Legal Team/Minutes/2015-09-17

From SPDX Wiki
< Legal Team‎ | Minutes
Revision as of 18:25, 15 October 2015 by Jlovejoy (Talk | contribs)

Jump to: navigation, search


  • Jilayne
  • Kris
  • Dennis
  • Phil
  • Alan
  • Gary
  • Brad


1) LinuxCon Europe update:

  • A Beautiful Build, Bradley Kuhn - helpful advice and tips on how to meet the “complete corresponding source” requirement of GPL. slides not posted yet, but will be here: - talk was recorded, so may see it on Linux Foundation YouTube channel
  • FOSSology - X-Ray for Software, Michael Jaeger - Overview FOSSology, an open source license scanning tool, with a demo of upcoming 3.0 release changes. FOSSology was developed by HP and is now being transferred to the Linux Foundation. Siemens has been very active in the transition and development. The new features are very exciting, including SPDX 2.0 generation. (Contributions welcome!) - should see v3.0 available any day now.
  • Developer's Care About the License, Jilayne - had a really good turnout! (50-60 people) and only 3 people raised their hands that didn’t know anything about SPDX. Slides can be found here: - talk was recorded, so may see it on Linux Foundation YouTube channel
  • Supply Chain Mini-Summit - update from Kate:
    • overview of SPDX and OpenChain by Phil and Dave Marr
    • talk on Debsources by Stefano from Debian, see slides here:
    • talk on Dosocs by Uday from UNO, see project here:
    • Some work on OpenChain and Miriam from JBB explained and showed a demo of FOSS management web-based questionnaire for suppliers
    • free-form talk and brainstorming in afternoon. Will probably organize another session focus on tooling in spring, so keep an eye out for that

2) Improving templates / markup for licenses see:

  • we can always add more markup, but want to first consider if we should change the format of the markup
  • Kris recommended moving what is currently used (kind of custom for SPDX) to XML b/c of availability of tools to parse it
  • what is use case of goal of markup?
    • original goals, use-cases: comparing two licenses to determine if it is a match & comparing any text to entire list to see if there is a match to any license. We prioritized the former, thinking there was already tools for the latter.
    • concerns about performance issues with latter
    • matching guidelines purpose, as stated, does not really specify which use case it is aimed at (but could be interpreted as either or both)
    • if extend markup - could we create a set of regular expressions to apply to licenses and make sure they perform reasonably well
    • would need to revise current markup to properly anchor regular expression so it performs well. now useless due to being unconstrained
    • can use or not use regular expressions or XML (could replace current markup with XML without impacting anything)
    • some guidelines may not lend themselves to database, but need programming logic??
  • high-level: what is goal of matching and guidelines? do we want to expand the goal? if so, what form or format should
    • ex. if we switch to XML format, changes work flow of maintaining license list
    • if we make this change, will it get uptake
    • Kris to do proposal and example (on wiki)
    • have discussion on next legal call on Oct 29 (make sure FOSSology folks, Sam Ellis can join)
  • markup on licenses or markup in meantime (e.g., standard headers)? probably okay to do so, as can simply convert
  • would be good to line up for v2.1 aiming to have that ready for Collab Summit