team • To make the central team more efficient • Save all results • Including many of the SPDX fields • Saved in database • Last step, not yet taken, is to generate an SPDX doc for each release • Just held up by organizational issues, technically feasible • Being worked on • Have started getting the request from customers • Not mentioning SPDX by name, have not seen that yet, • but asking for data that SPDX covers, files, license, etc • (both are with Euro customers) • When they generate SPDX • Permissive license require attribution • They’ve had an issue with that going back 5 years • Their policy to handle is to deliver all OSS in source form • So, therefore include attribution in comments • They include a list of open source and model licenses, but the attribution is all in source code • Example- Modem company • Intel provides chips and software in binary form • Packaging: With binary they include • all source for open source in binary • And, list of conditions for any 3td party proprietary code • Are they being asked for security vulnerabilities associated with components • Not yet, but they are thinking about it with respect to naming (CPEs, etc) • AZ- “Thanks for the wonderful work. It’s really helpful.”
Tech Team Report - Kate[edit] • Spec • Collecting feedback • Addressing as it comes it • Gary has taken a pass at updating tools • In the polishing stage • One more round of feedback • Into publishing mode as of Tuesday • Bake Offs • Possible SF 9/27 and Europe at LCon • Needs to be nailed down in the next couple week. Outreach Team Report - Jack[edit] • Website • Still working this week • Will review at next week’s meeting • Should be close with go live; shooting for Linux Con NA • Still looking for some improvements that will require work from the Linux Foundation team • No show stoppers • Will send out link for review Legal Team Report - Jilayne[edit] • XML review • Still plugging away • Timeline set • 2.5 release • Just a few licenses • Aiming for end of Oct • See Legal Team meeting mins for detail • Could use all the help they can get; lots to do • To review new XML master format for every license
Cross Functional Topics - Phil[edit] • Guest stars • Always looking for more
Attendees[edit] • Phil Odence, Black Duck • Alexios Zavras, Intel • Kate Stewart, Linux Foundation • Jilayne Lovejoy, ARM • Scott Sterling, Palamida • Robin Gandhi, UNO • Jack Manbeck, TI • Yev Bronshteyn, Black Duck • Matt Germonprez, UNO • Michael Herzog- nexB • Georg Link, UNO • Mike Dolan, Linux Foundation • NewPP limit report CPU time usage: 0.009 seconds Real time usage: 0.011 seconds Preprocessor visited node count: 23/1000000 Preprocessor generated node count: 28/1000000 Post‐expand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Highest expansion depth: 2/40 Expensive parser function count: 0/100 Saved in parser cache with key spdx_mwiki:pcache:idhash:1048-0!*!*!!en!*!* and timestamp 20160830122940 and revision id 3956
|
|
|