spdx@lists.spdx.org | FW: Thursday SPDX General Meeting

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

FW: Thursday SPDX General Meeting

Philip Odence

No special guest star this month, so plan on a <30minute meeting.

Note: I only just realized that I neglected to publish the minutes from the August meeting, so I am including at the bottom.

GENERAL MEETING

Meeting Time: Thurs, Aug 4, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:

Join the call: https://www.uberconference.com/katestewart

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed

Administrative Agenda

Attendance

Minutes Approval http://wiki.spdx.org/view/General_Meeting/Minutes/2016-08-04

Technical Team Report – Kate/Gary

Legal Team Report – Jilayne/Paul

Business Team Report – Jack

Cross Functional Issues – Phil

General Meeting/Minutes/2016-08-04

< General Meeting‎ | Minutes

Jump to: navigation, search

• Attendance: 12

• Lead by Phil Odence

• Minutes of July meeting approved

Contents [hide]

1 Special Guest - Alexios Zavras, Intel

2 Tech Team Report - Kate

3 Outreach Team Report - Jack

4 Legal Team Report - Jilayne

5 Cross Functional Topics - Phil

6 Attendees

Special Guest - Alexios Zavras, Intel[edit]

• His role is open source compliance at Intel, based in Munich

• Now at open source tech center

• Will be talking about his previous role with Intel Mobile Comms

• Mobile Comms

• Based in Germany

• Germans are very process-oriented, well-documented

• His role was SW legal compliance.

• Ensuring all software legally compliant across all kinds of software

• They treat all compliance issues as a bug, just like any problem in the software

• Alexis learned of SPDX and was very pleased and excited about it

• Didn’t manage to get everything SPDX based

• Started slowly

• SPDX is very valuable at many levels

• Even just the license list and standard way of expressing was very helpful

• Quickly standardized on SPDX notations and it started appearing in their documentation etc

• Included in training that was mandatory for SW devs and later extended to marketing, legal, biz dev

• Everyone who touches software had to take on-line course with a deeper course available for some

• Have developed number of tools, tightly coupled with dev environment

• All developed internally

• very tightly controlled, eg can’t check out code without a ticket

• Tool chain includes license compliance

• Central team provides compliance services to dev

• too much for all devs to worry about

• Fits with org structure

• Internal teams reviews all code

• Started small, then more widespread and more automated

• Today every release goes though this license compliance check

• Requires ‘stamp of approval’ from central team

• To make the central team more efficient

• Save all results

• Including many of the SPDX fields

• Saved in database

• Last step, not yet taken, is to generate an SPDX doc for each release

• Just held up by organizational issues, technically feasible

• Being worked on

• Have started getting the request from customers

• Not mentioning SPDX by name, have not seen that yet,

• but asking for data that SPDX covers, files, license, etc

• (both are with Euro customers)

• When they generate SPDX

• Permissive license require attribution

• They’ve had an issue with that going back 5 years

• Their policy to handle is to deliver all OSS in source form

• So, therefore include attribution in comments

• They include a list of open source and model licenses, but the attribution is all in source code

• Example- Modem company

• Intel provides chips and software in binary form

• Packaging: With binary they include

• all source for open source in binary

• And, list of conditions for any 3td party proprietary code

• Are they being asked for security vulnerabilities associated with components

• Not yet, but they are thinking about it with respect to naming (CPEs, etc)

• AZ- “Thanks for the wonderful work. It’s really helpful.”

Tech Team Report - Kate[edit]

• Spec

• Collecting feedback

• Addressing as it comes it

• Gary has taken a pass at updating tools

• In the polishing stage

• One more round of feedback

• Into publishing mode as of Tuesday

• Bake Offs

• Possible SF 9/27 and Europe at LCon

• Needs to be nailed down in the next couple week.

Outreach Team Report - Jack[edit]

• Website

• Still working this week

• Will review at next week’s meeting

• Should be close with go live; shooting for Linux Con NA

• Still looking for some improvements that will require work from the Linux Foundation team

• No show stoppers

• Will send out link for review

Legal Team Report - Jilayne[edit]

• XML review

• Still plugging away

• Timeline set

• 2.5 release

• Just a few licenses

• Aiming for end of Oct

• See Legal Team meeting mins for detail

• Could use all the help they can get; lots to do

• To review new XML master format for every license

Cross Functional Topics - Phil[edit]

• Guest stars

• Always looking for more

Attendees[edit]

• Phil Odence, Black Duck

• Alexios Zavras, Intel

• Kate Stewart, Linux Foundation

• Jilayne Lovejoy, ARM

• Scott Sterling, Palamida

• Robin Gandhi, UNO

• Jack Manbeck, TI

• Yev Bronshteyn, Black Duck

• Matt Germonprez, UNO

• Michael Herzog- nexB

• Georg Link, UNO

• Mike Dolan, Linux Foundation

• NewPP limit report CPU time usage: 0.009 seconds Real time usage: 0.011 seconds Preprocessor visited node count: 23/1000000 Preprocessor generated node count: 28/1000000 Post‐expand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Highest expansion depth: 2/40 Expensive parser function count: 0/100 Saved in parser cache with key spdx_mwiki:pcache:idhash:1048-0!*!*!!en!*!* and timestamp 20160830122940 and revision id 3956

1 - 1 of 1

Previous Topic Next Topic

Home Hashtags Subgroups Terms