THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2016-03-05

From SPDX Wiki
< General Meeting‎ | Minutes
Revision as of 23:03, 4 March 2016 by Podence (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • Attendance: 12
  • Lead by Phil Odence
  • Minutes of Feb meeting approved

Special Guest Star - Camille Moulin, Inno3

  • SPDX license list and expressions
    • Most dependency management solutions include licensing info
      • So you can extract and process the information
      • Most clients aren’t using this approach, rather they use scanners like Black Duck, Palamida, Protecode
    • The dependency manager approach
      • This approach is not as accurate as code scanners
      • No information at the sub level package
      • Depends on quality metadata
    • Metadata quality
      • 30% of all packages have no license data
    • SPDX Maturity
      • Still a young project
      • License expressions were a key addition
      • Need to be clear on license version numbers
      • SPDX is already adopted by most package manager, particularly newer ones
      • Some useful tools are available
    • Q&A
      • What improvements in SPDX are required?
        • He suggest separating License name from version number as separate attributes


Tech Team Report - Kate/Gary

  • Specification Update:
    • meetings over last month spent continuing to refine the External Reference proposal from Bill and Yev.
    • Its been refactored a couple of couple of time, and active discussion is ongoing.
    • Introduced Draft version of Appendix on how to specify "SPDX-License-Expression:" in file comments.
    • Summarized information on WIKI and input received from mail list. Team wants to make sure wording
    • at top makes it clear that if a license has a standard header, that header should be used.
  • Tools Update:
    • None this month

Outreach Team Report - Jack

  • Website
    • Still waiting on LF to update
  • Webinars
    • Just starting a regular series of Webinars
    • Jilayne was “volunteered” talk about the license list as the initial one
    • Talking to LF about hosting


Legal Team Report - Jilayne

  • Big Update: Templates Rehab
    • Have reviewed guidelines and mark-up method and implementation
      • Guidelines were human-friendly, not machine
      • Fairly major overhaul back end
      • Much better handling of single source than was possible with spreadsheet
    • Better for machines
    • Enabling others to contribute
    • Easier to maintain
  • OSI
    • Have synced up our new license process
    • Our heads up had been coming late, after their URLs were set up
    • Now we can pick short ID first

Cross Functional Topics - Phil

  • Collab meeting: Walk through of the 2.1 SPEC changes in a combined document.
  • Google SoC
    • SPDX along was not accepted
    • LF was, so we may be able to piggyback


Attendees

  • Phil Odence, Black Duck
  • Yev Bronshteyn, Black Duck
  • Kate Stewart, Linux Foundation
  • Pierre LaPointe, nexB
  • Jilayne Lovejoy, ARM
  • Kirsten Newcomer, Black Duck
  • Mark Gisi, Wind River
  • Michael Herzog- nexB
  • Dave Marr, Qualcomm
  • Jack Manbeck, TI
  • Camille Moulin, Inno3
  • Scott Sterling, Palamida