https://wiki.spdx.org/api.php?action=feedcontributions&user=Jnweiger&feedformat=atomSPDX Wiki - User contributions [en]2024-03-28T14:03:10ZUser contributionsMediaWiki 1.23.13https://wiki.spdx.org/view/General_Meeting/Minutes/2011-06-16General Meeting/Minutes/2011-06-162011-06-29T21:56:23Z<p>Jnweiger: </p>
<hr />
<div><p>Attendance: 11<br />Minutes for 20110602 approved<br />&nbsp;&nbsp;&nbsp;&nbsp; <br /><strong>Technical Team Report - Kate<br /></strong></p><ul><li>Tools: Updating tools as needed</li><li>Spec: Working minor changes to June 5 version of the spec</li><li>Spec: Have had interesting discussions with Cisco about mapping SPDX to their current process. Expect that new fields and possibly new models will come out of this discussion</li><li>Beta feedback: Looking for place to collect/present feedback. Would like to be sure we capture feedback even for items we've resolved. Kim plans to create wiki page.</li></ul><br />
<br />
<p><strong>Business Team Report - Kim</strong></p><br />
<ul><li>Beta program:<br /><ul><li>HP/WindRiver &amp; OL/Antelink continue to make progress</li><li>Motorola/TI progress is not yet clear</li><li>There's been some confusion over license fields at package level. A wiki discussion on this topic can be found here: http://spdx.org/wiki/license-field-discussion</li></ul></li><li>GA Launch:<ul><li>Continue to work to get ready for launch at LinuxCon NA in mid-August</li></ul></li></ul><br />
<br />
<p><strong>Legal Team Report - In absentia<br /></strong></p><br />
<ul><li>All legal team members are at a separate face-to-face meeting and unable to attend this meeting</li></ul><br />
<br />
<p><strong>Cross Functional Issues – Discussion</strong></p><br />
<ul><li>Website update- Kirsten<br />
<ul><li>Working on mind-maps for proposed flow; plan to present more generally in next few weeks</li><li>Logistical question from Kim: should we remove or archive older content? <br /><ul><li>Both options are available; deleting won't create orphaned pages</li><li>Will likely decide on case-by-case basis</li></ul></li></ul></li><li>Package License fields - Postponed until next meeting since legal team not present this week</li></ul><br />
<br />
<p><strong>Open Action Items</strong></p><br />
<ul><li>MartinM- Report back on # of people on respective mailing lists. ONGOING</li><li>Kim -- share Biz Team proposed process for adding licenses to SPDX list more broadly</li><li>Michael H. -- provide info on existing BOM standards that should be useful for future consideration</li><li>Legal/Biz Teams- Review and update Master Schedule</li><li>?? -- volunteers needed to review and update the FAQ: <a title="http://spdx.org/wiki/draft-spdx-faq" href="wiki/draft-spdx-faq">http://spdx.org/wiki/draft-spdx-faq</a></li></ul><p class="p1"><strong>Attendees</strong></p><br />
<ul class="ul1"><li class="li2">Kirsten Newcomer, Black Duck Software</li><li class="li2">Kim Weins, OpenLogic</li><li class="li2">Peter Williams, OpenLogic</li><li class="li2">Bill Schineller, Black Duck Software</li><li class="li2">Gary O'Neall, Source Auditor</li><li>Martin Michlmayr, HP</li><li>Kate Stewart, Canonical</li><li>Brandon Robinson, Cisco</li><li>Tom Incorvia, Microfocus</li><li>Phil Koltun, Linux Foundation</li><li>Juergen Weigert, SuSE</li></ul></div>Jnweigerhttps://wiki.spdx.org/view/General_Meeting/License_Field_DiscussionGeneral Meeting/License Field Discussion2011-06-10T19:02:47Z<p>Jnweiger: oops, this should have been a comment, not an edit.</p>
<hr />
<div><p>There have been multiple discussions in different working groups about the nomenclature, meaning and intent of the package license fields. To ensure we are all on the right page, we want ot have some wiki-based discussion about the fields with perhaps some examples and use cases tha that we can capture for documentation, FAQs, etc. We may need to go thru this same exercise at the file level, but let's start here.&nbsp;</p><p>Below is extracted (though for simplicity, not 100% complete) text from the June 5 rev of the spec (http://www.spdx.org/wiki/spdx/specification). Please make comments or ask questions and identify yourself.</p><p style="padding-left: 30px;"><em>4.9 Declared License</em></p><p style="padding-left: 60px;"><em>4.9.1 Purpose:&nbsp;<span style="font-family: Helvetica;">This field lists the licenses that have been declared by the authors of the package. Any license information that does not originate from the package authors, e.g. license information from a third party repository, should not be included in this field...</span></em></p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p style="padding-left: 60px;"><em><span style="font-family: Helvetica;">4.9.2 Intent:&nbsp;</span><span style="font-family: Helvetica;">This is simply the license identified in text in the actual package source code files. This field is not intended to capture license information obtained from an external source, such as the package website. Such information can be included in 4.7 Concluded License. This field may have multiple declared licenses, if multiple licenses are declared at the package level...</span></em></p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p style="padding-left: 30px;"><em>4.7 Concluded License</em></p><p style="padding-left: 60px;"><em>4.7.1 Purpose:&nbsp;<span style="font-family: Helvetica;">T</span><span style="font-family: Helvetica;">This field contains the license the creator has concluded as governing the package or alternative values, if the governing license cannot be determined...</span></em></p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p style="padding-left: 60px;"><em><span style="font-family: Helvetica;">4.7.2 Intent:&nbsp;</span><span style="font-family: Helvetica;">Here, the intent is to have the reviewer analyze the license information in package, and other objective information, e.g., COPYING.txt file etc., together with the results from any scanning tools, to arrive at a reasonably objective conclusion as to what license governs the package.</span></em></p><p>So, what do you think?&nbsp;</p><p style="padding-left: 30px;">Is the distinction clear between the two fields?</p><p style="padding-left: 30px;">Are both useful?</p><p style="padding-left: 30px;">Can you provide examples of where they are useful?</p><p style="padding-left: 30px;">Do you have an example that raises issues?</p><p>&nbsp;</p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--></div>Jnweigerhttps://wiki.spdx.org/view/General_Meeting/License_Field_DiscussionGeneral Meeting/License Field Discussion2011-06-10T16:13:07Z<p>Jnweiger: </p>
<hr />
<div><p>There have been multiple discussions in different working groups about the nomenclature, meaning and intent of the package license fields. To ensure we are all on the right page, we want ot have some wiki-based discussion about the fields with perhaps some examples and use cases tha that we can capture for documentation, FAQs, etc. We may need to go thru this same exercise at the file level, but let's start here.&nbsp;</p><p>Below is extracted (though for simplicity, not 100% complete) text from the June 5 rev of the spec (http://www.spdx.org/wiki/spdx/specification). Please make comments or ask questions and identify yourself.</p><p style="padding-left: 30px;"><em>4.9 Declared License</em></p><p style="padding-left: 60px;"><em>4.9.1 Purpose:&nbsp;<span style="font-family: Helvetica;">This field lists the licenses that have been declared by the authors of the package. Any license information that does not originate from the package authors, e.g. license information from a third party repository, should not be included in this field...</span></em></p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p style="padding-left: 60px;"><em><span style="font-family: Helvetica;">4.9.2 Intent:&nbsp;</span><span style="font-family: Helvetica;">This is simply the license identified in text in the actual package source code files. This field is not intended to capture license information obtained from an external source, such as the package website. Such information can be included in 4.7 Concluded License. This field may have multiple declared licenses, if multiple licenses are declared at the package level...</span></em></p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p style="padding-left: 30px;"><em>4.7 Concluded License</em></p><p style="padding-left: 60px;"><em>4.7.1 Purpose:&nbsp;<span style="font-family: Helvetica;">T</span><span style="font-family: Helvetica;">This field contains the license the creator has concluded as governing the package or alternative values, if the governing license cannot be determined...</span></em></p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p style="padding-left: 60px;"><em><span style="font-family: Helvetica;">4.7.2 Intent:&nbsp;</span><span style="font-family: Helvetica;">Here, the intent is to have the reviewer analyze the license information in package, and other objective information, e.g., COPYING.txt file etc., together with the results from any scanning tools, to arrive at a reasonably objective conclusion as to what license governs the package.</span></em></p><p>So, what do you think?&nbsp;</p><p style="padding-left: 30px;">Is the distinction clear between the two fields?</p><p style="padding-left: 30px;">Are both useful?</p><p style="padding-left: 30px;">Can you provide examples of where they are useful?</p><p style="padding-left: 30px;">Do you have an example that raises issues?</p><p>jw@suse.de (2011-06-10):</p><p style="padding-left: 30px;">The distinction is useful and important. Reading 4.9.2, I am surprised to it defined based on all source code files. For any bigger package, this is going to be many licenses. The better the scanning tool, the more get added here. The name declared license implies to me, the license that the autho would use when talking about his work. Simplicity would be paramount. Example: Ask the FSF about gcc-4.5, they would respond with "GPL-3.0+". This is what I'd call the declared license. Going into the files with a scanner&nbsp; I get a collection like this "GPL-2.0+; GPL-2.0+(with linking); X11-MIT; LGPL-2.1+; LGPL-2.1+(with linking); BSD-3-Clause; GFDL-1.2; GFDL-1.1; Public-Domain; Zlib-License; EPL-1.0; BSD-4-Clause(UCB)". Is this the declared license? </p><p style="padding-left: 30px;">If so, we'd need a third field to grasp the simplified concept that "gcc-4.5 is said to be under GPL-3.0+" The usefulness of this inaccuracy is it simplicity. But then, three fields "for basically the same thing" may already be too many, and thus become confusing again.</p><p style="padding-left: 30px;">4.7. is per definition opinionated. It should always be clear, who is the respective reviewer; Would the Schema allow this field multiple times, in case we want to document differning conclusions from multiple reviewers?</p><p>---</p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p>&nbsp;</p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p>&nbsp;</p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--><br />
<br />
<br />
<p>&nbsp;</p><br />
<!--<br />
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}<br />
--></div>Jnweiger