SPDX Sept General Meeting Minutes
General Meeting/Minutes/2019-09-05
< General Meeting | Minutes
· Attendance: 17
· Lead by Phil Odence
· Minutes of Aug meeting approved
Contents
[hide]
· 1 Special Presentations - Hiro Fukuchi, Sony
· 3 Legal Team Report - Jilayne/Paul/Steve
· 4 Outreach Team Report - Jack
Special Presentations - Hiro Fukuchi, Sony[edit]
· SPDX- Lite
· Open Chain Japan Work Group
· Member companies- Toyota, Denso, Panasonic, Pioneer, Sony, Fujitsu, Olympus, Renesas
· Common Problem- Can’t get OSS information from suppliers (HW vendors, ODMs, SOC, partners…in Asia (China/Taiwan) and Japan
· They don’t have complete information
· Don’t have the tools to generate and evaluate
· SPDX Lite is part of guidelines
· Fits in at a fairly high level of maturity
· OpenChain - “Making Process”
· SPDX (and OSS tooling) - “Improving Process”
· Most suppliers are at low levels of maturity
· Looking not to fork, but to expand usage of SPDX Lite
· Lite Description
· Subset of SPDX
· Minimum requirement
· Can be manually generated
· Proved in actual business use
· Scenarios
· 1 Unskilled suppliers
· Useful at a lower level of maturity than SPDX requires
· 2 Non-engineering Staff
· More understandable by Legal and Procurement staff.
· Skilled suppliers would still use full SPDX
· OpenChain compliant suppliers would be sophisticated enough
· Question: Is SPDX Lite fully SPDX compliant
· Yes, all mandatory fields are included in SPDX Lite plus some of the optional fields may be included.
Tech Team Report - Gary[edit]
· Spec
· Being worked in a GitHub repo
· Set up for pull requests for 2.2
· Anyone who has ideas or proposed changes, please submit as a pull request
· One in place is SPDX Lite
· Proposal is as an Appendix
· Thought is a profile for a specific use case
· Could be first of a number of profiles
· Tools
· Successful conclusion to GSoC
· All passed
· A number of new libraries including Python, Golang
· Mentors and students were great
· Record number of projects
· Challenge now is integrating and putting into production
· All legal team tools have been submitted as pull requests
· Should be up and running in a month or so.
Legal Team Report - Jilayne/Paul/Steve[edit]
· Legal Team License Submittal Demo (GSoC)
· Video and minutes available
· Need to update contribution instructions
· Team call today
· License List
· 3.7 release at end of month
· Fewer licenses in release that some recents
· Recent discussions have been more high level on principles than specific licenses
Outreach Team Report - Jack[edit]
· Survey
· Has been out for a few months
· 37 responses so far
· Will make one more pass
· Looking at presenting at Gen Meeting in Nov
· Philipe has been talking to the Python community about using SPDX License IDs and expressions in Python package manifest
· Could be a model for other communities
· …some of which have been using formally or informally
· Potentially high leverage
· RUST and Go are using sporadically
Cross Functional -[edit]
· None
Attendees[edit]
· Phil Odence, Black Duck/Synopsys
· Steve Winslow, LF
· Gary O’Neall, SourceAuditor
· Jack Manbeck, TI
· Nicolas Toussaint, Orange
· Mark Atwood, Amazon
· Jilayne Lovejoy, Canonical
· Hiro Fukuchi, Sony
· Shinsuke Kato, Panasonic
· Philippe Ombrédanne- nexB
· Michael Herzog, NexB
· Patrice-Emmanuel Schmitz, Trasys International, European Commission
· Richard Fontana, Red Hat
· Mark Baushke, Juniper
· Paul Madick, Dimension Data
· Nisha Kumar, VMWare
· David Marr, Qualcomm