THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Business Team/Minutes/2011-06-09"

From SPDX Wiki
Jump to: navigation, search
Line 1: Line 1:
<p><strong>Attendees</strong></p><ul><li>Kim Weins</li><li>Pierre Lapointe</li><li>Phil Odence</li><li>Gary O'Neall</li><li>Mark Gisi</li><li>Kate Stewart</li><li>Jilayne Lovejoy</li><li>Steve Cropper</li></ul><p><strong>Agenda</strong></p><ul><li>Beta Updates</li><li>Web Site Review</li><li>Update on spec</li></ul><p>&nbsp;</p><p><strong>Minutes</strong></p><ul><li>Beta Sites<ul><li>Antelink - OpenLogic - OpenLogic is producing files. &nbsp; On track to finish end of June.</li><li>WindRiver - HP&nbsp; -&nbsp; Got the tooling to work (some questions re error messages).&nbsp; Sent the file over and HP was able to review for first package (30 files).&nbsp; Now going to do zlib.&nbsp; Then will do BusyBox and OpenSSL.<ul><li>Some confusion about fitting things in the SPDX package licenses field (declared and concluded licenses for the package).&nbsp; It's hard to say that there is a single license at the package level.&nbsp; Mark thinks that declared license is what people "view" the package as.</li><li>According to Kate -- <ul><li>Declared - what the project says (like in the Copying file)</li><li>All Licenses in Files -- Laundry list of any license detected in file</li><li>Concluded -- what the analyzer concludes - can have ands and ors</li></ul></li><li>Clearly there is still a lot of confusion about these license fields at the package level. </li><li>Kate -asked everybody to read the latest spec to see if it is clear.</li><li></li></ul></li><li></li></ul></li><li>Update on spec -- new draft of spec up there -- needs review</li></ul>
+
<p><strong>Attendees</strong></p><ul><li>Kim Weins</li><li>Pierre Lapointe</li><li>Phil Odence</li><li>Gary O'Neall</li><li>Mark Gisi</li><li>Kate Stewart</li><li>Jilayne Lovejoy</li><li>Steve Cropper</li></ul><p><strong>Agenda</strong></p><ul><li>Beta Updates</li><li>Web Site Review</li><li>Update on spec</li></ul><p>&nbsp;</p><p><strong>Minutes</strong></p><ul><li>Beta Sites<ul><li>Antelink - OpenLogic - OpenLogic is producing files. &nbsp; On track to finish end of June.<ul><li>Will test one with embedded SPDX and one without</li></ul></li><li>WindRiver - HP&nbsp; -&nbsp; Got the tooling to work (some questions re error messages).&nbsp; Sent the file over and HP was able to review for first package (30 files).&nbsp; Now going to do zlib.&nbsp; Then will do BusyBox and OpenSSL.<ul><li>Some confusion about fitting things in the SPDX package licenses field (declared and concluded licenses for the package).&nbsp; It's hard to say that there is a single license at the package level.&nbsp; Mark thinks that declared license is what people "view" the package as.</li><li>According to Kate --at package licenses<br /><ul><li>Declared - what the project says (like in the Copying file)</li><li>All Licenses in Files -- Laundry list of any license detected in file</li><li>Concluded -- what the analyzer concludes - can have ands and ors</li></ul></li><li>Clearly there is still a lot of confusion about these license fields at the package level. </li><li>Kate -asked everybody to read the latest spec to see if it is clear.</li><li>Steve Cropper:&nbsp; They like to be able to look at root supplier and latest supplier for the code</li><li>Tool issues -- are there installability issues?&nbsp; Gary needs to find out more about what Wind River issues are.&nbsp; Wind River had to get someone involved to set up environment.&nbsp; Gary thinks the tools aren't installable enough to be broadly used.&nbsp; Maybe we can set it up on a web site?&nbsp; Kim pointed out that this could require some security requirements.</li></ul></li><li>Motorola - TI<ul><li>Behind plan.&nbsp; Gary hasn't gotten any logistical data and not sure what is happening, but there is some activity with the tools.</li></ul></li></ul></li><li>Update on spec 20110605 -- new draft of spec up on website -- needs review.</li><li>Web site redesign<ul><li>Not much more done yet because team has been busy.&nbsp; Sandbox is set up with Drupal.&nbsp; Team is meeting next week.</li></ul></li><li>Yocto Project<br /><ul><li>Mark talked to the project</li><li>They are building kernel + a bunch of packages (100s </li><li>They are interested because they are part of the family</li><li>They are not in a position to generate content</li><li>But they could take SPDX files associated with the packages used and incorporate it into the build and deliver it with the build.</li><li>Kim: Would it be valuable to be able to aggregate the individual SPDX files together.</li><li>They are looking for us to have content and then they can work with us.</li></ul></li></ul>

Revision as of 15:58, 9 June 2011

Attendees

  • Kim Weins
  • Pierre Lapointe
  • Phil Odence
  • Gary O'Neall
  • Mark Gisi
  • Kate Stewart
  • Jilayne Lovejoy
  • Steve Cropper

Agenda

  • Beta Updates
  • Web Site Review
  • Update on spec

 

Minutes

  • Beta Sites
    • Antelink - OpenLogic - OpenLogic is producing files.   On track to finish end of June.
      • Will test one with embedded SPDX and one without
    • WindRiver - HP  -  Got the tooling to work (some questions re error messages).  Sent the file over and HP was able to review for first package (30 files).  Now going to do zlib.  Then will do BusyBox and OpenSSL.
      • Some confusion about fitting things in the SPDX package licenses field (declared and concluded licenses for the package).  It's hard to say that there is a single license at the package level.  Mark thinks that declared license is what people "view" the package as.
      • According to Kate --at package licenses
        • Declared - what the project says (like in the Copying file)
        • All Licenses in Files -- Laundry list of any license detected in file
        • Concluded -- what the analyzer concludes - can have ands and ors
      • Clearly there is still a lot of confusion about these license fields at the package level.
      • Kate -asked everybody to read the latest spec to see if it is clear.
      • Steve Cropper:  They like to be able to look at root supplier and latest supplier for the code
      • Tool issues -- are there installability issues?  Gary needs to find out more about what Wind River issues are.  Wind River had to get someone involved to set up environment.  Gary thinks the tools aren't installable enough to be broadly used.  Maybe we can set it up on a web site?  Kim pointed out that this could require some security requirements.
    • Motorola - TI
      • Behind plan.  Gary hasn't gotten any logistical data and not sure what is happening, but there is some activity with the tools.
  • Update on spec 20110605 -- new draft of spec up on website -- needs review.
  • Web site redesign
    • Not much more done yet because team has been busy.  Sandbox is set up with Drupal.  Team is meeting next week.
  • Yocto Project
    • Mark talked to the project
    • They are building kernel + a bunch of packages (100s
    • They are interested because they are part of the family
    • They are not in a position to generate content
    • But they could take SPDX files associated with the packages used and incorporate it into the build and deliver it with the build.
    • Kim: Would it be valuable to be able to aggregate the individual SPDX files together.
    • They are looking for us to have content and then they can work with us.