https://wiki.spdx.org/index.php?action=history&feed=atom&title=General_Meeting%2FMinutes%2F2016-08-04 2026-05-07T17:36:19Z Revision history for this page on the wiki MediaWiki 1.23.13 https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-08-04&diff=3956&oldid=prev 2016-08-30T12:29:38Z

<p>Created page with &quot;* Attendance: 12 * Lead by Phil Odence * Minutes of July meeting approved == Special Guest - Alexios Zavras, Intel == * His role is open source compliance at Intel, based i...&quot;</p> <p><b>New page</b></p><div>* Attendance: 12<br /> * Lead by Phil Odence<br /> * Minutes of July meeting approved<br /> <br /> <br /> == Special Guest - Alexios Zavras, Intel ==<br /> <br /> * His role is open source compliance at Intel, based in Munich<br /> ** Now at open source tech center<br /> ** Will be talking about his previous role with Intel Mobile Comms<br /> * Mobile Comms <br /> ** Based in Germany<br /> ** Germans are very process-oriented, well-documented<br /> * His role was SW legal compliance.<br /> ** Ensuring all software legally compliant across all kinds of software<br /> ** They treat all compliance issues as a bug, just like any problem in the software<br /> ** Alexis learned of SPDX and was very pleased and excited about it<br /> *** Didn’t manage to get everything SPDX based<br /> *** Started slowly<br /> *** SPDX is very valuable at many levels<br /> **** Even just the license list and standard way of expressing was very helpful<br /> **** Quickly standardized on SPDX notations and it started appearing in their documentation etc<br /> ***Included in training that was mandatory for SW devs and later extended to marketing, legal, biz dev<br /> **** Everyone who touches software had to take on-line course with a deeper course available for some<br /> *** Have developed number of tools, tightly coupled with dev environment<br /> **** All developed internally<br /> **** very tightly controlled, eg can’t check out code without a ticket<br /> **** Tool chain includes license compliance<br /> *** Central team provides compliance services to dev<br /> **** too much for all devs to worry about<br /> **** Fits with org structure<br /> **** Internal teams reviews all code<br /> *** Started small, then more widespread and more automated<br /> **** Today every release goes though this license compliance check<br /> **** Requires ‘stamp of approval’ from central team<br /> *** To make the central team more efficient<br /> **** Save all results<br /> **** Including many of the SPDX fields<br /> **** Saved in database<br /> *** Last step, not yet taken, is to generate an SPDX doc for each release<br /> **** Just held up by organizational issues, technically feasible<br /> **** Being worked on<br /> **** Have started getting the request from customers<br /> ***** Not mentioning SPDX by name, have not seen that yet,<br /> ***** but asking for data that SPDX covers, files, license, etc<br /> ***** (both are with Euro customers)<br /> *** When they generate SPDX<br /> **** Permissive license require attribution<br /> **** They’ve had an issue with that going back 5 years<br /> **** Their policy to handle is to deliver all OSS in source form<br /> **** So, therefore include attribution in comments<br /> **** They include a list of open source and model licenses, but the attribution is all in source code<br /> *** Example- Modem company<br /> **** Intel provides chips and software in binary form<br /> **** Packaging: With binary they include <br /> ***** all source for open source in binary<br /> ***** And, list of conditions for any 3td party proprietary code<br /> *** Are they being asked for security vulnerabilities associated with components<br /> **** Not yet, but they are thinking about it with respect to naming (CPEs, etc)<br /> * AZ- “Thanks for the wonderful work. It’s really helpful.”<br /> <br /> <br /> == Tech Team Report - Kate ==<br /> <br /> * Spec<br /> ** Collecting feedback<br /> ** Addressing as it comes it<br /> * Gary has taken a pass at updating tools<br /> * In the polishing stage<br /> ** One more round of feedback<br /> ** Into publishing mode as of Tuesday<br /> * Bake Offs<br /> ** Possible SF 9/27 and Europe at LCon<br /> ** Needs to be nailed down in the next couple week.<br /> <br /> == Outreach Team Report - Jack ==<br /> <br /> * Website<br /> ** Still working this week<br /> ** Will review at next week’s meeting<br /> ** Should be close with go live; shooting for Linux Con NA<br /> ** Still looking for some improvements that will require work from the Linux Foundation team<br /> *** No show stoppers<br /> ** Will send out link for review<br /> <br /> == Legal Team Report - Jilayne ==<br /> <br /> * XML review<br /> ** Still plugging away<br /> ** Timeline set<br /> * 2.5 release<br /> ** Just a few licenses<br /> ** Aiming for end of Oct<br /> ** See Legal Team meeting mins for detail<br /> ** Could use all the help they can get; lots to do<br /> *** To review new XML master format for every license<br /> <br /> <br /> == Cross Functional Topics - Phil ==<br /> <br /> * Guest stars<br /> ** Always looking for more<br /> <br /> <br /> <br /> == Attendees ==<br /> <br /> * Phil Odence, Black Duck<br /> * Alexios Zavras, Intel<br /> * Kate Stewart, Linux Foundation<br /> * Jilayne Lovejoy, ARM<br /> * Scott Sterling, Palamida<br /> * Robin Gandhi, UNO<br /> * Jack Manbeck, TI<br /> * Yev Bronshteyn, Black Duck<br /> * Matt Germonprez, UNO<br /> * Michael Herzog- nexB<br /> * Georg Link, UNO<br /> * Mike Dolan, Linux Foundation<br /> <br /> <br /> <br /> [[Category:General|Minutes]]<br /> [[Category:Minutes]]</div>

Podence