General Meeting/Minutes/2021-08-05

• Attendance: 29
• Lead by Gary O’Neall
• Minutes of July meeting Approved

New License Matching Library

• Presented by Mikihito Matsuura
• Slides: https://docs.google.com/presentation/d/10n5CSE_LP0HDznhb6_P6zmyA4QpKJX3b_VhOvnF3nuk/edit?usp=sharing
• PyPI: https://pypi.org/project/yalm/
• GitHub repo: https://github.com/m1kit/yalm-python/
• GitHub resources repo: https://github.com/m1kit/yalm-resources/tree/dist
• Uses 2 step process, word matching, then regex
• Looking to extend beyond python, to ruby, etc.
• Proposal JSON format for template – Should we standardize JSON?
• Vulnerable regexes in templates – regex matches may match unintended text
• What about a ML engine? Its focus is actual match rather than detection.
  • Goal is license matching, not license detection
• Which matching guidelines are covered and which still needs to be implemented
  • Some are not covered
  • Suggest documenting which matching guidelines are not implemented
  • Perhaps tune the matching guidelines and license templates
• Use of the XML format
  • XML is used as input
• Additional questions and follow-up on a joint technical-legal team
• Suggestion PyPI should have spdx- in the name -

Validate and Generate multiple representations of specifications

• Presented by Nirmal Praveen Suthar
• Slides: https://docs.google.com/presentation/d/17xrxcJ-74DfFmdZl99ogZTWa-MOgKuKW1PH6Qq5C4sg/edit?usp=sharing
• Relevant links:
  • Parser: https://github.com/spdx/spec-parser
  • spec-v3-template example: https://github.com/spdx/spec-v3-template* Populates internal graph structure, namespace model. LALR is sufficient, but opportunity for improvement.
• Generate a JSON Representation of the Specification from Structured Markdown
• Transforms spec into “pretty markdown” and RDF OWL – the latter can be used to generate other schemas used by tools
• Validation and report of errors
• Reduce redundancy (e.g. handling defaults)
• Adds reference sections

Outreach Team Report - Sebastian/Jack

• Weekly meetings – Moved to Wednesday
• Update WikiPedia entry – currently terribly out of day
• Will start with Podcasts
• Follow-up with RSS feeds
• Updates for the Wordpress website – will be a topic for the next meeting
• IRC is up and running and doing well
• Please take the SBOM readiness survey: https://www.linuxfoundation.org/press-release/linux-foundation-research-announces-software-bill-of-materials-sbom-readiness-survey/
• Upcoming “town hall” will discuss tooling – see https://events.linuxfoundation.org/supply-chain-town-hall/program/schedule/
• DOCFest September 16 – see https://lists.spdx.org/g/Spdx-tech/message/4142

Legal Team Report - Jilayne/Paul/Steve

• Next team call today – issues pending for release
• Next release is expected Saturday or Sunday
• Nothing technical expected in this release

Tech Team Report - Kate/Gary/Others

• Specification – continuing to work through element and document interaction and modeling as well as identifier naming
  • Making progress on 3.0

Other Topics

None

Attendees

• Kate Stewart
• Maximilian Huber -
• Sebastian Crane
• Tony Aiuto
• David Edelsohn
• Gary O'Neall
• Christopher Lusk -
• Philippe-Emmanuel Douziech
• Mikihito Matsuura (GSoC student)
• Marc-Etienne Vargenal
• Brad Goldring
• Alexios Zavras
• Rich Steenwyk
• Nirmal Suthar (GSoC student)
• Joshua Marpet
• Andrew Jorgensen (AWS)
• Christian Long
• Tiberius Hefflin
• Paul Madick
• Anshul
• Jack Manbeck
• Christina
• Jeff Schutt (Cisco)
• Jilayne Lovejoy
• Steve Winslow
• Christian Long
• Emmerich
• 2 people on phone where we did not catch the names