GSOC/GSOC ProjectIdeas

2017-03-29T14:49:03Z

Pombredanne: Refinements and formatting.

'''Welcome to the 2017 SPDX Google Summer of Code Project Page'''

Should you have questions please do not hesitate to contact one of the mentors directly.

 

__TOC__

 

== What is SPDX ? ==

First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.

As part of this effort we have developed a set of collateral that can be used:

* [https://spdx.org/using-spdx License List and Short Identifiers]
* [https://spdx.org/using-spdx SPDX Specification for generating SPDX Doucments in either RDF or Tag/Value format]
* [https://spdx.org/tools A set of basic tools for working with SPDX Documents]
* [https://spdx.org/using-spdx License Identifiers in source]

== Why choose an SPDX Project? ==

Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.

 

= Getting Involved =

Beyond working wth your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list (see resources). There is however a weekly call you could join as well. All of the daily work for the Tech team is done on this wiki.

== Resources ==

* [http://spdx.org SPDX website]
* [https://spdx.org/specifications SPDX Specification]
* [https://spdx.org/tools SPDX Workgroup Tools webpage]
* [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list]

= 2017 Projects =

These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX and increase the accuracy of the SPDX documents.

==Update Parser Libraries to SPDX 2.0==
Update one of the SPDX language libraries to the SPDX 2.0 specification. The SPDX 2.0 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.

===Skills Needed===
* Development skills in the language of choice (e.g. Java or Python or Go)
* Experience with parser development
* Understanding of RDF and XML

===Background Information===
SPDX currently provides libraries supporting the reading and writing of SPDX document. Currently, only Java libraries support the new SPDX 2.0 specification. The Python and GO libraries support version 1.2 of the spec. The libraries must support both RDF/XML import/export as well as tag/value import/export. The [[https://github.com/spdx/|SPDX git repository]] SPDX Tools project contains the source code for the libraries.

===Available Mentors===
[mailto:gary@sourceauditor.com Gary O'Neall] Java
[mailto:pombredanne@gmail.com Philippe Ombredanne] Python and Go

==Online Validation Tools==
Create a web accessible tool for validating SPDX documents. Validation goals will need to be further defined but should include syntax checks for field names and inclusion of all required fields. Note that SPDX documents can be in one of two formats: RDF and Tag/Value.

===Skills Needed===
* Software development skills for Web based applications
* Good user interface design skills
* This could be written in any of Python, JavaScript or Java

===Background Information===
An online form which allows the uploading, parsing, and validation of SPDX would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java library which could be used in the project. Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. Additional online tools could also be added, such as document format conversion and reporting/pretty printing.

As a bonus or separate project, this could include providing a UI and an API for SPDX expression validation.

===Available Mentors===
* [mailto:gary@sourceauditor.com Gary O'Neall]
* [mailto:germonprez@gmail.com Matt Germonprez]]
* [mailto:pombredanne@nexb.com Philippe Ombredanne]

==GIT Plugin to generate SPDX==
Create a GIT Plugin that can generate an SPDX Document with just the required fields from a GIT.

===Skills Needed===
* Experience with HTTP and JSON
* Understanding of GIT
* Python or Java or C

===Background Information===
This project is to look at either a GIT hook or interfacing to GitHub to generate SPDX documents. This can be two separate projects.

===Available Mentors===
* [mailto:gary@sourceauditor.com Gary O'Neall]
* [mailto:pombredanne@nexb.com Philippe Ombredanne]

==Source Code Parser==
Create a tool which will parse source code and create an SPDX document based on SPDX standard license identifiers found in the source code, licenses found and copyrights found. The tool will also produce a score indicating how well documented the licenses are.

===Skills Needed===
* Experience developing parser/scanners
* Understanding of various programming languages
* Python or Java development experience a plus

===Background Information===
There is a proposal to add [[Technical_Team/SPDX_Meta_Tags|Meta Tags]] in source code comments. Once these license ID's have been produced, this tool could scan the source code for the meta tags and create the appropriate SPDX document. There is no language requirement, however there are existing Java libraries which could help build the SPDX document.

===Available Mentors===
* [mailto:gary@sourceauditor.com Gary O'Neall]
* [mailto:j-manbeck2@ti.com Jack Manbeck]

==License Coverage Grader ==
Create a tool which will take an SPDX document and pointer to the original source files, and determine a "grade" to quantify how complete the licensing information is at the file level for the code represented by the SPDX document.

===Skills Needed===
* Experience with Python
* Understanding of various programming languages and mime types
* Familiarity with SPDX specification is a plus

===Background Information===
There have been several talks about the need for a package level License Coverage Grade. This project will come up with an initial set of heuristics based on MIME types for what file types should have automatically detectable license identifiers. Then create a command line tool that will accept and parse an SPDX document and a pointer to sources that created it, and come up with license coverage "grade" for the package.

===Available Mentors===
* [mailto:kstewart@linuxfoundation.org Kate Stewart]
* [mailto:pombredanne@nexb.com Philippe Ombredanne]

Old/Linux Collaboration Summit 2011

2011-03-31T01:39:53Z

Pombredanne:

The <a href="http://events.linuxfoundation.org/events/collaboration-summit">Linux Collaboration Summit</a> is in San Francisco, April 6-8. The SPDX <a href="http://events.linuxfoundation.org/events/collaboration-summit/spdx-technical">Technical</a> and <a href="http://events.linuxfoundation.org/events/collaboration-summit/spdx-business">Business</a> teams will be holding face to face meetings. If you would like to participate, please <a href="http://www.regonline.com/Register/Checkin.aspx?EventID=923747">request an invitation</a> to the event from the Linux Foundation. If you alert Phil Koltun pkoltun@linuxfoundation.org that you have requested an invitation because you are interested in SPDX parrticipation, he can streamline the approval process. And, if you are coming, please edit your name into the RSVP list(s) below: I'm coming to the SPDX Technical Team Face to Face:<ul><li>Kate Stewart, Canonical</li><li>Phil Odence, Black Duck Software</li><li>Phil Koltun, Linux Foundation</li><li>Peter Williams, OpenLogic</li><li>Michael Herzog, nexB</li><li>Gary O'Neall, Source Auditor</li><li>Kirsten Newcomer, Black Duck Software</li><li>Kim Weins, OpenLogic</li><li>Philippe Ombredanne, nexB</li></ul>I'm coming to the SPDX Business Team Face to Face:<ul><li>Kim Weins, Open Logic</li><li>Phil Odence, Black Duck Software</li><li>Phil Koltun, Linux Foundation</li><li>Pierre Lapointe, nexB</li><li>Michael Herzog, nexB</li><li>Gary O'Neall, Source Auditor</li><li>Kate Stewart, Canonical</li><li>Kirsten Newcomer, Black Duck Software</li><li>Scott Lamons, HP Open Source Program Office</li><li>Peter Williams, OpenLogic</li><li>Philippe Ombredanne, nexB</li></ul>

SPDX Wiki - User contributions [en]

GSOC/GSOC ProjectIdeas

Old/Linux Collaboration Summit 2011