THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2021-05-06

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 18
  • Lead by Phil Odence
  • Minutes of Apri meeting Approved
  • Plan was to switch to Zoom
  • Considering using Jitsu


SPDX License Name Space at Amazon - Mark


Tech Team Report - Kate/Gary/Others

 

  • Spec – Kate
    • Specification conversations continuing to move forward
    • Rough template for categories of topics (what were previously being called “profiles”)
    • Core Model - William
      • No Update
    • Licensing - Steve
      • filed PR with initial draft for discussion of template format, etc.; will update to newer template; previously discussed much of its substance last year
    • Integrity – Kay
      • working with in-toto community, framework for end-to-end supply chain security; collaborating with them to see if the specs can be aligned
    • Defects / Security – Thomas not here today
      • pushed first draft of fields for (1) vulnerabilities, and (2) defects => impact on packages, false positives, etc.
      • Meetings next week to look at other security specs, their use cases, whether they can / how they should be incorporated
    • Linking – Nisha not here today
      • Kate discussing with Nisha / Rose
    • Usage – Yoshiyuki Ito
      • No update
    • Pedigree / Build / Creation – Kate
      • No Update
  • GSoC- Alexios
    • Got 5 slots; can run up to 5 projects
    • Likely to accept 5 proposals:
      • 2 for improving Golang tooling libraries (one RDF writing, one JSON reading/writing)
      • 1 for transitioning / updating online SPDX tools
      • 1 for spec processing tools
      • 1 for improved license matcher, taking matching guidelines into account (unplanned submission)

 

Legal Team Report - Jilayne/Paul/Steve

 

  • Working for 3.13, planning to push out over the weekend
  • Have been trying to clean up old issues
  • Some updates on documentation in the repo
  • New participants recently – some discussions on recent calls have included reviewing past history; may want to put together more historical documentation of past context, etc.
  • Some interest from Debian – interest in getting a Debian-free tickbox into the license list
  • License submissions – starting to take a harder line on participation from people submitting license requests without sticking with them. For this release, started asking people to create the PR’s themselves – a few of the submitters at least responded and indicated they would do so
  • Still relying on the calls too much; having people commenting in issues out-of-band would be very helpful

 

Outreach Team Report - Kate

 

  • Continuing to see interest in SPDX across different communities
  • Zephyr – auto-generation
  • Possible interest in re-starting Outreach team meetings – Sebastian interest, Aveek also
  • Kate will reach out to Jack and either ask him to restart or else Kate will restart


Other Topics

 

  • Sebastian – interest in Arch Linux in using SPDX
    • Some work being done on the Arch packaging system, interest in using SPDX licenses
  • Jitsi
    • Jilayne - Jitsi – this has gone well, plan to update to this for future General calls
    • Legal and Tech teams can update if/when they choose
    • Europe, UK, etc. seems to be working
    • Bob – recommend putting passwords on it
    • Steve – discuss whether to put one on. Possible but appears to prevent dial-ins afterwards.
      • Steve will look into options

 

Attendees

  • Phil Odence, Black Duck/Synopsys
  • Mark Atwood, Amazon
  • Matthew Crawford, ARM
  • Bob Martin, Mitre
  • Philippe Emmanuel Douziech, CAST
  • Jilayne Lovejoy, Red Hat
  • Maximilian Huber, TNG
  • Alexios Zavras, Intel
  • Kay Williams, Microsoft
  • David Edelsohn, IBM
  • Thomas Steenbergen, HERE
  • Jeff Schutt, Cisco
  • Kate Stewart, Linux Foundation
  • Michael Herzog- nexB
  • Sebastian Crane
  • Steve Winslow, LF
  • Marc Etienne Vargenau, Nokia
  • Jonas Smedegaard, self