THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
General Meeting/Minutes/2015-11-05
From SPDX Wiki
< General Meeting | Minutes
- Attendance: 12
- Lead by Phil Odence
- Minutes of Oct meeting approved/
Contents
Siemens - Oliver Fendt
- Open Source Group
- Deals with compliance issues
- Made up of members from all parts of the company
- Has been going for 2.5 years
- Recognized SPDX early in their existence
- Took a close look
- First interest was in the license list
- Requested some license for list; some successful, some not
- Participated in discussion about how to handle license exceptions
- SPDX 2.0 was coming on line
- Voted internally to adopt SPDX
- And to start requiring SPDX docs from their suppliers
- Got involved with FOSSology
- Implemented initial SPDX 2.0 in FOSSology
- Just RDF, not yet Tag Value
- Implemented initial SPDX 2.0 in FOSSology
- Became aware of process of development of standard
- Concerned about the direction, specifically snippet discussion
- Concerns that it contradicts vision/mission
- Minimizing costs across the supply chain
- Concerned that granularity of snippets and that it’s hard to say, unless you are the developer
- So, worries about usability
- And that it adds interpretation, for example, Black Duck Protex requires the human to interpret
- Also, since there is no open source tool that does snippets, adoption may be limited
- Would be interested in adding other sorts of information like ECC info
- They are currently using the latest/greatest FOSSology and encouraging suppliers to do same
- Starting to see projects using SPDX short IDs in files
- Suppliers normally don’t deliver source code; Siemens requires that they assert that the comply w/copyrights
- So they typically don’t scan source.
- They use FOSSo
- And they encourage SPDX to supply the info
Tech Team Report - Kate/Gary
- Busy refining external identifiers proposal
- Aim was a single field
- Thought is to break into multiple fields, source of identifier and the domain
- Wrestling with the difference between security IDs (NVD/CPE) and repos (e.g. Debian)
- Also, recently revisited snippets proposal
- Now is a good time to weigh in.
- Tools
- Active; Sebastian Schubert has been a big contributor recently
- Mostly fixes
- 2.1 will add some work
- UNO repos also very active
- Active; Sebastian Schubert has been a big contributor recently
Legal Team Report - Jilayne
- Cross functional work with tech team on templates and matching
- recent joint call, apologies for 10 person limit on call; will address
- Looking to change maintenance process
- Lots of good discussion about implementing matching guidelines
- plan is for another joint call in early December
Biz Team Report - Jack
- Working with LF on a new look feel for website
- In parallel, changing some of the navigation.
- Looks like it’s been delayed, so probably 2-3 weeks before rollout
- Some progress already; looking good so far
- In process of changing name of team to Outreach Team
- Will roll out with new website
- Eclipse Foundation
- Might be interesting group to speak with about SPDX
Cross Functional Topics - Phil
- See Jack’s brief blog on SPDX.org pointing must read blog by Eric Raymond on SPDX
Attendees
- Phil Odence, Black Duck
- Oliver Fendt, Siemens
- Tarek Jomaa. ARM
- Gary O’Neill, SourceAuditor
- Jilayne Lovejoy, ARM
- Jack Manbeck, TI
- Richard Christie, ARM
- Pierre LaPointe, nexB
- Sami Atabani, ARM
- Kate Stewart, Linux Foundation
- Michael Herzog- nexB
- Scott Sterling, Palamida