THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
General Meeting/Minutes/2019-09-05
From SPDX Wiki
< General Meeting | Minutes
- Attendance: 17
- Lead by Phil Odence
- Minutes of Aug meeting approved
Contents
Special Presentations - Hiro Fukuchi, Sony
- SPDX- Lite
- Open Chain Japan Work Group
- Member companies- Toyota, Denso, Panasonic, Pioneer, Sony, Fujitsu, Olympus, Renesas
- Common Problem- Can’t get OSS information from suppliers (HW vendors, ODMs, SOC, partners…in Asia (China/Taiwan) and Japan
- They don’t have complete information
- Don’t have the tools to generate and evaluate
- SPDX Lite is part of guidelines
- Fits in at a fairly high level of maturity
- OpenChain - “Making Process”
- SPDX (and OSS tooling) - “Improving Process”
- Most suppliers are at low levels of maturity
- Looking not to fork, but to expand usage of SPDX Lite
- Fits in at a fairly high level of maturity
- Lite Description
- Subset of SPDX
- Minimum requirement
- Can be manually generated
- Proved in actual business use
- Scenarios
- 1 Unskilled suppliers
- Useful at a lower level of maturity than SPDX requires
- 2 Non-engineering Staff
- More understandable by Legal and Procurement staff.
- Skilled suppliers would still use full SPDX
- OpenChain compliant suppliers would be sophisticated enough
- 1 Unskilled suppliers
- Question: Is SPDX Lite fully SPDX compliant
- Yes, all mandatory fields are included in SPDX Lite plus some of the optional fields may be included.
- Open Chain Japan Work Group
Tech Team Report - Gary
- Spec
- Being worked in a GitHub repo
- Set up for pull requests for 2.2
- Anyone who has ideas or proposed changes, please submit as a pull request
- One in place is SPDX Lite
- Proposal is as an Appendix
- Thought is a profile for a specific use case
- Could be first of a number of profiles
- Being worked in a GitHub repo
- Tools
- Successful conclusion to GSoC
- All passed
- A number of new libraries including Python, Golang
- Mentors and students were great
- Record number of projects
- Challenge now is integrating and putting into production
- All legal team tools have been submitted as pull requests
- Should be up and running in a month or so.
- All legal team tools have been submitted as pull requests
- Successful conclusion to GSoC
Legal Team Report - Jilayne/Paul/Steve
- Legal Team License Submittal Demo (GSoC)
- Video and minutes available
- Need to update contribution instructions
- Team call today
- License List
- 3.7 release at end of month
- Fewer licenses in release that some recents
- Recent discussions have been more high level on principles than specific licenses
- 3.7 release at end of month
Outreach Team Report - Jack
- Survey
- Has been out for a few months
- 37 responses so far
- Will make one more pass
- Looking at presenting at Gen Meeting in Nov
- Philipe has been talking to the Python community about using SPDX License IDs and expressions in Python package manifest
- Could be a model for other communities
- …some of which have been using formally or informally
- Potentially high leverage
- RUST and Go are using sporadically
- Could be a model for other communities
Cross Functional -
- None
Attendees
- Phil Odence, Black Duck/Synopsys
- Steve Winslow, LF
- Gary O’Neall, SourceAuditor
- Jack Manbeck, TI
- Nicolas Toussaint, Orange
- Mark Atwood, Amazon
- Jilayne Lovejoy, Canonical
- Hiro Fukuchi, Sony
- Shinsuke Kato, Panasonic
- Philippe Ombrédanne- nexB
- Michael Herzog, NexB
- Patrice-Emmanuel Schmitz, Trasys International, European Commission
- Richard Fontana, Red Hat
- Mark Baushke, Juniper
- Paul Madick, Dimension Data
- Nisha Kumar, VMWare
- David Marr, Qualcomm