THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Business Team/Minutes/2012-01-19"

From SPDX Wiki
Jump to: navigation, search
Line 1: Line 1:
<p><strong>Attendees</strong></p><ul><li>Kim Weins</li><li>Chuck Gaudreau</li><li>Gary O'Neill</li><li>Scott Lamons</li><li>Jilayne Lovejoy</li></ul><p><strong>Agenda</strong></p><ul><li>Web Site</li><li>Update on CC0 "license" feedback</li><li>EclipseCon BOF</li><li>Software Supply Chain Summit</li><li>License List Process</li><li></li></ul><p><strong>Notes</strong></p><ul><li>Web site training</li><ul><li>Steve Cropper and Pierre held a training session on moving stuff to the new site.</li><li>Kim took notes and will turn that into a how-to document and will send to everyone involved</li></ul><li>Update on CC0 license</li><ul><li>Kim sent email to Ian Skerrett at Eclipse, Robin Johnson at Gentoo, Spot at Fedora about the change in the data license from Public Data License to CC0</li><li>So far, I've hear back from Robin at Gentoo that he was happy about that.&nbsp; HIs email note said:</li><ul><li>Looks good, 100% behind CC-0.<br /><br />Tom: I meant to poke you re our idea of altering license naming in the<br />distros to match SPDX license identifiers. <br />We've been working on classifying all the licenses in Gentoo:<br />http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/profiles/license_groups?revision=1.102&amp;view=markup<br />(the above only covers 252 out of the 614 licenses presently in Gentoo).</li></ul><li>I sent a follow up to Robin asking if he would work with us to get the license list expanded to cover his 252 (or possibly 614) licenses in Gentoo.</li></ul><li>Eclipse BOF</li><ul><li>Chuck and Mahshad from Protecode are working to organize BOF at EclipseCon</li><li>I suggested that they should plan for no more than 20 people.&nbsp;</li></ul><li>Software Supply Chain Summit</li><ul><li>This would be a 1 day meeting in person with people involved in the software supply chain to discuss SPDX and OSS compliance in the supply chain</li><li>Targeting potentially April 6 (day after LF COllab Summit)</li><li>To be held in South Bay (possible at DLA or Cisco or HP facilities)</li><li>Topics would be about OSS compliance in the supply chain issues, SPDX issues and discussion</li><li>We want it to be not just presentation, but also discussion</li><li>We would target maybe 20 or so people from enterprises that use/distribute OSS</li><li>How to get people there</li><ul><li>Current SPDX members to invite people</li><li>Mark Radcliffe will help market</li><li>Ask LF (Jim Z) to help</li></ul><li>Kim to talk to LF to coordinate so we can finalize date/time/place</li></ul><li>License List Process</li><ul><li>We reviewed our previous notes for adding to license list and added a few more ideas and thoughts</li><li>In general it looks pretty good, but we also need legal team to review and give feedback</li><li>Our goal is to have something in place by end of Q2, so we will start taking these notes and working it into a more formal description and a "to do" list of the pieces we need to put into place to make it happen.</li></ul><li>Process for companies to adopt&nbsp;</li><ul><li>We discussed how we move forward with company adoption.&nbsp; </li><li>Scott Lamons talked through their process</li><ul><li>Can start with procurement team to ask suppliers to provide SPDX</li><li>Will need to educate procurement team on SPDX (what/why)</li><li>Will need places on website to point suppliers to</li><li>HP has a standard spreadsheet format for proposal tracking of all OSS requests -- but it's not the SPDX format.</li><li>HP would need to change to SPDX format</li><ul><li>HP Would need to be able to have extra fields that are company specific and have the tools ignore/add those.</li></ul><li>They Will need tools to help them</li><ul><li>Scott's idea is that you feed it software repositories to scan for licenses and then you can input the SPDX specific fields and create SPDX files</li><li>We discussed the fact that ultimately you want to tie all of these pieces together, but in the short term, suppliers could use their current processes for figuring out what OSS they are using and then use the exisitng tools to convert to SPDX format.</li></ul><li>HP Could also ask their developers that are making internal requests to provide SPDX</li></ul></ul></ul>
+
<p><strong>Attendees</strong></p><ul><li>Kim Weins</li><li>Chuck Gaudreau</li><li>Gary O'Neill</li><li>Scott Lamons</li><li>Jilayne Lovejoy</li></ul><p><strong>Agenda</strong></p><ul><li>Web Site</li><li>Update on CC0 "license" feedback</li><li>EclipseCon BOF</li><li>Software Supply Chain Summit</li><li>License List Process</li><li>Enterprise Adoption issues</li></ul><p><strong>Notes</strong></p><ul><li>Web site training</li><ul><li>Steve Cropper and Pierre held a training session on moving stuff to the new site.</li><li>Kim took notes and will turn that into a how-to document and will send to everyone involved</li></ul><li>Update on CC0 license</li><ul><li>Kim sent email to Ian Skerrett at Eclipse, Robin Johnson at Gentoo, Spot at Fedora about the change in the data license from Public Data License to CC0</li><li>So far, I've hear back from Robin at Gentoo that he was happy about that.&nbsp; HIs email note said:</li><ul><li>Looks good, 100% behind CC-0.<br /><br />Tom: I meant to poke you re our idea of altering license naming in the<br />distros to match SPDX license identifiers. <br />We've been working on classifying all the licenses in Gentoo:<br />http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/profiles/license_groups?revision=1.102&amp;view=markup<br />(the above only covers 252 out of the 614 licenses presently in Gentoo).</li></ul><li>I sent a follow up to Robin asking if he would work with us to get the license list expanded to cover his 252 (or possibly 614) licenses in Gentoo.</li></ul><li>Eclipse BOF</li><ul><li>Chuck and Mahshad from Protecode are working to organize BOF at EclipseCon</li><li>I suggested that they should plan for no more than 20 people.&nbsp;</li></ul><li>Software Supply Chain Summit</li><ul><li>This would be a 1 day meeting in person with people involved in the software supply chain to discuss SPDX and OSS compliance in the supply chain</li><li>Targeting potentially April 6 (day after LF COllab Summit)</li><li>To be held in South Bay (possible at DLA or Cisco or HP facilities)</li><li>Topics would be about OSS compliance in the supply chain issues, SPDX issues and discussion</li><li>We want it to be not just presentation, but also discussion</li><li>We would target maybe 20 or so people from enterprises that use/distribute OSS</li><li>How to get people there</li><ul><li>Current SPDX members to invite people</li><li>Mark Radcliffe will help market</li><li>Ask LF (Jim Z) to help</li></ul><li>Kim to talk to LF to coordinate so we can finalize date/time/place</li></ul><li>License List Process</li><ul><li>We reviewed our previous notes for adding to license list and added a few more ideas and thoughts</li><li>Details at&nbsp; http://www.spdx.org/wiki/process-adding-license-list-draft</li><li>In general it looks pretty good, but we also need legal team to review and give feedback</li><li>Our goal is to have something in place by end of Q2, so we will start taking these notes and working it into a more formal description and a "to do" list of the pieces we need to put into place to make it happen.</li></ul><li>Process for companies to adopt&nbsp;</li><ul><li>We discussed how we move forward with company adoption.&nbsp;</li><li>Scott Lamons talked through their process</li><ul><li>Can start with procurement team to ask suppliers to provide SPDX</li><li>Will need to educate procurement team on SPDX (what/why)</li><li>Will need places on website to point suppliers to</li><li>HP has a standard spreadsheet format for proposal tracking of all OSS requests -- but it's not the SPDX format.</li><li>HP would need to change to SPDX format</li><ul><li>HP Would need to be able to have extra fields that are company specific and have the tools ignore/add those.</li></ul><li>They Will need tools to help them</li><ul><li>Scott's idea is that you feed it software repositories to scan for licenses and then you can input the SPDX specific fields and create SPDX files</li><li>We discussed the fact that ultimately you want to tie all of these pieces together, but in the short term, suppliers could use their current processes for figuring out what OSS they are using and then use the exisitng tools to convert to SPDX format.</li></ul><li>HP Could also ask their developers that are making internal requests to provide SPDX</li></ul></ul></ul>

Revision as of 17:28, 19 January 2012

Attendees

  • Kim Weins
  • Chuck Gaudreau
  • Gary O'Neill
  • Scott Lamons
  • Jilayne Lovejoy

Agenda

  • Web Site
  • Update on CC0 "license" feedback
  • EclipseCon BOF
  • Software Supply Chain Summit
  • License List Process
  • Enterprise Adoption issues

Notes

  • Web site training
    • Steve Cropper and Pierre held a training session on moving stuff to the new site.
    • Kim took notes and will turn that into a how-to document and will send to everyone involved
  • Update on CC0 license
    • Kim sent email to Ian Skerrett at Eclipse, Robin Johnson at Gentoo, Spot at Fedora about the change in the data license from Public Data License to CC0
    • So far, I've hear back from Robin at Gentoo that he was happy about that.  HIs email note said:
    • I sent a follow up to Robin asking if he would work with us to get the license list expanded to cover his 252 (or possibly 614) licenses in Gentoo.
  • Eclipse BOF
    • Chuck and Mahshad from Protecode are working to organize BOF at EclipseCon
    • I suggested that they should plan for no more than 20 people. 
  • Software Supply Chain Summit
    • This would be a 1 day meeting in person with people involved in the software supply chain to discuss SPDX and OSS compliance in the supply chain
    • Targeting potentially April 6 (day after LF COllab Summit)
    • To be held in South Bay (possible at DLA or Cisco or HP facilities)
    • Topics would be about OSS compliance in the supply chain issues, SPDX issues and discussion
    • We want it to be not just presentation, but also discussion
    • We would target maybe 20 or so people from enterprises that use/distribute OSS
    • How to get people there
      • Current SPDX members to invite people
      • Mark Radcliffe will help market
      • Ask LF (Jim Z) to help
    • Kim to talk to LF to coordinate so we can finalize date/time/place
  • License List Process
    • We reviewed our previous notes for adding to license list and added a few more ideas and thoughts
    • Details at  http://www.spdx.org/wiki/process-adding-license-list-draft
    • In general it looks pretty good, but we also need legal team to review and give feedback
    • Our goal is to have something in place by end of Q2, so we will start taking these notes and working it into a more formal description and a "to do" list of the pieces we need to put into place to make it happen.
  • Process for companies to adopt 
    • We discussed how we move forward with company adoption. 
    • Scott Lamons talked through their process
      • Can start with procurement team to ask suppliers to provide SPDX
      • Will need to educate procurement team on SPDX (what/why)
      • Will need places on website to point suppliers to
      • HP has a standard spreadsheet format for proposal tracking of all OSS requests -- but it's not the SPDX format.
      • HP would need to change to SPDX format
        • HP Would need to be able to have extra fields that are company specific and have the tools ignore/add those.
      • They Will need tools to help them
        • Scott's idea is that you feed it software repositories to scan for licenses and then you can input the SPDX specific fields and create SPDX files
        • We discussed the fact that ultimately you want to tie all of these pieces together, but in the short term, suppliers could use their current processes for figuring out what OSS they are using and then use the exisitng tools to convert to SPDX format.
      • HP Could also ask their developers that are making internal requests to provide SPDX