Podence: Created page with "* Attendance: 13 * Lead by Phil Odence * Minutes of June meeting approved == Special Guest - Sam Ellis, ARM == * Sam works in ARM’s Cambridge HQ SW Engineer/Mgr No..."

2016-07-07T15:45:02Z

Created page with "* Attendance: 13 * Lead by Phil Odence * Minutes of June meeting approved == Special Guest - Sam Ellis, ARM == * Sam works in ARM’s Cambridge HQ ** SW Engineer/Mgr ** No..."

New page

* Attendance: 13
* Lead by Phil Odence
* Minutes of June meeting approved

== Special Guest - Sam Ellis, ARM ==

* Sam works in ARM’s Cambridge HQ
** SW Engineer/Mgr
** No legal training
** Has gotten involved just as part as his job
** Now acts as bridge between dev and legal teams
* They use a license scanning tool
** That’s the implementation of SPDX
** Keen on the license list for name consistency
** And using SPDX basis of repository of data about open source in products
* Dev process
** Similar to most
** Are careful to separate out open source archive
*** Basis of license scanning
*** Develop an SPDX tag format report for each product
* Legal Approval Process
** They use a custom tool internally
** When open source comes into the company, they assess risk
** Recently put a new system in place
*** Asks the type of questions that SPDX captures
**** Package name, licenses, copyright notices, where downloaded, etc.
*** Goal is to to eventually import/export SPDX for this purposes
** Tracks OSS use cases
* Two systems using
** Approval process
** Data from the build
** Will eventually try to compare to ensure sync
*** Can be hard to maintain, particularly when removing stuff.
* Sam’s projects use and exceptionally large amount of OSS
** Need to explain to customers
** Ideally would like to auto-gen the list of licenses they publish
*** Practical Problem: They don’t want to declare all
**** For example, disjunctive license, may only want declare one
* Would like to ship SPDX
** Need to work out how much to declare
** They get a lot of queries
*** Concern is does providing more info, generate more queries
** * Certainly they feel that SPDX is the right format
* Observations
** Tag file is large - 130 MB for one product
*** Too large to ship, but could include on website
*** Too much info to be comprehensible
** People who need to use, don’t have the tools
*** Need something that can open and filter/summarize
* Learning
** In the past have developed one big SPDX file
** Probably a mistake, should have broken it down
* Discussion
** Tooling- perhaps the convertor to spreadsheet
** Supply chain partners are really interested in use cases, not just what’s in product
** Any sharing SPDX docs within company yet? - No, not yet.

== Tech Team Report - Kate/Gary ==

* Spec
** 2.1 draft is out for review
*** open until the end of the month
*** assuming no show stoppers, that should be it
* Tooling
** Started updating for 2.1 last week
** External references implementation taking more time than anticipated
** Tooling first pass should be ready with 2.1 release timeframe
** Gary is keen for feedback on our tools and any issues in implementing other tools

== Outreach Team Report - Jack ==

* Website
** Very close to wrapping up
** Looking at final review next week

== Legal Team Report - Jilayne ==

* XML templates
** Review continuing
** Call today will checkpoint where we are and remaining work
* 2.5 list release
** Should be live in the next day or two
** Not too many new licenses

== Cross Functional Topics - Phil ==

* Guest stars
** Always looking for more
* LinuxCon
** Looks light nothing official

== Attendees ==

* Phil Odence, Black Duck
* Kate Stewart, Linux Foundation
* Jilayne Lovejoy, ARM
* Scott Sterling, Palamida
* Robin Gandhi, UNO
* Jack Manbeck, TI
* Yev Bronshteyn, Black Duck
* Gary O’Neill, SourceAuditor
* Mark Gisi, Wind River
* Dave Marr, Qualcomm
* Matt Germonprez, UNO
* Michael Herzog- nexB
* Sam Ellis, ARM

[[Category:General|Minutes]]
[[Category:Minutes]]

General Meeting/Minutes/2016-07-07 - Revision history

Podence: Created page with "* Attendance: 13 * Lead by Phil Odence * Minutes of June meeting approved == Special Guest - Sam Ellis, ARM == * Sam works in ARM’s Cambridge HQ ** SW Engineer/Mgr ** No..."

Podence: Created page with "* Attendance: 13 * Lead by Phil Odence * Minutes of June meeting approved == Special Guest - Sam Ellis, ARM == * Sam works in ARM’s Cambridge HQ SW Engineer/Mgr No..."