THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2015-07-02

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 15
  • Lead by Phil Odence
  • Minutes of May meeting approved

UNO - Matt Germonprez

  • Tools
    • DoSOCS - evolved from Yacto tool
      • Generalized to create ways of generating SPDX docs from various dev processes
      • Resulted DoSOCS- Ways to scan packages and repos (now source, but in theory binary) to generate SPDX
        • Main use case is generating SPDX 2.0 docs
        • Store in a relational database - trick was mapping obj-oriented SPDX to rel database
        • Very generic. Even on the back end; developed with FOSSology, but could plug in commercial scanners
        • Future- intake of SPDX
        • Idea is that this will eventually pull in all tools Git, Yacto, etc
        • And, can be tied into Jenkins
        • Ultimately will support an enterprise process to maintain a inventory of SPDX docs that come out of their processes
      • Also exploring production of security vulnerability info
        • Looking for where vulnerability info could be stored.
        • Need a spot for CPE (and other common ID standards)
        • Which would allow for vulnerability info
        • Tech team has been pursuing this idea
        • Group needs to address the mission creep issue
    • Git Scanner
      • Analyzes branch and contributes SPDX doc
    • Eclipse Plug In


Tech Team Report - Kate & Gary

  • Proposal for wording on Snippets
    • Up as a Googledoc and available for review
  • Also one for None/No Assertion
  • Some discussion of best practices as well
    • Looking for folks to sign up on the wiki page to write up parts
  • Kicked of discussion Bake Off and what examples to use
  • BillS writing up proposal for including external component identifiers (GAV, CPE, others)
    • General agreement with concept
  • Tools
    • Discussion has been going for a couple months about mapping/reconciling various sources of tools (SPDX group, UNO)
    • Bakeoff at LinuxCon NA (Monday, 8-noon)
      • Will have 2-3 examples
        • Candidates are examples on best practices page
      • Tool providers will provide SPDX docs
      • Should learn a lot from comparisons

Legal Team Report - Paul

  • Putting together rev License List (2.1) including exceptions
    • Lots of new exceptions
  • Mark Gisi is leading exploration of standard headers


Biz Team Report - Jack

  • Working on new guidance pages
    • Phil and Jack have been prototyping
  • LinuxCon
    • Back off Monday
    • Aiming for BoF on Tuesday
    • SPDX talk from Gary (Tues am)
    • Mark will be giving a more general talk that will relate to SPDX (Tues pm)


Cross Functional Topics - Phil

  • Continually looking for presenters for General Meeting


Attendees

  • Phil Odence, Black Duck
  • Mike Dolan, Linux Foundation
  • Mark Gisi, Wind River
  • Scott Sterling, Palamida
  • Gary O’Neill, SourceA
  • Kate Stewart, LF
  • Hassib Khanafer, Protecode
  • Paul Maddick, HP
  • Scott Lamons
  • Jack Manbeck, TI
  • Matt Germonprez, UNO
  • Tom Gurney, UNO
  • Uday Shankar, UNO
  • Michael H- nexB
  • Kirsten Newcomer, Black Duck