https://wiki.spdx.org/api.php?action=feedcontributions&feedformat=atom&user=JackMSPDX Wiki - User contributions [en]2026-05-07T12:08:42ZUser contributionsMediaWiki 1.23.13https://wiki.spdx.org/view/Outreach_TeamOutreach Team2021-06-07T13:55:03Z<p>JackM: </p>
<hr />
<div>This is the working area for the Outreach (formally Business) Team. This team has primary responsibility for go-to-market activities of SPDX, including: launch activities for new versions of the SPDX specification; outreach; participation in events; and the SPDX website.<br />
<br />
<br />
* [[Business_Team/Priorities|Current Priorities and Work in Progress for the Outreach Team]]<br />
* [[Business_Team/Minutes|Meeting Minutes for the Outreach Team]]<br />
* [[Business_Team/Old|Older Items for the Outreach Team]]<br />
* [[SPDX_FAQ|SPDX FAQs]]<br />
<br />
[[Category:Business]]</div>JackMhttps://wiki.spdx.org/view/File:Spdx-spec.zipFile:Spdx-spec.zip2019-06-04T12:33:14Z<p>JackM: proposed changes to generate PDF for 2.1.1</p>
<hr />
<div>proposed changes to generate PDF for 2.1.1</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2019-04-01T15:47:35Z<p>JackM: /* SPDX Specification in PDF and HTML */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2019 SPDX Google Summer of Code Project Page'''</span><br />
<br />
See the [https://rtgdk.github.io/spdx-gsoc-proposal.html proposal template] if you are interested in submitting a Google Summer of Code proposal.<br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
==Registry for License List Namespaces==<br />
Build automation for a GitHub repository to support registration of license namespaces to support the following workflow:<br />
* User submits a request for a new license namespace<br />
** The namespace can be a dns-style request or a free-format namespace (e.g. .org.spdx.ad-hoc-licenses or this-is-my-licenses)<br />
* User includes optional information for a URL with additional information for the namespace<br />
* User includes optional information on the submitter name and email<br />
* User agrees that the information will be publicly shared per the terms of the Linux Foundation privacy policy<br />
* A check is made that the namespace is not already in use<br />
* A pull request is created for the new namespace<br />
* A committer to the namespace repository accepts the pull request<br />
* When accepted, the namespace is published to a known website<br />
* REST based API's are available to query the namespace repository<br />
<br />
The automation can be built as a function of the SPDX online tools or as an independent tool or as extensions to GitHub.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python or JavaScript language<br />
* Understanding of GitHub API's<br />
* Ability to work with the user community in refining requirements<br />
* UI development<br />
* REST API development<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This enhancement has been documented in the [https://github.com/spdx/spdx-spec/issues SPDX specification issues list]. This project automates the registration and management of the namespaces.<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Develop a Distributed License Repository Application==<br />
Develop an application which accepts license text and adds it to a repository of licenses stored in a GitHub repository. The interface the application would be a REST API. There would be optional storage of a license in a GitHub repository. The application would support the following use cases:<br />
* See if a license text has already been registered or if license text is already on the [https://spdx.org/licenses SPDX License List]. If so, the ID would be returned.<br />
* Add externally referenced SPDX documents containing license definitions. When added, each license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Add a license text to a known git repository. Input would be license text, license name, proposed license ID, optional license namespace, optional comment, optional creator. This would be stored as an SPDX document which defines the license. There would be one document per license. When added, the license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Promote a license to the license list - this would call the REST API's for the online tool to add a license to the SPDX license list.<br />
* Remove a license reference. This would also update the license aliases.<br />
* [Optional] Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python, Java or JavaScript language<br />
* Understanding of Github API's<br />
* Ability to work with the user community in refining requirements<br />
* REST API development<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This proposal is to provide a method of comparing, tracking and storing licenses which are not currently proposed to be on the SPDX license list. It would likely be used by a front end UI and by other external tools.<br />
<br />
==Enhanced Workflow for Online License Request==<br />
Update the SPDX Online Tools license submit feature to support the following workflow:<br />
* License submit can be initiated directly from the UI or through an external application (e.g. the [https://github.com/spdx/spdx-license-diff SPDX License Diff browser plugin]) using a documented API<br />
* License text is compared to the currently approved license list<br />
** If matched, the SPDX ID is returned and the user is informed that the license already exists<br />
* License is compared to all submitted yet not approved licenses<br />
** If matched, the user is informed the license is already submitted and is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to all submitted and rejected licenses<br />
** If a match is found, the user is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to the existing license list using an algorithm which finds close matches (SPDX License Diff is an example)<br />
** If an existing license is close, a diff view will show the word differences<br />
** The user is presented with a choice of adding an issue for the nearly matching license stating that the license should match<br />
*** If the user chooses to add the issue, the license text will be added to the issue requesting a change to the license XML to allow the match<br />
*** We could also implement suggested XML markup (e.g. alt or optional text) to make the licenses match - NOTE: This may be a technically challenging feature to implement<br />
* If the user wants to submit a new license request, the information is captured and processed by the SPDX legal team through [https://github.com/spdx/license-list-XML GitHub]<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Experience proposing spec changes<br />
* Understanding of Github API's<br />
* Experience in XML parsing<br />
<br />
====Background Information====<br />
The SPDX legal team uses an online request process for new license requests. This feature was implemented by a GSoC student in 2018. Extending the functionality to check for duplicate requests and checking for near matches would greatly improve the efficiency of the license request and approval process.<br />
<br />
This project would require significant interaction with the users of the tool (the SPDX legal team) and would have some interesting technical challenges in storing and matching text. The optional feature of suggesting XML markup for near matches could involve sophisticated matching techniques to find the appropriate text to include as optional or alternate.<br />
<br />
The current SPDX license list request process is documented in the [https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md License List XML contributing page].<br />
<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Update Parser Libraries for Golang ==<br />
A new Golang library has recently been added to the SPDX tools, at [https://github.com/spdx/tools-golang]. This tool updated the SPDX Golang libraries to the SPDX 2.1 specification. This tool has several opportunities for improvement and adding features.<br />
====Skills Needed====<br />
* Development skills in the Golang language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX documents. A recent new tool has been added for parsing, generating and working with SPDX documents in Golang [https://github.com/spdx/tools-golang]. Opportunities for improving and adding features to this tool include the following:<br />
* adding support for the official RDF format<br />
* experimenting with support for other formats, such as JSON, YAML and XML <br />
* enabling support for parsing and generation of documents under pre-2.1 versions of the SPDX spec<br />
<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Additional Format Support for the Python Libraries==<br />
Add the ability to read and write XML, JSON, and YAML formats of the SPDX documents.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Understanding of XML, JSON and YAML<br />
<br />
====Background Information====<br />
SPDX 2.1 specification supports reading and writing RDF/XML and a tag/value format for SPDX documents. Version 2.2 of the specification will add support for XML, JSON and YAML. The Python libraries currently support reading and writing the RDF/XML and tag/value. This project would extend the parsing and file generation capabilities of the python libraries to include XML, JSON and YAML format. <br />
<br />
The current python libraries are in the [[https://github.com/spdx/tools-python SPDX python tools git repository]]<br />
<br />
====Available Mentors====<br />
[mailto:tetechris20@gmail.com Krys Nuvadga], [mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in PDF and HTML ==<br />
<br />
We need to generate both HTML and PDF versions of the SPDX Specification from [https://www.markdownguide.org/ Markdown (MD)]. The default is English but going forward we envision other language translations as well so they would need to be accounted for in the overall structure and approach.<br />
<br />
What we need going forward is:<br />
<br />
* The ability to generate both an HTML and PDF document for every released version of the specification. This would be a final copy that should should not be re-rendered. <br />
* The ability to display "real time" draft versions of the specification in HTML. This means changes to the specification via commits to GIT for that version should be shown, More than one draft version should be able to be displayed in this fashion. That means we could be rendering draft version 3.1 and draft version 4.0. We do not need this in PDF.<br />
* For the PDF version we will need a cover page, page numbers, TOC, header and footer. Internal document references should work (see the background). The ideal solution will be to come up with something that works for both the HTML and PDF versions un-changed but some automated post processing for the PDF is okay and changing how th elinks are done in the MD is viable as well.<br />
* The default is English but going forward we envision other language translations as well for the HTML and PDF so they would need to be accounted for in the overall structure and approach.<br />
* The specifications are currently released on branches today. The structure of the GIT may need some changes to accommodate language versions and the PDF.<br />
<br />
Other approaches than what we are using in the background can be suggested and used if they meet the requirements above, particularly for internal document links.<br />
<br />
====Skills Needed====<br />
* Understanding of documentation tooling: Markdown, HTML, mkdocs, etc.,.<br />
* Familiarity with GIT and github API's<br />
<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] has been moved to markdown on at https://github.com/spdx/spdx-spec<br />
and now generates an HTML version at: https://spdx.github.io/spdx-spec<br />
<br />
If you look at the SPDX GitHub today it shows the 2.1 SPDX specification nicely as HTML. This is done using a Travis VM, GitHub Pages and markdown. Mkdocs is used to generate the HTML pages. You can look at the scripts in the GIT. What we need going forward is a way to generate both a PDF version and HTML and for each draft and release version of the specification.<br />
<br />
For the 2.1.1 specification we are currently using [https://pandoc.org/ pandoc] and [https://wkhtmltopdf.org/ wkhtmltopdf] to generate a PDF specification. This is currently being done offline. In doing this we need to combine the MD documents as each chapter in the specification is a separate MD document. That would work ecept there are internal links that go between the MD documents; e.g. xxxxxx/chapter4.md. These links are broken on conversion to the PDF so a solution for both HTML and PDF needs to be found. <br />
<br />
A potential approach other than pandoc and wkhtmltopdf to consider for the PDF is at https://github.com/tombensve/MarkdownDoc.<br />
<br />
====Available Mentors====<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Document Generator for projects using SPDXIDs ==<br />
As more projects start to use SPDXIDs at the file level it becomes much simpler to generate SPDX docs for them from a python script. <br />
====Skills Needed ====<br />
* Ability to program in python<br />
====Background Information ====<br />
Forward thinking open source projects are adopting SPDXIDs in source files (initially U-Boot, but now much wider use like Zephyr, Linux Kernel, etc.) <br />
With these easy to find "SPDX-License-Identifier:" strings, generating an SPDX document for a project is a matter of iterating over<br />
the files in a project and extracting the information from these SPDXIDs and calculating checksums. <br />
Creating an open source tool to do this will aid these projects in generating accurate SBOM information at release time.<br />
This tool should be implemented as a command line, so it can be incorporated into builds, and options can be added. <br />
Goal is that projects that use SPDX identifiers can automatically generate a SPDX document as a Software Bill of Materials <br />
(SBOM) on demand (build, release, etc.).<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:saiudayshankar@gmail.com Uday Shankar]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2019-04-01T15:43:06Z<p>JackM: /* SPDX Specification in PDF and HTML */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2019 SPDX Google Summer of Code Project Page'''</span><br />
<br />
See the [https://rtgdk.github.io/spdx-gsoc-proposal.html proposal template] if you are interested in submitting a Google Summer of Code proposal.<br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
==Registry for License List Namespaces==<br />
Build automation for a GitHub repository to support registration of license namespaces to support the following workflow:<br />
* User submits a request for a new license namespace<br />
** The namespace can be a dns-style request or a free-format namespace (e.g. .org.spdx.ad-hoc-licenses or this-is-my-licenses)<br />
* User includes optional information for a URL with additional information for the namespace<br />
* User includes optional information on the submitter name and email<br />
* User agrees that the information will be publicly shared per the terms of the Linux Foundation privacy policy<br />
* A check is made that the namespace is not already in use<br />
* A pull request is created for the new namespace<br />
* A committer to the namespace repository accepts the pull request<br />
* When accepted, the namespace is published to a known website<br />
* REST based API's are available to query the namespace repository<br />
<br />
The automation can be built as a function of the SPDX online tools or as an independent tool or as extensions to GitHub.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python or JavaScript language<br />
* Understanding of GitHub API's<br />
* Ability to work with the user community in refining requirements<br />
* UI development<br />
* REST API development<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This enhancement has been documented in the [https://github.com/spdx/spdx-spec/issues SPDX specification issues list]. This project automates the registration and management of the namespaces.<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Develop a Distributed License Repository Application==<br />
Develop an application which accepts license text and adds it to a repository of licenses stored in a GitHub repository. The interface the application would be a REST API. There would be optional storage of a license in a GitHub repository. The application would support the following use cases:<br />
* See if a license text has already been registered or if license text is already on the [https://spdx.org/licenses SPDX License List]. If so, the ID would be returned.<br />
* Add externally referenced SPDX documents containing license definitions. When added, each license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Add a license text to a known git repository. Input would be license text, license name, proposed license ID, optional license namespace, optional comment, optional creator. This would be stored as an SPDX document which defines the license. There would be one document per license. When added, the license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Promote a license to the license list - this would call the REST API's for the online tool to add a license to the SPDX license list.<br />
* Remove a license reference. This would also update the license aliases.<br />
* [Optional] Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python, Java or JavaScript language<br />
* Understanding of Github API's<br />
* Ability to work with the user community in refining requirements<br />
* REST API development<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This proposal is to provide a method of comparing, tracking and storing licenses which are not currently proposed to be on the SPDX license list. It would likely be used by a front end UI and by other external tools.<br />
<br />
==Enhanced Workflow for Online License Request==<br />
Update the SPDX Online Tools license submit feature to support the following workflow:<br />
* License submit can be initiated directly from the UI or through an external application (e.g. the [https://github.com/spdx/spdx-license-diff SPDX License Diff browser plugin]) using a documented API<br />
* License text is compared to the currently approved license list<br />
** If matched, the SPDX ID is returned and the user is informed that the license already exists<br />
* License is compared to all submitted yet not approved licenses<br />
** If matched, the user is informed the license is already submitted and is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to all submitted and rejected licenses<br />
** If a match is found, the user is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to the existing license list using an algorithm which finds close matches (SPDX License Diff is an example)<br />
** If an existing license is close, a diff view will show the word differences<br />
** The user is presented with a choice of adding an issue for the nearly matching license stating that the license should match<br />
*** If the user chooses to add the issue, the license text will be added to the issue requesting a change to the license XML to allow the match<br />
*** We could also implement suggested XML markup (e.g. alt or optional text) to make the licenses match - NOTE: This may be a technically challenging feature to implement<br />
* If the user wants to submit a new license request, the information is captured and processed by the SPDX legal team through [https://github.com/spdx/license-list-XML GitHub]<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Experience proposing spec changes<br />
* Understanding of Github API's<br />
* Experience in XML parsing<br />
<br />
====Background Information====<br />
The SPDX legal team uses an online request process for new license requests. This feature was implemented by a GSoC student in 2018. Extending the functionality to check for duplicate requests and checking for near matches would greatly improve the efficiency of the license request and approval process.<br />
<br />
This project would require significant interaction with the users of the tool (the SPDX legal team) and would have some interesting technical challenges in storing and matching text. The optional feature of suggesting XML markup for near matches could involve sophisticated matching techniques to find the appropriate text to include as optional or alternate.<br />
<br />
The current SPDX license list request process is documented in the [https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md License List XML contributing page].<br />
<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Update Parser Libraries for Golang ==<br />
A new Golang library has recently been added to the SPDX tools, at [https://github.com/spdx/tools-golang]. This tool updated the SPDX Golang libraries to the SPDX 2.1 specification. This tool has several opportunities for improvement and adding features.<br />
====Skills Needed====<br />
* Development skills in the Golang language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX documents. A recent new tool has been added for parsing, generating and working with SPDX documents in Golang [https://github.com/spdx/tools-golang]. Opportunities for improving and adding features to this tool include the following:<br />
* adding support for the official RDF format<br />
* experimenting with support for other formats, such as JSON, YAML and XML <br />
* enabling support for parsing and generation of documents under pre-2.1 versions of the SPDX spec<br />
<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Additional Format Support for the Python Libraries==<br />
Add the ability to read and write XML, JSON, and YAML formats of the SPDX documents.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Understanding of XML, JSON and YAML<br />
<br />
====Background Information====<br />
SPDX 2.1 specification supports reading and writing RDF/XML and a tag/value format for SPDX documents. Version 2.2 of the specification will add support for XML, JSON and YAML. The Python libraries currently support reading and writing the RDF/XML and tag/value. This project would extend the parsing and file generation capabilities of the python libraries to include XML, JSON and YAML format. <br />
<br />
The current python libraries are in the [[https://github.com/spdx/tools-python SPDX python tools git repository]]<br />
<br />
====Available Mentors====<br />
[mailto:tetechris20@gmail.com Krys Nuvadga], [mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in PDF and HTML ==<br />
<br />
We need to generate both HTML and PDF versions of the SPDX Specification from [https://www.markdownguide.org/ Markdown (MD)]. The default is English but going forward we envision other language translations as well so they would need to be accounted for in the overall structure and approach.<br />
<br />
What we need going forward is:<br />
<br />
* The ability to generate both an HTML and PDF document for every released version of the specification. This would be a final copy that should should not be re-rendered. <br />
* The ability to display "real time" draft versions of the specification in HTML. This means changes to the specification via commits to GIT for that version should be shown, More than one draft version should be able to be displayed in this fashion. That means we could be rendering draft version 3.1 and draft version 4.0. We do not need this in PDF.<br />
* For the PDF version we will need a cover page, page numbers, TOC, header and footer. Internal document references should work. The ideal solution will be to come up with something that works for both the HTML and PDF versions but some automated post processing for the PDF is okay.<br />
* The default is English but going forward we envision other language translations as well for the HTML and PDF so they would need to be accounted for in the overall structure and approach.<br />
* The specifications are currently released on branches today. The structure of the GIT may need some changes to accommodate language versions and the PDF.<br />
<br />
Other approaches than what we are using in the background can be suggested and used if they meet the requirements above, particularly for internal document links.<br />
<br />
====Skills Needed====<br />
* Understanding of documentation tooling: Markdown, HTML, mkdocs, etc.,.<br />
* Familiarity with GIT and github API's<br />
<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] has been moved to markdown on at https://github.com/spdx/spdx-spec<br />
and now generates an HTML version at: https://spdx.github.io/spdx-spec<br />
<br />
If you look at the SPDX GitHub today it shows the 2.1 SPDX specification nicely as HTML. This is done using a Travis VM, GitHub Pages and markdown. Mkdocs is used to generate the HTML pages. You can look at the scripts in the GIT. What we need going forward is a way to generate both a PDF version and HTML and for each draft and release version of the specification.<br />
<br />
For the 2.1.1 specification we are currently using [https://pandoc.org/ pandoc] and [https://wkhtmltopdf.org/ wkhtmltopdf] to generate a PDF specification. This is currently being done offline. In doing this we need to combine the MD documents as each chapter in the specification is a separate MD document. That would work ecept there are internal links that go between the MD documents; e.g. xxxxxx/chapter4.md. These links are broken on conversion to the PDF so a solution for both HTML and PDF needs to be found. <br />
<br />
A potential approach other than pandoc and wkhtmltopdf to consider for the PDF is at https://github.com/tombensve/MarkdownDoc.<br />
<br />
====Available Mentors====<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Document Generator for projects using SPDXIDs ==<br />
As more projects start to use SPDXIDs at the file level it becomes much simpler to generate SPDX docs for them from a python script. <br />
====Skills Needed ====<br />
* Ability to program in python<br />
====Background Information ====<br />
Forward thinking open source projects are adopting SPDXIDs in source files (initially U-Boot, but now much wider use like Zephyr, Linux Kernel, etc.) <br />
With these easy to find "SPDX-License-Identifier:" strings, generating an SPDX document for a project is a matter of iterating over<br />
the files in a project and extracting the information from these SPDXIDs and calculating checksums. <br />
Creating an open source tool to do this will aid these projects in generating accurate SBOM information at release time.<br />
This tool should be implemented as a command line, so it can be incorporated into builds, and options can be added. <br />
Goal is that projects that use SPDX identifiers can automatically generate a SPDX document as a Software Bill of Materials <br />
(SBOM) on demand (build, release, etc.).<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:saiudayshankar@gmail.com Uday Shankar]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2019-04-01T15:38:02Z<p>JackM: /* SPDX Specification in PDF and HTML */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2019 SPDX Google Summer of Code Project Page'''</span><br />
<br />
See the [https://rtgdk.github.io/spdx-gsoc-proposal.html proposal template] if you are interested in submitting a Google Summer of Code proposal.<br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
==Registry for License List Namespaces==<br />
Build automation for a GitHub repository to support registration of license namespaces to support the following workflow:<br />
* User submits a request for a new license namespace<br />
** The namespace can be a dns-style request or a free-format namespace (e.g. .org.spdx.ad-hoc-licenses or this-is-my-licenses)<br />
* User includes optional information for a URL with additional information for the namespace<br />
* User includes optional information on the submitter name and email<br />
* User agrees that the information will be publicly shared per the terms of the Linux Foundation privacy policy<br />
* A check is made that the namespace is not already in use<br />
* A pull request is created for the new namespace<br />
* A committer to the namespace repository accepts the pull request<br />
* When accepted, the namespace is published to a known website<br />
* REST based API's are available to query the namespace repository<br />
<br />
The automation can be built as a function of the SPDX online tools or as an independent tool or as extensions to GitHub.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python or JavaScript language<br />
* Understanding of GitHub API's<br />
* Ability to work with the user community in refining requirements<br />
* UI development<br />
* REST API development<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This enhancement has been documented in the [https://github.com/spdx/spdx-spec/issues SPDX specification issues list]. This project automates the registration and management of the namespaces.<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Develop a Distributed License Repository Application==<br />
Develop an application which accepts license text and adds it to a repository of licenses stored in a GitHub repository. The interface the application would be a REST API. There would be optional storage of a license in a GitHub repository. The application would support the following use cases:<br />
* See if a license text has already been registered or if license text is already on the [https://spdx.org/licenses SPDX License List]. If so, the ID would be returned.<br />
* Add externally referenced SPDX documents containing license definitions. When added, each license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Add a license text to a known git repository. Input would be license text, license name, proposed license ID, optional license namespace, optional comment, optional creator. This would be stored as an SPDX document which defines the license. There would be one document per license. When added, the license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Promote a license to the license list - this would call the REST API's for the online tool to add a license to the SPDX license list.<br />
* Remove a license reference. This would also update the license aliases.<br />
* [Optional] Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python, Java or JavaScript language<br />
* Understanding of Github API's<br />
* Ability to work with the user community in refining requirements<br />
* REST API development<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This proposal is to provide a method of comparing, tracking and storing licenses which are not currently proposed to be on the SPDX license list. It would likely be used by a front end UI and by other external tools.<br />
<br />
==Enhanced Workflow for Online License Request==<br />
Update the SPDX Online Tools license submit feature to support the following workflow:<br />
* License submit can be initiated directly from the UI or through an external application (e.g. the [https://github.com/spdx/spdx-license-diff SPDX License Diff browser plugin]) using a documented API<br />
* License text is compared to the currently approved license list<br />
** If matched, the SPDX ID is returned and the user is informed that the license already exists<br />
* License is compared to all submitted yet not approved licenses<br />
** If matched, the user is informed the license is already submitted and is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to all submitted and rejected licenses<br />
** If a match is found, the user is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to the existing license list using an algorithm which finds close matches (SPDX License Diff is an example)<br />
** If an existing license is close, a diff view will show the word differences<br />
** The user is presented with a choice of adding an issue for the nearly matching license stating that the license should match<br />
*** If the user chooses to add the issue, the license text will be added to the issue requesting a change to the license XML to allow the match<br />
*** We could also implement suggested XML markup (e.g. alt or optional text) to make the licenses match - NOTE: This may be a technically challenging feature to implement<br />
* If the user wants to submit a new license request, the information is captured and processed by the SPDX legal team through [https://github.com/spdx/license-list-XML GitHub]<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Experience proposing spec changes<br />
* Understanding of Github API's<br />
* Experience in XML parsing<br />
<br />
====Background Information====<br />
The SPDX legal team uses an online request process for new license requests. This feature was implemented by a GSoC student in 2018. Extending the functionality to check for duplicate requests and checking for near matches would greatly improve the efficiency of the license request and approval process.<br />
<br />
This project would require significant interaction with the users of the tool (the SPDX legal team) and would have some interesting technical challenges in storing and matching text. The optional feature of suggesting XML markup for near matches could involve sophisticated matching techniques to find the appropriate text to include as optional or alternate.<br />
<br />
The current SPDX license list request process is documented in the [https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md License List XML contributing page].<br />
<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Update Parser Libraries for Golang ==<br />
A new Golang library has recently been added to the SPDX tools, at [https://github.com/spdx/tools-golang]. This tool updated the SPDX Golang libraries to the SPDX 2.1 specification. This tool has several opportunities for improvement and adding features.<br />
====Skills Needed====<br />
* Development skills in the Golang language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX documents. A recent new tool has been added for parsing, generating and working with SPDX documents in Golang [https://github.com/spdx/tools-golang]. Opportunities for improving and adding features to this tool include the following:<br />
* adding support for the official RDF format<br />
* experimenting with support for other formats, such as JSON, YAML and XML <br />
* enabling support for parsing and generation of documents under pre-2.1 versions of the SPDX spec<br />
<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Additional Format Support for the Python Libraries==<br />
Add the ability to read and write XML, JSON, and YAML formats of the SPDX documents.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Understanding of XML, JSON and YAML<br />
<br />
====Background Information====<br />
SPDX 2.1 specification supports reading and writing RDF/XML and a tag/value format for SPDX documents. Version 2.2 of the specification will add support for XML, JSON and YAML. The Python libraries currently support reading and writing the RDF/XML and tag/value. This project would extend the parsing and file generation capabilities of the python libraries to include XML, JSON and YAML format. <br />
<br />
The current python libraries are in the [[https://github.com/spdx/tools-python SPDX python tools git repository]]<br />
<br />
====Available Mentors====<br />
[mailto:tetechris20@gmail.com Krys Nuvadga], [mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in PDF and HTML ==<br />
<br />
We need to generate both HTML and PDF versions from Markdown (MD). The default is English but going forward we envision other language translations as well so they would need to be accounted for in the overall structure and approach.<br />
<br />
What we need going forward is:<br />
<br />
* The ability to generate both an HTML and PDF document for every released version of the specification. This would be a final copy that should should not be re-rendered. <br />
* The ability to display "real time" draft versions of the specification in HTML. This means changes to the specification via commits to GIT for that version should be shown, More than one draft version should be able to be displayed in this fashion. That means we could be rendering draft version 3.1 and draft version 4.0. WE do not need this in PDF.<br />
* For the PDF version we will need a cover page, page numbers, TOC, header and footer. Internal document references should work. The ideal solution will be to come up with something that works for both the HTML and PDF versions but some automated post processing is for the PDF is okay.<br />
* The default is English but going forward we envision other language translations as well for the HTML and PDF so they would need to be accounted for in the overall structure and approach.<br />
<br />
====Skills Needed====<br />
* Understanding of documentation tooling: Markdown, HTML, mkdocs, etc.,.<br />
* Familiarity with GIT and github API's<br />
<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] has been moved to markdown on at https://github.com/spdx/spdx-spec<br />
and now generates an HTML version at: https://spdx.github.io/spdx-spec<br />
<br />
If you look at the SPDX GitHub today it shows the 2.1 SPDX specification nicely as HTML. This is done using a Travis VM, GitHub Pages and markdown. Mkdocs is used to generate the HTML pages. You can look at the scripts in the GIT. What we need going forward is a way to generate both a PDF version and HTML and for each draft and release version of the specification.<br />
<br />
For the 2.1.1 specification we are currently using [https://pandoc.org/ pandoc] and [https://wkhtmltopdf.org/ wkhtmltopdf] to generate a PDF specification. This is currently being done offline. In doing this we need to combine the MD documents as each chapter in the specification is a separate MD document. That would work ecept there are internal links that go between the MD documents; e.g. xxxxxx/chapter4.md. These links are broken on conversion to the PDF. <br />
<br />
A potential approach other than pandoc and wkhtmltopdf to consider for the PDF is at https://github.com/tombensve/MarkdownDoc.<br />
<br />
====Available Mentors====<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Document Generator for projects using SPDXIDs ==<br />
As more projects start to use SPDXIDs at the file level it becomes much simpler to generate SPDX docs for them from a python script. <br />
====Skills Needed ====<br />
* Ability to program in python<br />
====Background Information ====<br />
Forward thinking open source projects are adopting SPDXIDs in source files (initially U-Boot, but now much wider use like Zephyr, Linux Kernel, etc.) <br />
With these easy to find "SPDX-License-Identifier:" strings, generating an SPDX document for a project is a matter of iterating over<br />
the files in a project and extracting the information from these SPDXIDs and calculating checksums. <br />
Creating an open source tool to do this will aid these projects in generating accurate SBOM information at release time.<br />
This tool should be implemented as a command line, so it can be incorporated into builds, and options can be added. <br />
Goal is that projects that use SPDX identifiers can automatically generate a SPDX document as a Software Bill of Materials <br />
(SBOM) on demand (build, release, etc.).<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:saiudayshankar@gmail.com Uday Shankar]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2019-04-01T15:03:39Z<p>JackM: /* SPDX Specification in PDF and HTML */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2019 SPDX Google Summer of Code Project Page'''</span><br />
<br />
See the [https://rtgdk.github.io/spdx-gsoc-proposal.html proposal template] if you are interested in submitting a Google Summer of Code proposal.<br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
==Registry for License List Namespaces==<br />
Build automation for a GitHub repository to support registration of license namespaces to support the following workflow:<br />
* User submits a request for a new license namespace<br />
** The namespace can be a dns-style request or a free-format namespace (e.g. .org.spdx.ad-hoc-licenses or this-is-my-licenses)<br />
* User includes optional information for a URL with additional information for the namespace<br />
* User includes optional information on the submitter name and email<br />
* User agrees that the information will be publicly shared per the terms of the Linux Foundation privacy policy<br />
* A check is made that the namespace is not already in use<br />
* A pull request is created for the new namespace<br />
* A committer to the namespace repository accepts the pull request<br />
* When accepted, the namespace is published to a known website<br />
* REST based API's are available to query the namespace repository<br />
<br />
The automation can be built as a function of the SPDX online tools or as an independent tool or as extensions to GitHub.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python or JavaScript language<br />
* Understanding of GitHub API's<br />
* Ability to work with the user community in refining requirements<br />
* UI development<br />
* REST API development<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This enhancement has been documented in the [https://github.com/spdx/spdx-spec/issues SPDX specification issues list]. This project automates the registration and management of the namespaces.<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Develop a Distributed License Repository Application==<br />
Develop an application which accepts license text and adds it to a repository of licenses stored in a GitHub repository. The interface the application would be a REST API. There would be optional storage of a license in a GitHub repository. The application would support the following use cases:<br />
* See if a license text has already been registered or if license text is already on the [https://spdx.org/licenses SPDX License List]. If so, the ID would be returned.<br />
* Add externally referenced SPDX documents containing license definitions. When added, each license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Add a license text to a known git repository. Input would be license text, license name, proposed license ID, optional license namespace, optional comment, optional creator. This would be stored as an SPDX document which defines the license. There would be one document per license. When added, the license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Promote a license to the license list - this would call the REST API's for the online tool to add a license to the SPDX license list.<br />
* Remove a license reference. This would also update the license aliases.<br />
* [Optional] Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python, Java or JavaScript language<br />
* Understanding of Github API's<br />
* Ability to work with the user community in refining requirements<br />
* REST API development<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This proposal is to provide a method of comparing, tracking and storing licenses which are not currently proposed to be on the SPDX license list. It would likely be used by a front end UI and by other external tools.<br />
<br />
==Enhanced Workflow for Online License Request==<br />
Update the SPDX Online Tools license submit feature to support the following workflow:<br />
* License submit can be initiated directly from the UI or through an external application (e.g. the [https://github.com/spdx/spdx-license-diff SPDX License Diff browser plugin]) using a documented API<br />
* License text is compared to the currently approved license list<br />
** If matched, the SPDX ID is returned and the user is informed that the license already exists<br />
* License is compared to all submitted yet not approved licenses<br />
** If matched, the user is informed the license is already submitted and is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to all submitted and rejected licenses<br />
** If a match is found, the user is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to the existing license list using an algorithm which finds close matches (SPDX License Diff is an example)<br />
** If an existing license is close, a diff view will show the word differences<br />
** The user is presented with a choice of adding an issue for the nearly matching license stating that the license should match<br />
*** If the user chooses to add the issue, the license text will be added to the issue requesting a change to the license XML to allow the match<br />
*** We could also implement suggested XML markup (e.g. alt or optional text) to make the licenses match - NOTE: This may be a technically challenging feature to implement<br />
* If the user wants to submit a new license request, the information is captured and processed by the SPDX legal team through [https://github.com/spdx/license-list-XML GitHub]<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Experience proposing spec changes<br />
* Understanding of Github API's<br />
* Experience in XML parsing<br />
<br />
====Background Information====<br />
The SPDX legal team uses an online request process for new license requests. This feature was implemented by a GSoC student in 2018. Extending the functionality to check for duplicate requests and checking for near matches would greatly improve the efficiency of the license request and approval process.<br />
<br />
This project would require significant interaction with the users of the tool (the SPDX legal team) and would have some interesting technical challenges in storing and matching text. The optional feature of suggesting XML markup for near matches could involve sophisticated matching techniques to find the appropriate text to include as optional or alternate.<br />
<br />
The current SPDX license list request process is documented in the [https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md License List XML contributing page].<br />
<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Update Parser Libraries for Golang ==<br />
A new Golang library has recently been added to the SPDX tools, at [https://github.com/spdx/tools-golang]. This tool updated the SPDX Golang libraries to the SPDX 2.1 specification. This tool has several opportunities for improvement and adding features.<br />
====Skills Needed====<br />
* Development skills in the Golang language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX documents. A recent new tool has been added for parsing, generating and working with SPDX documents in Golang [https://github.com/spdx/tools-golang]. Opportunities for improving and adding features to this tool include the following:<br />
* adding support for the official RDF format<br />
* experimenting with support for other formats, such as JSON, YAML and XML <br />
* enabling support for parsing and generation of documents under pre-2.1 versions of the SPDX spec<br />
<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Additional Format Support for the Python Libraries==<br />
Add the ability to read and write XML, JSON, and YAML formats of the SPDX documents.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Understanding of XML, JSON and YAML<br />
<br />
====Background Information====<br />
SPDX 2.1 specification supports reading and writing RDF/XML and a tag/value format for SPDX documents. Version 2.2 of the specification will add support for XML, JSON and YAML. The Python libraries currently support reading and writing the RDF/XML and tag/value. This project would extend the parsing and file generation capabilities of the python libraries to include XML, JSON and YAML format. <br />
<br />
The current python libraries are in the [[https://github.com/spdx/tools-python SPDX python tools git repository]]<br />
<br />
====Available Mentors====<br />
[mailto:tetechris20@gmail.com Krys Nuvadga], [mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in PDF and HTML ==<br />
If you look at the SPDX GitHub today it shows the 2.1 SPDX specification nicely as HTML. This is done using a Travis VM, GitHub Pages and markdown. Mkdocs is used to generate the HTML pages. You can look at the scripts in the GIT. What we need going forward is a way to generate both a PDF version and HTML and for each draft and release version of the specification.<br />
<br />
For the 2.1.1 specification we are using [https://pandoc.org/ pandoc] and [https://wkhtmltopdf.org/ wkhtmltopdf] to generate a PDF specification. This is currently being done offline. In doing this we need to combine the MD documents as each chapter in the specification is a separate MD document. That would work ecept there are internal links that go between the MD documents; e.g. xxxxxx/chapter4.md. These links are broken on conversion to the PDF. <br />
<br />
What we need going forward is:<br />
<br />
* The ability to generate both an HTML and PDF document for every released version of the specification. This would be a final copy that should should not be re-rendered. <br />
* The ability to display "real time" draft versions of the specification in HTML. This means changes to the specification via commits to GIT for that version should be shown, More than one draft version should be able to be displayed in this fashion. That means we could be rendering draft version 3.1 and draft version 4.0. WE do not need this in PDF.<br />
* For the PDF version we will need a cover page, page numbers, TOC, header and footer. Internal document references should work. The ideal solution will be to come up with something that works for both the HTML and PDF versions but some automated post processing is for the PDF is okay.<br />
<br />
<br />
====Skills Needed====<br />
* Understanding of documentation tooling: Markdown, HTML, mkdocs, etc.,.<br />
* Familiarity with GIT and github API's<br />
<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] has been moved to markdown on at https://github.com/spdx/spdx-spec<br />
and now generates an HTML version at: https://spdx.github.io/spdx-spec<br />
<br />
We need to find an approach to generate PDF (potential approach to consider at https://github.com/tombensve/MarkdownDoc)<br />
<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Document Generator for projects using SPDXIDs ==<br />
As more projects start to use SPDXIDs at the file level it becomes much simpler to generate SPDX docs for them from a python script. <br />
====Skills Needed ====<br />
* Ability to program in python<br />
====Background Information ====<br />
Forward thinking open source projects are adopting SPDXIDs in source files (initially U-Boot, but now much wider use like Zephyr, Linux Kernel, etc.) <br />
With these easy to find "SPDX-License-Identifier:" strings, generating an SPDX document for a project is a matter of iterating over<br />
the files in a project and extracting the information from these SPDXIDs and calculating checksums. <br />
Creating an open source tool to do this will aid these projects in generating accurate SBOM information at release time.<br />
This tool should be implemented as a command line, so it can be incorporated into builds, and options can be added. <br />
Goal is that projects that use SPDX identifiers can automatically generate a SPDX document as a Software Bill of Materials <br />
(SBOM) on demand (build, release, etc.).<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:saiudayshankar@gmail.com Uday Shankar]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2019-04-01T14:52:46Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2019 SPDX Google Summer of Code Project Page'''</span><br />
<br />
See the [https://rtgdk.github.io/spdx-gsoc-proposal.html proposal template] if you are interested in submitting a Google Summer of Code proposal.<br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
==Registry for License List Namespaces==<br />
Build automation for a GitHub repository to support registration of license namespaces to support the following workflow:<br />
* User submits a request for a new license namespace<br />
** The namespace can be a dns-style request or a free-format namespace (e.g. .org.spdx.ad-hoc-licenses or this-is-my-licenses)<br />
* User includes optional information for a URL with additional information for the namespace<br />
* User includes optional information on the submitter name and email<br />
* User agrees that the information will be publicly shared per the terms of the Linux Foundation privacy policy<br />
* A check is made that the namespace is not already in use<br />
* A pull request is created for the new namespace<br />
* A committer to the namespace repository accepts the pull request<br />
* When accepted, the namespace is published to a known website<br />
* REST based API's are available to query the namespace repository<br />
<br />
The automation can be built as a function of the SPDX online tools or as an independent tool or as extensions to GitHub.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python or JavaScript language<br />
* Understanding of GitHub API's<br />
* Ability to work with the user community in refining requirements<br />
* UI development<br />
* REST API development<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This enhancement has been documented in the [https://github.com/spdx/spdx-spec/issues SPDX specification issues list]. This project automates the registration and management of the namespaces.<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Develop a Distributed License Repository Application==<br />
Develop an application which accepts license text and adds it to a repository of licenses stored in a GitHub repository. The interface the application would be a REST API. There would be optional storage of a license in a GitHub repository. The application would support the following use cases:<br />
* See if a license text has already been registered or if license text is already on the [https://spdx.org/licenses SPDX License List]. If so, the ID would be returned.<br />
* Add externally referenced SPDX documents containing license definitions. When added, each license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Add a license text to a known git repository. Input would be license text, license name, proposed license ID, optional license namespace, optional comment, optional creator. This would be stored as an SPDX document which defines the license. There would be one document per license. When added, the license would be checked to see if it already exists. A list of license ID aliases would be maintained for all licenses which point to the same license text.<br />
* Promote a license to the license list - this would call the REST API's for the online tool to add a license to the SPDX license list.<br />
* Remove a license reference. This would also update the license aliases.<br />
* [Optional] Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python, Java or JavaScript language<br />
* Understanding of Github API's<br />
* Ability to work with the user community in refining requirements<br />
* REST API development<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
====Background Information====<br />
SPDX provides a license list for commonly used open source license - the [https://spdx.org/licenses SPDX License List]. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in [https://spdx.org/spdx-specification-21-web-version#h.1v1yuxt section 6 of the SPDX specification]. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This proposal is to provide a method of comparing, tracking and storing licenses which are not currently proposed to be on the SPDX license list. It would likely be used by a front end UI and by other external tools.<br />
<br />
==Enhanced Workflow for Online License Request==<br />
Update the SPDX Online Tools license submit feature to support the following workflow:<br />
* License submit can be initiated directly from the UI or through an external application (e.g. the [https://github.com/spdx/spdx-license-diff SPDX License Diff browser plugin]) using a documented API<br />
* License text is compared to the currently approved license list<br />
** If matched, the SPDX ID is returned and the user is informed that the license already exists<br />
* License is compared to all submitted yet not approved licenses<br />
** If matched, the user is informed the license is already submitted and is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to all submitted and rejected licenses<br />
** If a match is found, the user is provided a link to the [https://github.com/spdx/license-list-XML/issues License List XML issue]<br />
* License is compared to the existing license list using an algorithm which finds close matches (SPDX License Diff is an example)<br />
** If an existing license is close, a diff view will show the word differences<br />
** The user is presented with a choice of adding an issue for the nearly matching license stating that the license should match<br />
*** If the user chooses to add the issue, the license text will be added to the issue requesting a change to the license XML to allow the match<br />
*** We could also implement suggested XML markup (e.g. alt or optional text) to make the licenses match - NOTE: This may be a technically challenging feature to implement<br />
* If the user wants to submit a new license request, the information is captured and processed by the SPDX legal team through [https://github.com/spdx/license-list-XML GitHub]<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Experience proposing spec changes<br />
* Understanding of Github API's<br />
* Experience in XML parsing<br />
<br />
====Background Information====<br />
The SPDX legal team uses an online request process for new license requests. This feature was implemented by a GSoC student in 2018. Extending the functionality to check for duplicate requests and checking for near matches would greatly improve the efficiency of the license request and approval process.<br />
<br />
This project would require significant interaction with the users of the tool (the SPDX legal team) and would have some interesting technical challenges in storing and matching text. The optional feature of suggesting XML markup for near matches could involve sophisticated matching techniques to find the appropriate text to include as optional or alternate.<br />
<br />
The current SPDX license list request process is documented in the [https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md License List XML contributing page].<br />
<br />
<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Update Parser Libraries for Golang ==<br />
A new Golang library has recently been added to the SPDX tools, at [https://github.com/spdx/tools-golang]. This tool updated the SPDX Golang libraries to the SPDX 2.1 specification. This tool has several opportunities for improvement and adding features.<br />
====Skills Needed====<br />
* Development skills in the Golang language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX documents. A recent new tool has been added for parsing, generating and working with SPDX documents in Golang [https://github.com/spdx/tools-golang]. Opportunities for improving and adding features to this tool include the following:<br />
* adding support for the official RDF format<br />
* experimenting with support for other formats, such as JSON, YAML and XML <br />
* enabling support for parsing and generation of documents under pre-2.1 versions of the SPDX spec<br />
<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Additional Format Support for the Python Libraries==<br />
Add the ability to read and write XML, JSON, and YAML formats of the SPDX documents.<br />
<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
* Experience with parser development<br />
* Understanding of XML, JSON and YAML<br />
<br />
====Background Information====<br />
SPDX 2.1 specification supports reading and writing RDF/XML and a tag/value format for SPDX documents. Version 2.2 of the specification will add support for XML, JSON and YAML. The Python libraries currently support reading and writing the RDF/XML and tag/value. This project would extend the parsing and file generation capabilities of the python libraries to include XML, JSON and YAML format. <br />
<br />
The current python libraries are in the [[https://github.com/spdx/tools-python SPDX python tools git repository]]<br />
<br />
====Available Mentors====<br />
[mailto:tetechris20@gmail.com Krys Nuvadga], [mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in PDF and HTML ==<br />
If you look at the SPDX GitHub today it shows the 2.1 SPDX specification nicely as HTML. This is done using a Travis VM, GitHub Pages and markdown. Mkdocs is used to generate the HTML pages. You can look at the scripts in the GIT. What we need going forward is a way to generate both a PDF version and HTML and for each draft and release version of the specification.<br />
<br />
For the 2.1.1 specification we are using [https://pandoc.org/ pandoc] and [https://wkhtmltopdf.org/ wkhtmltopdf] to generate a PDF specification. This is currently being done offline.<br />
<br />
<br />
Generate a version of the specification in PDF based on the markdown version in the SPDX specification repository <br />
====Skills Needed====<br />
* Understanding of documentation tooling: Markdown, HTML, mkdocs, etc.,.<br />
* Familiarity with GIT and github API's<br />
<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] has been moved to markdown on at https://github.com/spdx/spdx-spec<br />
and now generates an HTML version at: https://spdx.github.io/spdx-spec<br />
<br />
We need to find an approach to generate PDF (potential approach to consider at https://github.com/tombensve/MarkdownDoc)<br />
<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
[mailto:swinslow@linuxfoundation.org Steve Winslow]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
== SPDX Document Generator for projects using SPDXIDs ==<br />
As more projects start to use SPDXIDs at the file level it becomes much simpler to generate SPDX docs for them from a python script. <br />
====Skills Needed ====<br />
* Ability to program in python<br />
====Background Information ====<br />
Forward thinking open source projects are adopting SPDXIDs in source files (initially U-Boot, but now much wider use like Zephyr, Linux Kernel, etc.) <br />
With these easy to find "SPDX-License-Identifier:" strings, generating an SPDX document for a project is a matter of iterating over<br />
the files in a project and extracting the information from these SPDXIDs and calculating checksums. <br />
Creating an open source tool to do this will aid these projects in generating accurate SBOM information at release time.<br />
This tool should be implemented as a command line, so it can be incorporated into builds, and options can be added. <br />
Goal is that projects that use SPDX identifiers can automatically generate a SPDX document as a Software Bill of Materials <br />
(SBOM) on demand (build, release, etc.).<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:saiudayshankar@gmail.com Uday Shankar]</div>JackMhttps://wiki.spdx.org/view/Outreach_TeamOutreach Team2018-07-31T12:50:22Z<p>JackM: </p>
<hr />
<div>This is the working area for the Outreach (formally Business) Team. This team has primary responsibility for go-to-market activities of SPDX, including: launch activities for new versions of the SPDX specification; outreach; participation in events; and the SPDX website.<br />
<br />
The Outreach Team meets every other Thursday at 4:00PM PT, 5:00pm MT, 6:00pm CT, 7:00PM ET (these are US times) starting on 2 August 2018.<br />
<br />
Call this number: (United States): +1-415-881-1586 <br />
No PIN needed<br />
International: visit the URL at http://uberconference.com/SPDXTeam<br />
<br />
<br />
* [[Business_Team/Priorities|Current Priorities and Work in Progress for the Outreach Team]]<br />
* [[Business_Team/Minutes|Meeting Minutes for the Outreach Team]]<br />
* [[Business_Team/Old|Older Items for the Outreach Team]]<br />
* [[SPDX_FAQ|SPDX FAQs]]<br />
<br />
[[Category:Business]]</div>JackMhttps://wiki.spdx.org/view/Outreach_TeamOutreach Team2018-07-26T13:13:43Z<p>JackM: </p>
<hr />
<div>This is the working area for the Outreach (formally Business) Team. This team has primary responsibility for go-to-market activities of SPDX, including: launch activities for new versions of the SPDX specification; outreach; participation in events; and the SPDX website.<br />
<br />
The Outreach Team meets every other Thursday at 4:00PM PT, 5:00pm MT, 6:00pm CT, 7:00PM ET (these are US times) starting on 14 January 2016.<br />
<br />
Call this number: (United States): +1-415-881-1586 <br />
No PIN needed<br />
International: visit the URL at http://uberconference.com/SPDXTeam<br />
<br />
<br />
* [[Business_Team/Priorities|Current Priorities and Work in Progress for the Outreach Team]]<br />
* [[Business_Team/Minutes|Meeting Minutes for the Outreach Team]]<br />
* [[Business_Team/Old|Older Items for the Outreach Team]]<br />
* [[SPDX_FAQ|SPDX FAQs]]<br />
<br />
[[Category:Business]]</div>JackMhttps://wiki.spdx.org/view/Outreach_TeamOutreach Team2018-07-26T13:09:28Z<p>JackM: </p>
<hr />
<div>This is the working area for the Outreach (formally Business) Team. This team has primary responsibility for go-to-market activities of SPDX, including: launch activities for new versions of the SPDX specification; outreach; participation in events; and the SPDX website.<br />
<br />
The Outreach Team meets every other Thursday at 18:00 GMT (4:00PM PT, 5:00pm MT, 6:00pm CT, 7:00PM ET) starting on 14 January 2016.<br />
<br />
Call this number: (United States): +1-415-881-1586 <br />
No PIN needed<br />
International: visit the URL at http://uberconference.com/SPDXTeam<br />
<br />
<br />
* [[Business_Team/Priorities|Current Priorities and Work in Progress for the Outreach Team]]<br />
* [[Business_Team/Minutes|Meeting Minutes for the Outreach Team]]<br />
* [[Business_Team/Old|Older Items for the Outreach Team]]<br />
* [[SPDX_FAQ|SPDX FAQs]]<br />
<br />
[[Category:Business]]</div>JackMhttps://wiki.spdx.org/view/Legal_TeamLegal Team2018-06-14T14:02:52Z<p>JackM: </p>
<hr />
<div>This is the working area for the Legal Team. The SPDX Legal Team supports and provides recommendations to the SPDX working groups regarding licensing issues for the specification itself; maintains the [http://spdx.org/licenses/ SPDX License List]; and promotes the SPDX specification to the legal community at-large.<br />
<br />
Work for the SPDX Legal Team is done both via the mailing list and bi-weekly calls. In particular, the bi-weekly calls are used to discuss topics and issues that may be difficult to only discuss via email. <br />
<br />
'''You can join the mailing list and otherwise manage your subscription here''': https://lists.spdx.org/g/spdx-legal<br />
<br />
An invite for the bi-weekly calls is sent to the mailing list at the beginning of each year. If you join the mailing list later, you may not have gotten the invite. The details of the calls are below for anyone to join and meeting reminders are usually sent prior to the call on the mailing list. <br />
<br />
The Legal Team meets '''every other Thursday at 17:00 GMT (9:00AM PT, 10:00 MT, 11:00 CT, 12:00PM ET)'''.<br />
<br />
Web conference: http://uberconference.com/SPDXTeam<br />
Optional dial in number: 415-881-1586<br />
No PIN needed<br />
<br />
* [[Legal_Team/Minutes|Meeting Minutes of the Legal Team]]<br />
* [[Legal_Team/License_List/Licenses_Under_Consideration|Licenses & Exceptions Under Consideration]]<br />
* [[Legal_Team/Fedora-comparison|Fedora/SPDX license list inclusion and comparison]]<br />
<!--* [[Legal_Team/Priorities|Current Priorities and Work in Progress for the Legal Team]] link not really useful--><br />
* [[Legal_Team/Decisions|Decisions of the Legal Team]] - summaries of past significant decisions of the SPDX Legal Team<br />
<br />
'''Working pages for project in progress:'''<br />
* [[Legal_Team/Templatizing|Working page for XML Templatizing project to improve machine detection & recognition]]<br />
* [[Legal_Team/non-English-licenses|Working page for policy on how to handle non-English licenses and matching]]<br />
* [[Legal_Team/only-operator-proposal|Working page for policy on proposal to add only operator and otherwise better deal with license that have "or later" clauses overall]]<br />
<br />
<br />
<!-- * [[Legal_Team/Old|Older Items for the Legal Team]] nothing there, so hiding this link --><br />
<br />
[[Category:Legal]]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:32:50Z<p>JackM: /* Available Mentors */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files.<br />
<br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
[mailto:ybronshteyn@blackducksoftware.com Yev Bronshteyn]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:31:42Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files.<br />
<br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
[mailto:thomas.steenbergen@here.com Thomas Steenbergen]<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
[mailto:ybronshteyn@blackducksoftware.com Yev Bronshteyn]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:19:21Z<p>JackM: /* Available Mentors */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files.<br />
<br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
[mailto:ybronshteyn@blackducksoftware.com Yev Bronshteyn]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:18:55Z<p>JackM: /* Available Mentors */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files.<br />
<br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
[mailto:Yev Bronshteyn ybronshteyn@blackducksoftware.com]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:18:39Z<p>JackM: /* Available Mentors */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files.<br />
<br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
[mailto: Yev Bronshteyn ybronshteyn@blackducksoftware.com]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:17:06Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files.<br />
<br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
[mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
Yev Bronshteyn</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:15:35Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files. <br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
[mailto: kstewart@linuxfoundation.org Kate Stewart]<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
Yev Bronshteyn</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:11:02Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
<br />
=SPDX Workgroup Tooling Projects=<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files. <br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
Kate Stewart<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
Yev Bronshteyn</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:09:58Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
= 2018 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.1 for GO==<br />
Update one of the SPDX GO libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the GO language<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python libraries and the GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
<br />
==Update Python SPDX library to SPDX 2.1==<br />
Update one of the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.1 specification. The Python library support version 1.2 of the spec. The library must support primarily the tag/value import/export and also the RDF/XML import/export. The [[https://github.com/spdx/tools-python|SPDX git repository]] SPDX Tools project contains the source code for this library.<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Add support for SPDX license expression to Python library==<br />
Update the [[https://github.com/spdx/tools-python]|SPDX Python library]] to fully support license expression.<br />
====Skills Needed====<br />
* Development skills in the Python language<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
== Port SPDX license expression library to Ruby, JavaScript and Java==<br />
The [[https://github.com/nexB/license-expression/]|licens_expressionlibrary]] provides comprehensive support license expression using a boolean engine for Python.<br />
The goal of this project is to port and/or package this library for JavaScript, Ruby and Java, considering either code conversion tools, alternative Python implementations (e.g. Jython) or calling Python from another language to bring the same features to these other languages.<br />
====Skills Needed====<br />
* Development skills in Python, Java, Ruby, JavaScript.<br />
<br />
====Background Information====<br />
See https://github.com/spdx/tools-python/issues/10 and https://github.com/nexB/license-expression/<br />
====Available Mentors====<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Build Tool SPDX File Generators==<br />
Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files. <br />
====Skills Needed====<br />
* Experience developing parser/scanners<br />
* Experience with the specific build tools<br />
====Background Information====<br />
Many build environments include license information in their metadata but do not produce sufficient information for good license compliance. By adding SPDX generation to these build environments, high quality licensing information can be captured in a way which is easily used by downstream users of the code. Following is a partial list of popular build environments/package managers which do not have an SPDX generation capability:<br />
* MSBuild<br />
* PIP<br />
* NPM (Note: NPM does include SPDX compliance license information and tools)<br />
* DEB<br />
The Yocto build environment currently has some SPDX file generation capabilities, but there is a need for some additional work to integrate some of the existing tools into a more complete integrated toolset. The [https://github.com/goneall/spdx-maven-plugin SPDX Maven Plugin] is an example of an existing build tool SPDX generator.<br />
====Available Mentors====<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
[mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
=SPDX Specification Projects=<br />
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.<br />
<br />
== SPDX Specification in MarkDown ==<br />
Migrate the specification from Google docs to GitHub+MarkDown based toolchain capable of generating HTML, PDF and EPUB<br />
====Skills Needed====<br />
* Understanding of documentation tooling<br />
* Web-development skills to style HTML version<br />
====Background Information====<br />
The [https://spdx.org/specifications 2.1 SPDX specification] PDF and HTML version have several issues.<br />
1. Navigation through both document is difficult as a index is missing<br />
2. Switching to GitHub+MarkDown will remove friction for contributors to comment/amend the specification. Common workflow within the OSS community<br />
====Available Mentors====<br />
Kate Stewart<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Wiki Examples of Package Managers ==<br />
SPDX specification describes on a high level how to describe package, files and snippets but lack examples how to capture the use of package managers<br />
====Skills Needed====<br />
* Understanding of package managers <br />
====Background Information====<br />
To encourage adoption of SPDX it should be clear how to encode the use of common programming language package managers within SPDX. The aim of this project is to create example per build tool/package manager so that not only as example to the community but also form the input for SPDX tech team discussions and future tooling development<br />
<br />
Initial package managers:<br />
* Bower<br />
* CocoaPods<br />
* Gradle<br />
* gem<br />
* gitmodules<br />
* Maven<br />
* npm<br />
* PyPi<br />
* sbt<br />
* NuGet<br />
<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
<br />
<br />
== SPDX Specification Views for legal counsels and developers ==<br />
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.<br />
====Skills Needed====<br />
* Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX<br />
====Background Information====<br />
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold:<br />
1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner.<br />
2. Provide legal counsels with a "package and limited file view" to enable legal conclusions<br />
====Available Mentors====<br />
Thomas Steenbergen<br />
Yev Bronshteyn</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T18:03:17Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
<br />
===Skills Needed===<br />
* Development skills in the language of choice (e.g. Java or Python or Go)<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[https://github.com/spdx/|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall] Java<br />
[mailto:pombredanne@gmail.com Philippe Ombredanne] Python and Go<br />
<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
* This could be written in any of Python, JavaScript or Java<br />
<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
<br />
As a bonus or separate project, this could include providing a UI and an API for SPDX expression validation.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Python or Java or C<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents. This can be two separate projects.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also produce a score indicating how well documented the licenses are.<br />
<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Python or Java development experience a plus<br />
<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:j-manbeck2@ti.com Jack Manbeck]<br />
<br />
<br />
==License Coverage Grader ==<br />
Create a tool which will take an SPDX document and pointer to the original source files, and determine a "grade" to quantify how complete the licensing information is at the file level for the code represented by the SPDX document. <br />
<br />
===Skills Needed===<br />
* Experience with Python<br />
* Understanding of various programming languages and mime types<br />
* Familiarity with SPDX specification is a plus<br />
<br />
===Background Information===<br />
There have been several talks about the need for a package level License Coverage Grade. This project will come up with an initial set of heuristics based on MIME types for what file types should have automatically detectable license identifiers. Then create a command line tool that will accept and parse an SPDX document and a pointer to sources that created it, and come up with license coverage "grade" for the package. <br />
<br />
===Available Mentors===<br />
* [mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2018-01-30T17:51:25Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2018 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
= 2018 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
<br />
===Skills Needed===<br />
* Development skills in the language of choice (e.g. Java or Python or Go)<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[https://github.com/spdx/|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall] Java<br />
[mailto:pombredanne@gmail.com Philippe Ombredanne] Python and Go<br />
<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
* This could be written in any of Python, JavaScript or Java<br />
<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
<br />
As a bonus or separate project, this could include providing a UI and an API for SPDX expression validation.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Python or Java or C<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents. This can be two separate projects.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also produce a score indicating how well documented the licenses are.<br />
<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Python or Java development experience a plus<br />
<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:j-manbeck2@ti.com Jack Manbeck]<br />
<br />
<br />
==License Coverage Grader ==<br />
Create a tool which will take an SPDX document and pointer to the original source files, and determine a "grade" to quantify how complete the licensing information is at the file level for the code represented by the SPDX document. <br />
<br />
===Skills Needed===<br />
* Experience with Python<br />
* Understanding of various programming languages and mime types<br />
* Familiarity with SPDX specification is a plus<br />
<br />
===Background Information===<br />
There have been several talks about the need for a package level License Coverage Grade. This project will come up with an initial set of heuristics based on MIME types for what file types should have automatically detectable license identifiers. Then create a command line tool that will accept and parse an SPDX document and a pointer to sources that created it, and come up with license coverage "grade" for the package. <br />
<br />
===Available Mentors===<br />
* [mailto:kstewart@linuxfoundation.org Kate Stewart]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-06-01T17:26:42Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
May 4, 2017<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations. At this time only the required fields will be checked as part of the certifrication process.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| Open Source Summit NA Sept 2017 (Sept 11 - 13)<br />
| Announcement of the program and call for input. Submitted request for a talk on this (May 1)<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =<br />
<br />
Want to look at license quality (how well they detect the licences in code) vs how semantically correct they are(?). Will have a set of reference packages with the right answers to compare to.<br />
<br />
* Is this a self certification or do we have to see the results?<br />
* Are there certifications for both producing and consuming?<br />
* Do you get a badge or something if you pass?<br />
<br />
<br />
= Futures =<br />
<br />
* Testing optional fields if used.</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-06-01T17:22:23Z<p>JackM: /* Plan */</p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
May 4, 2017<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations. At this time only the required fields will be checked as part of the certifrication process.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| Open Source Summit NA Sept 2017 (Sept 11 - 13)<br />
| Announcement of the program and call for input. Submitted request for a talk on this (May 1)<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =<br />
<br />
<br />
* Is this a self certification or do we have to see the results?<br />
* Are there certifications for both producing and consuming?<br />
* Do you get a badge or something if you pass?<br />
<br />
= Futures =<br />
<br />
* Testing optional fields if used.</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-06-01T17:21:01Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
May 4, 2017<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations. At this time only the required fields will be checked as part of the certifrication process.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| OPen Source Summit NA May 2017 (Sept 11 - 13)<br />
| Announcement of the program and call for input. Submitted request for a talk on this (May 30)<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =<br />
<br />
<br />
* Is this a self certification or do we have to see the results?<br />
* Are there certifications for both producing and consuming?<br />
* Do you get a badge or something if you pass?<br />
<br />
= Futures =<br />
<br />
* Testing optional fields if used.</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T14:09:55Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
May 4, 2017<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations. At this time only the required fields will be checked as part of the certifrication process.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| LinuxCon NA May 2017 (May16-18)<br />
| Announcement of the program and call for input.<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =<br />
<br />
<br />
* Is this a self certification or do we have to see the results?<br />
* Are there certifications for both producing and consuming?<br />
* Do you get a badge or something if you pass?<br />
<br />
= Futures =<br />
<br />
* Testing optional fields if used.</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T14:01:51Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
May 4, 2017<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations. At this time only the required fiwlds will be checked as part of the certifrication process.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| LinuxCon NA May 2017 (May16-18)<br />
| Announcement of the program and call for input.<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =<br />
<br />
<br />
* Is this a self certification or do we have to see the results?<br />
* Are there certifications for both producing and consuming?<br />
* Do you get a badge or something if you pass?<br />
<br />
= Futures =<br />
<br />
* Testing optional fields if used.</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T14:01:07Z<p>JackM: /* Certification Program */</p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations. At this time only the required fiwlds will be checked as part of the certifrication process.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| LinuxCon NA May 2017 (May16-18)<br />
| Announcement of the program and call for input.<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =<br />
<br />
<br />
* Is this a self certification or do we have to see the results?<br />
* Are there certifications for both producing and consuming?<br />
* Do you get a badge or something if you pass?<br />
<br />
= Futures =<br />
<br />
* Testing optional fields if used.</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:59:14Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations. At this time only the required fiwlds will be checked as part of the certifrication process.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| LinuxCon NA May 2017 (May16-18)<br />
| Announcement of the program and call for input.<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =<br />
<br />
= Futures =<br />
<br />
* Testing optional fields if used.</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:57:40Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| LinuxCon NA May 2017 (May16-18)<br />
| Announcement of the program and call for input.<br />
|-<br />
| LinuxCon Europe October 2017 (October 23-25)<br />
| Trials for certification<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:55:34Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" class="unsortable" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| LinuxCon NA 2017<br />
| Company<br />
|-<br />
| LinuxCon Europe 2017<br />
| Company<br />
|-<br />
| LF Leadership Summit 2018<br />
| Formal announcement of the program and certifications can start.<br />
|-<br />
|}<br />
<br />
= Certification Program =</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:53:42Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" width=12% | Date<br />
! class="unsortable" | Milestone<br />
|-<br />
| Texas Instruments <br />
| Company<br />
|-<br />
|}<br />
<br />
= Certification Program =</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:53:15Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations.<br />
<br />
= Plan =<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Intial Roll Out Plan<br />
! align="left" width=12% | Date<br />
! width=8% | <br />
! class="unsortable" | Milestone<br />
|-<br />
| Texas Instruments <br />
| Company<br />
|-<br />
|}<br />
<br />
= Certification Program =</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:50:48Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
This document describes the SPDX Tool Certification program.<br />
<br />
= Goal =<br />
<br />
The goal of the SPDX Tool certification program is to allow makers of SPDX tools to cerify their implementations.<br />
<br />
= Plan =<br />
<br />
<br />
= Certification Program =</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:49:16Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =<br />
<br />
= Goal =<br />
<br />
= Plan =<br />
<br />
= Certification Program =</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:47:52Z<p>JackM: </p>
<hr />
<div><br />
<br/><br />
<br />
{|<br />
| [[File:Logo spdx 250.png|250px]] <br />
| &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''SPDX Tech Report''' <br />
|}<br />
<hr><br />
<br />
<br/><br />
<br/><br />
<span style="font-size:40px">SPDX Tool Certification</span> <br />
<br/><br />
version 0.1<br />
<br/><br />
WORKING DRAFT<br />
<br />
<br/><br />
<br/><br />
__TOC__<br />
<br/><br />
<br/><br />
<br />
= Overview =</div>JackMhttps://wiki.spdx.org/view/Business_Team/PrioritiesBusiness Team/Priorities2017-05-04T13:46:19Z<p>JackM: </p>
<hr />
<div>This page has links to items the Business Team is currently working on.<br />
<br />
* [[Business_Team/ToolCertification|Tool Certification]]<br />
* [[Business_Team/Name_Transition_Plan|Name Change Transition Plan]]<br />
* [[Business_Team/Outreach_Plan|Outreach Plan]]<br />
* [[Business_Team/Adoption|Adoption]]<br />
* [[Business_Team/Priorities/GSOC2016|Google Summer of Code]]<br />
* [[Business_Team/Roadmap|Roadmap]]<br />
* [[Business_Team/Surveys|Surveys]]<br />
* [[Business_Team/SPDX_2_0_Project|SPDX 2.0 Overview]]<br />
<br />
[[Category:Business]]</div>JackMhttps://wiki.spdx.org/view/Business_Team/ToolCertificationBusiness Team/ToolCertification2017-05-04T13:45:35Z<p>JackM: Created page with " DRAFT"</p>
<hr />
<div><br />
DRAFT</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-28T18:19:27Z<p>JackM: /* Available Mentors */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents. This can be two seperate projects.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-28T18:18:38Z<p>JackM: /* Meet Your Mentors */</p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents. This can be two seperate projects.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackMhttps://wiki.spdx.org/view/Main_PageMain Page2017-02-16T18:37:43Z<p>JackM: </p>
<hr />
<div>The Software Package Data Exchange® (SPDX®) [https://spdx.org/specifications specification] is a standard format for communicating the components, licenses and copyrights associated with a software package. This wiki site is the workspace for SPDX Teams. Please see [http://spdx.org spdx.org] for general information, the current specification, license list, etc.<br />
<br />
'''Documents'''<br />
* [[Documents|Working with SPDX Documents and the License List]]<br />
* [[SPDXReports | SPDX Reports]]<br />
'''Team Work Areas'''<br />
* [[General Meeting]]<br />
* [[Outreach Team | Outreach Team]]<br />
* [[Legal Team]]<br />
* [[Technical Team]]<br />
* [[Old|Older Information]]<br />
'''Other'''<br />
* [[Business_Team/Tool_Link_Request | Tool Link Request and Process]]<br />
* [[GSOC | Google Summer of Code]]<br />
<br /> <br />
This is a media wiki. See [[Getting started with the SPDX wiki]]. Note that you need an account on the wiki to edit. See the Getting started page to request one.</div>JackMhttps://wiki.spdx.org/view/Main_PageMain Page2017-02-16T18:36:26Z<p>JackM: </p>
<hr />
<div>The Software Package Data Exchange® (SPDX®) [https://spdx.org/specifications specification] is a standard format for communicating the components, licenses and copyrights associated with a software package. This wiki site is the workspace for SPDX Teams. Please see [http://spdx.org spdx.org] for general information, the current specification, license list, etc.<br />
<br />
'''Documents'''<br />
* [[Documents|Working with SPDX Documents and the License List]]<br />
* [[SPDXReports | SPDX Reports]]<br />
'''Team Work Areas'''<br />
* [[General Meeting]]<br />
* [[Outreach Team | Outreach Team]]<br />
* [[Legal Team]]<br />
* [[Technical Team]]<br />
* [[Old|Older Information]]<br />
'''Other'''<br />
* [[Business_Team/Tool_Link_Request | Tool Link Request and Process]]<br />
* [[GSOC | Google Summer of Code]]<br />
<br /> <br />
This is a media wiki. See [[Getting started with the SPDX wiki]].</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ApplicationGSOC/GSOC Application2017-02-16T18:34:34Z<p>JackM: </p>
<hr />
<div>= Google Summer of Code Application =<br />
<br />
This information can be used to create the application.<br />
<br />
= Organization Information =<br />
<br />
Organization Application<br />
<br />
<br />
Why does your org want to participate in Google Summer of Code?<br />
<br />
SPDX is an all volunteer community committed to improving the awareness, standards and tools for open source compliance. By engaging students, we will increase the awareness of open source compliance for future software professionals. We would also like to engage students in a collaborative open source project and potentially keep them engaged after the project completes. It would be valuable to extend the compliance tools available for the open source community and for commercial software companies.<br />
<br />
<br />
How many potential mentors have agreed to mentor this year?<br />
<br />
1-5<br />
<br />
<br />
How will you keep mentors engaged with their students?<br />
<br />
Three of our mentors have had experience with GSoC and have been very engaged in the past projects. We plan on having regular communications with the mentors in our mailing lists as well as in our weekly calls where mentors will present on the progress of their projects. Each of our mentors will have a back-up mentor to help support the mentoring activities and provide continuing engagement if the mentor is unavailable for any reason.<br />
<br />
<br />
How will you help your students stay on schedule to complete their projects?<br />
<br />
The mentors will be primarily responsible for the student progress, with the back-up mentor providing support. Students will be required to create a milestone schedule and report on its progress with their mentors in addition to regular communication. The mentors will help the student work through any roadblocks or help them reach out to the broader community should the need arise. We will be tracking progress in our weekly tech calls and discuss any issues when needed.<br />
<br />
<br />
How will you get your students involved in your community during GSoC?<br />
<br />
We will involve the students in our standard communications (email distribution lists and weekly calls), provide a forum for them to communicate their project and results. Once significant milestones have been achieved, we will feature their results on the spdx.org website.<br />
<br />
<br />
How will you keep students involved with your community after GSoC?<br />
<br />
We will encourage them to become members of the community and continue to support what they have worked on or get involved in other areas. We will encourage them to continue to contribute and maintain ongoing dialog through 1:1 emails with the mentors, inclusion in the SPDX mailing lists, and encouraging them to participate in the tech subgroup calls.<br />
<br />
<br />
Has your org been accepted as a mentor org in Google Summer of Code before?<br />
<br />
Yes<br />
<br />
<br />
Which years did your org participate in GSoC?<br />
<br />
, , 2014, , , , , , , , , <br />
<br />
<br />
For each year your organization has participated, counts of successful and total students:<br />
<br />
3/3 All students were successful. Please note: our participation in 2014 was as part of the Linux Foundation. We are applying this year as an independent collaborative open source organization.<br />
<br />
<br />
If your org has applied for GSoC before but not been accepted, select the years:<br />
<br />
2016, , , , , , , , , , , <br />
<br />
<br />
If you are a new organization to GSoC, is there a Google employee or previously participating organization who will vouch for you? If so, please enter their name, contact email, and relationship to your organization. (optional)<br />
<br />
Three of our mentors have participated in the 2014 GSoC and one of our mentors has participated in more than 1 previous GSoC.<br />
<br />
<br />
What year was your project started?<br />
<br />
2010<br />
<br />
<br />
Anything else we should know (optional)?<br />
<br />
Our community consists of a broad range of individuals from foundations, open source communities, linux distributors and business professionals working together with a common goal. While compliance may not always seem exciting we believe they will gain exposure to some of the legal and business aspects of working with open source licensing as well. In addition, the tooling and problems we face are complex and should provide a good technical challenge for the student.<br />
<br />
= Organization Profile =<br />
<br />
Organization Profile<br />
<br />
<br />
Tagline<br />
<br />
Promoting open source compliance through standard communication of SW licenses.<br />
<br />
Short Description<br />
<br />
The Software Package Data ExchangeR (SPDXR) specification is a standard format for communicating the components, licenses and copyrights associated with a software package.<br />
<br />
Long Description<br />
<br />
Our Mission<br />
<br />
Develop and promote adoption of a specification to enable any party in a software supply chain, from the original author to the final end user, to accurately communicate the licensing information for any piece of copyrightable material that such party may create, alter, combine, pass on, or receive, and to make such information available in a consistent, understandable, and re-usable fashion, with the aim of facilitating license and other policy compliance.<br />
<br />
Our Vision<br />
<br />
The vision of SPDX is achieve license compliance with minimal cost across the supply chain. Ideally, upstream component developers begin the process by supplying SPDX flies as part of their downloads. Users of those components therefore have a starting point for the SPDX files they create for their "customers," and so on. If everything is working properly, the provenance of each piece of code is researched and documented only once during its journey through a supply chain, and that information is passed on in parallel with the code in the SPDX format.<br />
<br />
Execution<br />
<br />
Development of SPDX is run somewhat like an open source project: Those that participate influence. Decisions tend to be made by consensus. The spec itself is written by a technical team with input and support from business and legal teams. Although much of the the initial focus was on Linux and the project is under the auspices of the Linux Foundation, the strategy from the outset has been much broader to be applicable to anything open source. To accommodate a range of needs, SPDX can be implemented in XML or tag-value formats.<br />
<br />
The SPDX "IP" is all housed on this site. Most of that is embodied in the spec itself, but we have developed a number of separate assets that complement the specification, including a standard license list, implementation guidelines and the SPDX compatible tools.<br />
<br />
Primary Open Source License<br />
<br />
Apache License 2.0 (Apache-2.0)<br />
<br />
Organization Category<br />
<br />
languages<br />
<br />
Technology Tags<br />
<br />
rdf, python, java, github, c<br />
<br />
Topic Tags<br />
<br />
compliance, opensource, licensing<br />
<br />
Ideas List<br />
<br />
http://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeas<br />
<br />
Application Instructions<br />
<br />
Please review the requirements described in the project ideas page at http://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeas. Submit your proposals using the GSoC website to the mentor from the ideas page or feel free to contact them directly with questions.<br />
<br />
Proposal Tags<br />
<br />
workgroup tools, github integration, specification projects<br />
<br />
Chat<br />
<br />
Mailing List<br />
<br />
https://lists.spdx.org/mailman/listinfo/spdx-tech<br />
<br />
<br />
Contact Email<br />
<br />
spdx-tech@lists.spdx.org<br />
<br />
Google+ URL<br />
<br />
Twitter URL<br />
<br />
Blog URL</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ApplicationGSOC/GSOC Application2017-02-16T18:32:34Z<p>JackM: </p>
<hr />
<div>= Google Summer of Code Application =<br />
<br />
This information can be used to create the application.<br />
<br />
= Organization Information =<br />
<br />
Organization Application<br />
<br />
<br />
Why does your org want to participate in Google Summer of Code?<br />
<br />
SPDX is an all volunteer community committed to improving the awareness, standards and tools for open source compliance. By engaging students, we will increase the awareness of open source compliance for future software professionals. We would also like to engage students in a collaborative open source project and potentially keep them engaged after the project completes. It would be valuable to extend the compliance tools available for the open source community and for commercial software companies.<br />
<br />
<br />
How many potential mentors have agreed to mentor this year?<br />
<br />
1-5<br />
<br />
<br />
How will you keep mentors engaged with their students?<br />
<br />
Three of our mentors have had experience with GSoC and have been very engaged in the past projects. We plan on having regular communications with the mentors in our mailing lists as well as in our weekly calls where mentors will present on the progress of their projects. Each of our mentors will have a back-up mentor to help support the mentoring activities and provide continuing engagement if the mentor is unavailable for any reason.<br />
<br />
<br />
How will you help your students stay on schedule to complete their projects?<br />
<br />
The mentors will be primarily responsible for the student progress, with the back-up mentor providing support. Students will be required to create a milestone schedule and report on its progress with their mentors in addition to regular communication. The mentors will help the student work through any roadblocks or help them reach out to the broader community should the need arise. We will be tracking progress in our weekly tech calls and discuss any issues when needed.<br />
<br />
<br />
How will you get your students involved in your community during GSoC?<br />
<br />
We will involve the students in our standard communications (email distribution lists and weekly calls), provide a forum for them to communicate their project and results. Once significant milestones have been achieved, we will feature their results on the spdx.org website.<br />
<br />
<br />
How will you keep students involved with your community after GSoC?<br />
<br />
We will encourage them to become members of the community and continue to support what they have worked on or get involved in other areas. We will encourage them to continue to contribute and maintain ongoing dialog through 1:1 emails with the mentors, inclusion in the SPDX mailing lists, and encouraging them to participate in the tech subgroup calls.<br />
<br />
<br />
Has your org been accepted as a mentor org in Google Summer of Code before?<br />
<br />
Yes<br />
<br />
<br />
Which years did your org participate in GSoC?<br />
<br />
, , 2014, , , , , , , , , <br />
<br />
<br />
For each year your organization has participated, counts of successful and total students:<br />
<br />
3/3 All students were successful. Please note: our participation in 2014 was as part of the Linux Foundation. We are applying this year as an independent collaborative open source organization.<br />
<br />
<br />
If your org has applied for GSoC before but not been accepted, select the years:<br />
<br />
2016, , , , , , , , , , , <br />
<br />
<br />
If you are a new organization to GSoC, is there a Google employee or previously participating organization who will vouch for you? If so, please enter their name, contact email, and relationship to your organization. (optional)<br />
<br />
Three of our mentors have participated in the 2014 GSoC and one of our mentors has participated in more than 1 previous GSoC.<br />
<br />
<br />
What year was your project started?<br />
<br />
2010<br />
<br />
<br />
Anything else we should know (optional)?<br />
<br />
Our community consists of a broad range of individuals from foundations, open source communities, linux distributors and business professionals working together with a common goal. While compliance may not always seem exciting we believe they will gain exposure to some of the legal and business aspects of working with open source licensing as well. In addition, the tooling and problems we face are complex and should provide a good technical challenge for the student.</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-08T17:44:09Z<p>JackM: </p>
<hr />
<div><br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
== Meet Your Mentors ==<br />
<br />
TBD - Add short bio and email link<br />
<br />
* Gary O'Neall<br />
* Jack Manbeck<br />
* Dr. Matt Germonprez<br />
* Philipe Ombredanne<br />
<br/><br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents. This can be two seperate projects.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-08T17:43:33Z<p>JackM: /* Background Information */</p>
<hr />
<div><br /><br />
<br />
<br />
<br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
== Meet Your Mentors ==<br />
<br />
TBD - Add short bio and email link<br />
<br />
* Gary O'Neall<br />
* Jack Manbeck<br />
* Dr. Matt Germonprez<br />
* Philipe Ombredanne<br />
<br/><br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents. This can be two seperate projects.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-08T17:42:56Z<p>JackM: /* Meet Your Mentors */</p>
<hr />
<div><br /><br />
<br />
<br />
<br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
== Meet Your Mentors ==<br />
<br />
TBD - Add short bio and email link<br />
<br />
* Gary O'Neall<br />
* Jack Manbeck<br />
* Dr. Matt Germonprez<br />
* Philipe Ombredanne<br />
<br/><br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-08T17:42:19Z<p>JackM: /* SPDX Google Summer of Code 2017 */</p>
<hr />
<div><br /><br />
<br />
<br />
<br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
== Meet Your Mentors ==<br />
<br />
* Gary O'Neall<br />
* Jack Manbeck<br />
* Dr. Matt Germonprez<br />
* Philipe Ombredanne<br />
<br/><br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-08T17:41:54Z<p>JackM: /* SPDX Google Summer of Code 2017 */</p>
<hr />
<div><br /><br />
<br />
= SPDX Google Summer of Code 2017 =<br />
<br />
<br /><br />
<br />
<span style="font-size:150%">'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
== Meet Your Mentors ==<br />
<br />
* Gary O'Neall<br />
* Jack Manbeck<br />
* Dr. Matt Germonprez<br />
* Philipe Ombredanne<br />
<br/><br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackMhttps://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeasGSOC/GSOC ProjectIdeas2017-02-08T17:41:26Z<p>JackM: /* SPDX Google Summer of Code 2017 */</p>
<hr />
<div><br /><br />
<br />
= SPDX Google Summer of Code 2017 =<br />
<br />
<br /><br />
<br />
<span style="font-size:100%">'''Welome to the 2017 SPDX Google Summer of Code Project Page'''</span><br />
<br />
Should you have questions please do not hesitate to contact one of the mentors directly.<br />
<br />
<br /><br />
<br />
__TOC__<br />
<br />
<br /><br />
<br />
== What is SPDX ? ==<br />
<br />
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.<br />
<br />
As part of this effort we have developed a set of collateral that can be used:<br />
<br />
* [https://spdx.org/using-spdx License List and Short Identifiers]<br />
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]<br />
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]<br />
* [https://spdx.org/using-spdx License Identifiers in source]<br />
<br />
== Why choose an SPDX Project? ==<br />
<br />
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.<br />
<br />
<br/><br />
<br />
= Getting Involved =<br />
<br />
Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.<br />
<br />
<br />
== Resources ==<br />
<br />
* [http://spdx.org SPDX website]<br />
* [https://spdx.org/specifications SPDX Specification]<br />
* [https://spdx.org/tools SPDX Workgroup Tools webpage]<br />
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]<br />
<br />
== Meet Your Mentors ==<br />
<br />
* Gary O'Neall<br />
* Jack Manbeck<br />
* Dr. Matt Germonprez<br />
* Philipe Ombredanne<br />
<br/><br />
<br />
= 2017 Projects =<br />
<br />
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.<br />
<br />
==Update Parser Libraries to SPDX 2.0==<br />
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.<br />
===Skills Needed===<br />
* Development skills in the language of choice<br />
* Experience with parser development<br />
* Understanding of RDF and XML<br />
===Background Information===<br />
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[git.spdx.org|SPDX git repository]] SPDX Tools project contains the source code for the libraries.<br />
===Available Mentors===<br />
[mailto:gary@sourceauditor.com Gary O'Neall]<br />
<br />
==Online Validation Tools==<br />
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.<br />
===Skills Needed===<br />
* Software development skills for Web based applications<br />
* Good user interface design skills<br />
===Background Information===<br />
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:germonprez@gmail.com Matt Germonprez]]<br />
<br />
==GIT Plugin to generate SPDX==<br />
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.<br />
===Skills Needed===<br />
* Experience with HTTP and JSON<br />
* Understanding of GIT<br />
* Java and C development experience a plus<br />
<br />
===Background Information===<br />
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents.<br />
<br />
===Available Mentors===<br />
* [mailto:gary@sourceauditor.com Gary O'Neall]<br />
* [mailto:pombredanne@nexb.com Philippe Ombredanne]<br />
<br />
==Source Code Parser==<br />
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also prodcue a score indicating how well documented the licenses are.<br />
===Skills Needed===<br />
* Experience developing parser/scanners<br />
* Understanding of various programming languages<br />
* Java development experience a plus<br />
===Background Information===<br />
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.<br />
===Available Mentors===<br />
[mailto:j-manbeck2@ti.com Jack Manbeck]</div>JackM