SPDX Sept General Meeting Minutes

Phil Odence

General Meeting/Minutes/2019-09-05

< General Meeting‎ | Minutes

·         Attendance: 17

·         Lead by Phil Odence

·         Minutes of Aug meeting approved 




·         1 Special Presentations - Hiro Fukuchi, Sony

·         2 Tech Team Report - Gary

·         3 Legal Team Report - Jilayne/Paul/Steve

·         4 Outreach Team Report - Jack

·         5 Cross Functional -

·         6 Attendees

Special Presentations - Hiro Fukuchi, Sony[edit]

·         SPDX- Lite

·         Open Chain Japan Work Group

·         Member companies- Toyota, Denso, Panasonic, Pioneer, Sony, Fujitsu, Olympus, Renesas

·         Common Problem- Can’t get OSS information from suppliers (HW vendors, ODMs, SOC, partners…in Asia (China/Taiwan) and Japan

·         They don’t have complete information

·         Don’t have the tools to generate and evaluate

·         SPDX Lite is part of guidelines

·         Fits in at a fairly high level of maturity

·         OpenChain - “Making Process”

·         SPDX (and OSS tooling) - “Improving Process”

·         Most suppliers are at low levels of maturity

·         Looking not to fork, but to expand usage of SPDX Lite

·         Lite Description

·         Subset of SPDX

·         Minimum requirement

·         Can be manually generated

·         Proved in actual business use

·         Scenarios

·         1 Unskilled suppliers

·         Useful at a lower level of maturity than SPDX requires

·         2 Non-engineering Staff

·         More understandable by Legal and Procurement staff.

·         Skilled suppliers would still use full SPDX

·         OpenChain compliant suppliers would be sophisticated enough

·         Question: Is SPDX Lite fully SPDX compliant

·         Yes, all mandatory fields are included in SPDX Lite plus some of the optional fields may be included.

Tech Team Report - Gary[edit]

·         Spec

·         Being worked in a GitHub repo

·         Set up for pull requests for 2.2

·         Anyone who has ideas or proposed changes, please submit as a pull request

·         One in place is SPDX Lite

·         Proposal is as an Appendix

·         Thought is a profile for a specific use case

·         Could be first of a number of profiles

·         Tools

·         Successful conclusion to GSoC

·         All passed

·         A number of new libraries including Python, Golang

·         Mentors and students were great

·         Record number of projects

·         Challenge now is integrating and putting into production

·         All legal team tools have been submitted as pull requests

·         Should be up and running in a month or so.

Legal Team Report - Jilayne/Paul/Steve[edit]

·         Legal Team License Submittal Demo (GSoC)

·         Video and minutes available

·         Need to update contribution instructions

·         Team call today

·         License List

·         3.7 release at end of month

·         Fewer licenses in release that some recents

·         Recent discussions have been more high level on principles than specific licenses


Outreach Team Report - Jack[edit]

·         Survey

·         Has been out for a few months

·         37 responses so far

·         Will make one more pass

·         Looking at presenting at Gen Meeting in Nov

·         Philipe has been talking to the Python community about using SPDX License IDs and expressions in Python package manifest

·         Could be a model for other communities

·         …some of which have been using formally or informally

·         Potentially high leverage

·         RUST and Go are using sporadically

Cross Functional -[edit]

·         None


·         Phil Odence, Black Duck/Synopsys

·         Steve Winslow, LF

·         Gary O’Neall, SourceAuditor

·         Jack Manbeck, TI

·         Nicolas Toussaint, Orange

·         Mark Atwood, Amazon

·         Jilayne Lovejoy, Canonical

·         Hiro Fukuchi, Sony

·         Shinsuke Kato, Panasonic

·         Philippe Ombrédanne- nexB

·         Michael Herzog, NexB

·         Patrice-Emmanuel Schmitz, Trasys International, European Commission

·         Richard Fontana, Red Hat

·         Mark Baushke, Juniper

·         Paul Madick, Dimension Data

·         Nisha Kumar, VMWare

·         David Marr, Qualcomm