Business Team/Minutes/2012-02-02

From SPDX Wiki
< Business Team‎ | Minutes
Revision as of 15:55, 2 February 2012 by Kweins (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Attendees

  • Kim Weins
  • Chuck Gaudreau
  • Gary O'Neill
  • Scott Lamons
  • Jilayne Lovejoy

Agenda

  • Web Site Content
  • EclipseCon BOF
  • Software Supply Chain Summit - Date and Place
  • Next Steps - License List process
  • Web Resources
  • SPDX 2.0 compatibility
  • Enterprise Adoption issues

Notes

  • Software Supply Chain Summit
    • This would be a 1 day meeting in person with people involved in the software supply chain to discuss SPDX and OSS compliance in the supply chain
    • Targeting potentially April 6 (day after LF COllab Summit)
    • To be held in South Bay (possible at DLA or Cisco or HP facilities)
    • Topics would be about OSS compliance in the supply chain issues, SPDX issues and discussion
    • We want it to be not just presentation, but also discussion
    • We would target maybe 20 or so people from enterprises that use/distribute OSS
    • How to get people there
      • Current SPDX members to invite people
      • Mark Radcliffe will help market
      • Ask LF (Jim Z) to help
    • Kim to talk to LF to coordinate so we can finalize date/time/place
  • License List Process
  • Process for companies to adopt 
    • We discussed how we move forward with company adoption. 
    • Scott Lamons talked through their process
      • Can start with procurement team to ask suppliers to provide SPDX
      • Will need to educate procurement team on SPDX (what/why)
      • Will need places on website to point suppliers to
      • HP has a standard spreadsheet format for proposal tracking of all OSS requests -- but it's not the SPDX format.
      • HP would need to change to SPDX format
        • HP Would need to be able to have extra fields that are company specific and have the tools ignore/add those.
      • They Will need tools to help them
        • Scott's idea is that you feed it software repositories to scan for licenses and then you can input the SPDX specific fields and create SPDX files
        • We discussed the fact that ultimately you want to tie all of these pieces together, but in the short term, suppliers could use their current processes for figuring out what OSS they are using and then use the exisitng tools to convert to SPDX format.
      • HP Could also ask their developers that are making internal requests to provide SPDX