THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2016-08-04

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 12
  • Lead by Phil Odence
  • Minutes of July meeting approved


Special Guest - Alexios Zavras, Intel

  • His role is open source compliance at Intel, based in Munich
    • Now at open source tech center
    • Will be talking about his previous role with Intel Mobile Comms
  • Mobile Comms
    • Based in Germany
    • Germans are very process-oriented, well-documented
  • His role was SW legal compliance.
    • Ensuring all software legally compliant across all kinds of software
    • They treat all compliance issues as a bug, just like any problem in the software
    • Alexis learned of SPDX and was very pleased and excited about it
      • Didn’t manage to get everything SPDX based
      • Started slowly
      • SPDX is very valuable at many levels
        • Even just the license list and standard way of expressing was very helpful
        • Quickly standardized on SPDX notations and it started appearing in their documentation etc
      • Included in training that was mandatory for SW devs and later extended to marketing, legal, biz dev
        • Everyone who touches software had to take on-line course with a deeper course available for some
      • Have developed number of tools, tightly coupled with dev environment
        • All developed internally
        • very tightly controlled, eg can’t check out code without a ticket
        • Tool chain includes license compliance
      • Central team provides compliance services to dev
        • too much for all devs to worry about
        • Fits with org structure
        • Internal teams reviews all code
      • Started small, then more widespread and more automated
        • Today every release goes though this license compliance check
        • Requires ‘stamp of approval’ from central team
      • To make the central team more efficient
        • Save all results
        • Including many of the SPDX fields
        • Saved in database
      • Last step, not yet taken, is to generate an SPDX doc for each release
        • Just held up by organizational issues, technically feasible
        • Being worked on
        • Have started getting the request from customers
          • Not mentioning SPDX by name, have not seen that yet,
          • but asking for data that SPDX covers, files, license, etc
          • (both are with Euro customers)
      • When they generate SPDX
        • Permissive license require attribution
        • They’ve had an issue with that going back 5 years
        • Their policy to handle is to deliver all OSS in source form
        • So, therefore include attribution in comments
        • They include a list of open source and model licenses, but the attribution is all in source code
      • Example- Modem company
        • Intel provides chips and software in binary form
        • Packaging: With binary they include
          • all source for open source in binary
          • And, list of conditions for any 3td party proprietary code
      • Are they being asked for security vulnerabilities associated with components
        • Not yet, but they are thinking about it with respect to naming (CPEs, etc)
  • AZ- “Thanks for the wonderful work. It’s really helpful.”


Tech Team Report - Kate

  • Spec
    • Collecting feedback
    • Addressing as it comes it
  • Gary has taken a pass at updating tools
  • In the polishing stage
    • One more round of feedback
    • Into publishing mode as of Tuesday
  • Bake Offs
    • Possible SF 9/27 and Europe at LCon
    • Needs to be nailed down in the next couple week.

Outreach Team Report - Jack

  • Website
    • Still working this week
    • Will review at next week’s meeting
    • Should be close with go live; shooting for Linux Con NA
    • Still looking for some improvements that will require work from the Linux Foundation team
      • No show stoppers
    • Will send out link for review

Legal Team Report - Jilayne

  • XML review
    • Still plugging away
    • Timeline set
  • 2.5 release
    • Just a few licenses
    • Aiming for end of Oct
    • See Legal Team meeting mins for detail
    • Could use all the help they can get; lots to do
      • To review new XML master format for every license


Cross Functional Topics - Phil

  • Guest stars
    • Always looking for more


Attendees

  • Phil Odence, Black Duck
  • Alexios Zavras, Intel
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Scott Sterling, Palamida
  • Robin Gandhi, UNO
  • Jack Manbeck, TI
  • Yev Bronshteyn, Black Duck
  • Matt Germonprez, UNO
  • Michael Herzog- nexB
  • Georg Link, UNO
  • Mike Dolan, Linux Foundation