Podence: Created page with "* Attendance: 15 * Lead by Phil Odence * Minutes of May meeting approved == UNO - Matt Germonprez == * Tools DoSOCS - evolved from Yacto tool * Generalized to create ..."

2015-07-02T15:48:07Z

Created page with "* Attendance: 15 * Lead by Phil Odence * Minutes of May meeting approved == UNO - Matt Germonprez == * Tools ** DoSOCS - evolved from Yacto tool *** Generalized to create ..."

New page

* Attendance: 15
* Lead by Phil Odence

* Minutes of May meeting approved

== UNO - Matt Germonprez ==

* Tools
** DoSOCS - evolved from Yacto tool
*** Generalized to create ways of generating SPDX docs from various dev processes
*** Resulted DoSOCS- Ways to scan packages and repos (now source, but in theory binary) to generate SPDX
**** Main use case is generating SPDX 2.0 docs
**** Store in a relational database - trick was mapping obj-oriented SPDX to rel database
**** Very generic. Even on the back end; developed with FOSSology, but could plug in commercial scanners
**** Future- intake of SPDX
**** Idea is that this will eventually pull in all tools Git, Yacto, etc
**** And, can be tied into Jenkins
**** Ultimately will support an enterprise process to maintain a inventory of SPDX docs that come out of their processes
*** Also exploring production of security vulnerability info
**** Looking for where vulnerability info could be stored.
**** Need a spot for CPE (and other common ID standards)
**** Which would allow for vulnerability info
**** Tech team has been pursuing this idea
**** Group needs to address the mission creep issue
** Git Scanner
*** Analyzes branch and contributes SPDX doc
** Eclipse Plug In

== Tech Team Report - Kate & Gary ==

* Proposal for wording on Snippets
** Up as a Googledoc and available for review
* Also one for None/No Assertion
* Some discussion of best practices as well
** Looking for folks to sign up on the wiki page to write up parts
* Kicked of discussion Bake Off and what examples to use
* BillS writing up proposal for including external component identifiers (GAV, CPE, others)
** General agreement with concept
* Tools
** Discussion has been going for a couple months about mapping/reconciling various sources of tools (SPDX group, UNO)
** Bakeoff at LinuxCon NA (Monday, 8-noon)
*** Will have 2-3 examples
**** Candidates are examples on best practices page
*** Tool providers will provide SPDX docs
*** Should learn a lot from comparisons

== Legal Team Report - Paul ==

* Putting together rev License List (2.1) including exceptions
** Lots of new exceptions
* Mark Gisi is leading exploration of standard headers

== Biz Team Report - Jack ==

* Working on new guidance pages
** Phil and Jack have been prototyping
* LinuxCon
** Back off Monday
** Aiming for BoF on Tuesday
** SPDX talk from Gary (Tues am)
** Mark will be giving a more general talk that will relate to SPDX (Tues pm)

== Cross Functional Topics - Phil ==

* Continually looking for presenters for General Meeting

== Attendees ==

* Phil Odence, Black Duck
* Mike Dolan, Linux Foundation
* Mark Gisi, Wind River
* Scott Sterling, Palamida
* Gary O’Neill, SourceA
* Kate Stewart, LF
* Hassib Khanafer, Protecode
* Paul Maddick, HP
* Scott Lamons
* Jack Manbeck, TI
* Matt Germonprez, UNO
* Tom Gurney, UNO
* Uday Shankar, UNO
* Michael H- nexB
* Kirsten Newcomer, Black Duck

[[Category:General|Minutes]]
[[Category:Minutes]]

General Meeting/Minutes/2015-07-02 - Revision history

Podence: Created page with "* Attendance: 15 * Lead by Phil Odence * Minutes of May meeting approved == UNO - Matt Germonprez == * Tools ** DoSOCS - evolved from Yacto tool *** Generalized to create ..."

Podence: Created page with "* Attendance: 15 * Lead by Phil Odence * Minutes of May meeting approved == UNO - Matt Germonprez == * Tools DoSOCS - evolved from Yacto tool * Generalized to create ..."