- Attendance: 12
- Lead by Phil Odence
- Minutes of August meeting approved
Open Compliance Program - Kate
- Motivations for relaunch:
- Information on the web site is stale. (FOSSbazaar community isn't active anymore, etc.)
- Recognition we need to make useful information more accessible to developers
- The OSS world is changing- cybersecurity for example
- FOSSology is coming into LF as a project
- What’s happening
- New look, new content
- Highlighting open standards that help with compliance
- Funneling people to projects and workgroups
- Highlighting OSS and commercial tools that support SPDX
- FOSSology will help with upstream adoption
- Hope is to attract developers
- Updating educational materials
- Currently only targeted at large organizations
- Putting the focus on what the developers need to know and will find useful.
- Will be rolled out and announced in first part of Q4
- New logos and branding for compliance
- Target to get SPDX pages lined up to take advantage by start of October.
- Current pillar approach will persist, but details under will change/consolidate
- New Logo for SPDX
- Group preference is for Option 2
- Kate is looking for help in identifying companies and products using SPDX and the License List
- Please send Kate pointer to any projects you're aware of that consume or produce SPDX
- Jack suggested starting with what's on the SPDX page, and building up from there.
- Would like to get 2.0 spec rendered as a web page
- Jack has starting point, Kate volunteers to help clean up
- Discussion as to future representations of spec.
- LF will help with other aspects of branding now that logo decision made.
- Powerpoint templates, etc.
- Style guide, fonts, etc?
- LC Europe Add on Event
- Supply chain mini summit on October 8
- Stefano will present on Debsource DB work
- Also presenting will be Uday from UNO
- Rough agenda and signup sheet will be going up soon
Tech Team Report - Kate
- New development over the summer
- Debsources DB now generating SPDX. work done as GSOC project by Orestis advised by Stefano Zacchiroli
- some discussion about adding sha256 as alternative to sha1 for manditory field.
- 2.1 Progress
- External package proposal from Yev reviewed and is slated to be included.
- External ID proposal has some feedback on Debian Repository aspect which will be discussed on spdx-tech list
- Some further work on Security inclusion for 2.1
- Snippet work coming back to the fore of active discussions.
Legal Team Report - Jilayne
- Some bug reports on template markups
- Maintenance is getting burdensome
- Triggered discussion about how to set License List up for multiple contributions
- Somewhat like an open source project
- Active work going on to define how it would work
- Other discussions
- MarkG working on proposal for handling standard headers
- Mark up existing
- Concept of suggested header for licenses that don’t have standard
Biz Team Report - Jack
- Mostly focused on website changes
Cross Functional Topics - Phil
- Phil Odence, Black Duck
- Mark Gisi, Wind River
- Scott Sterling, Palamida
- Kate Stewart, Linux Foundation
- Jack Manbeck, TI
- Michael Herzog- nexB
- Pierre LaPointe, nexB
- Yev Bronshteyn, Black Duck
- Jilayne Lovejoy, ARM
- Hassib Khanafer, Protecode
- Matt Germonprez, UNO
- Brian Gartner, SuSE