THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2011-06-02

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 13
  • Minutes for 20110519 approved

Technical Team Report - Gary

  • Tools: have received good feedback; addressed a few technical issues; available for beta use
  • Spec: final polishing has been largely completed; waiting for one more review from legal which is expected by Friday am PT

Business Team Report - Kim

  • 3 beta teams are working; target for beta completion & feedback is end of June; request that all teams work toward this date
    • HP/WindRiver & OL/Antelink are in progress
    • Kickoff for Motorola/TI still to be scheduled, but there's been activity. Rockett will work with Gary to get kickoff scheduled
  • Website refresh subteam has been created. Details on this working group can be found here:
  • GA launch process is next big thing to focus on
    • Planned for LinuxCon in Vancouver
    • Phil O. has a speaking slot
    • Goal include press release and mention in keynote

Legal Team Report - Rockett

  • Last scrub on 5/16 spec in progress. Final comments due by Friday am PT time, 6/3
  • Recommend Open Data Commons PDDL license for SPDX MetaData (http://www.opendatacommons.org/licenses/pddl/); will send link to broader group for final sign-off
  • License templatizing is the next big focus
  • Also noted that we'll need a process for adding licenses to SPDX list very soon; Kim says Biz Team has a proposal for a process and she'll plan to share more broadly

Cross Functional Issues – Discussion

  • Website update- Steve
    • Sandbox for testing new website structure in place
    • Team plans to create storyboards for 3-4 personas using mind map tools
    • wiki pages for working group now available Old/Website_Refresh
  • Questions/recommendations for presenting data for binaries and archives such as jar files -- Kim
    • There's been recent email about how to represent data for binaries that are combinations of OSS, 3rd party, and proprietary code in SPDX documents
    • Issue has also come up for OL/Antelink beta partners; OL/Antelink have decided to use compound licensing for jar files when needed; should we recommend the same approach for binaries?
    • There was a lively discussion on this topic with input from Steve Cropper, Kim Weins, Michael Herzog, Kate Stewart
    • Main conclusion: Recommendations for how to handle these use cases need to be added to the draft FAQ
      • Draft FAQ is available here: SPDX_FAQ
      • FAQ should address questions about proprietary and 3rd party as well as OSS licenses
      • Kim added a number of topics to the FAQ; need volunteers to provide additional info on these topics
    • A side issue regarding how best to connect package and SPDX document was also discussed
    • The topic of package hierarchy also came up
      • Michael H. noted that the SPDX team made a conscious choice not to tackle this for v1 of the specification
      • v1 spec is intended to address lower level or sub-assembly items and a BOM is not yet represented in the spec
      • Recommended that a section on items specifically deferred be added to the FAQ so that new users have visibility into these decisions
      • Michael also volunteered to pull together info on well traveled routes for BOMs that we might want to leverage

Open Action Items

  • MartinM- Report back on # of people on respective mailing lists. ONGOING
  • Kim -- share Biz Team proposed process for adding licenses to SPDX list more broadly
  • Michael H. -- provide info on existing BOM standards that should be useful for future consideration
  • Legal/Biz Teams- Review and update Master Schedule
  •  ?? -- volunteers needed to review and update the FAQ: SPDX_FAQ

Closed Action Items

  • Kirsten- Notify Kim of need to clean up business section of website.
  • MartinM- Get master list of website pages to Kate

Attendees

  • Kirsten Newcomer, Black Duck Software
  • Kamal Hassin, Protecode
  • Kim Weins, OpenLogic
  • Esteban Rockett, Motorola
  • Gary O'Neall, Source Auditor
  • Michael Herzog, NexB
  • Martin Michlmayr, HP
  • Kate Stewart, Canonical
  • Peter Williams, OpenLogic
  • Jillayne Lovejoy, OpenLogic
  • Brandon Robinson, Cisco
  • Steve Cropper, Cisco
  • Tom Incorvia, Microfocus