THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2016-03-05

From SPDX Wiki

< General Meeting‎ | Minutes

Revision as of 23:03, 4 March 2016 by Podence (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Attendance: 12
Lead by Phil Odence

Minutes of Feb meeting approved

Contents

1 Special Guest Star - Camille Moulin, Inno3
2 Tech Team Report - Kate/Gary
3 Outreach Team Report - Jack
4 Legal Team Report - Jilayne
5 Cross Functional Topics - Phil
6 Attendees

Special Guest Star - Camille Moulin, Inno3

SPDX license list and expressions
- Most dependency management solutions include licensing info
  - So you can extract and process the information
  - Most clients aren’t using this approach, rather they use scanners like Black Duck, Palamida, Protecode
- The dependency manager approach
  - This approach is not as accurate as code scanners
  - No information at the sub level package
  - Depends on quality metadata
- Metadata quality
  - 30% of all packages have no license data
- SPDX Maturity
  - Still a young project
  - License expressions were a key addition
  - Need to be clear on license version numbers
  - SPDX is already adopted by most package manager, particularly newer ones
  - Some useful tools are available
- Q&A
  - What improvements in SPDX are required?
    - He suggest separating License name from version number as separate attributes

Tech Team Report - Kate/Gary

Specification Update:
- meetings over last month spent continuing to refine the External Reference proposal from Bill and Yev.
- Its been refactored a couple of couple of time, and active discussion is ongoing.
- Introduced Draft version of Appendix on how to specify "SPDX-License-Expression:" in file comments.
- Summarized information on WIKI and input received from mail list. Team wants to make sure wording
- at top makes it clear that if a license has a standard header, that header should be used.
Tools Update:
- None this month

Outreach Team Report - Jack

Website
- Still waiting on LF to update
Webinars
- Just starting a regular series of Webinars
- Jilayne was “volunteered” talk about the license list as the initial one
- Talking to LF about hosting

Legal Team Report - Jilayne

Big Update: Templates Rehab
- Have reviewed guidelines and mark-up method and implementation
  - Guidelines were human-friendly, not machine
  - Fairly major overhaul back end
  - Much better handling of single source than was possible with spreadsheet
- Better for machines
- Enabling others to contribute
- Easier to maintain
OSI
- Have synced up our new license process
- Our heads up had been coming late, after their URLs were set up
- Now we can pick short ID first

Cross Functional Topics - Phil

Collab meeting: Walk through of the 2.1 SPEC changes in a combined document.
- All Day Wednesday
- Thursday
  - Morning OpenChain- Trying to wrap up specification effort
  - Afternoon- FOSSology- Working through what’s working/what’s not and infrastructure
- http://events.linuxfoundation.org/events/collaboration-summit/program/about
Google SoC
- SPDX along was not accepted
- LF was, so we may be able to piggyback

Attendees

Phil Odence, Black Duck
Yev Bronshteyn, Black Duck
Kate Stewart, Linux Foundation
Pierre LaPointe, nexB
Jilayne Lovejoy, ARM
Kirsten Newcomer, Black Duck
Mark Gisi, Wind River
Michael Herzog- nexB
Dave Marr, Qualcomm
Jack Manbeck, TI
Camille Moulin, Inno3
Scott Sterling, Palamida

Retrieved from "https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-03-05&oldid=3843"