THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
General Meeting/Minutes/2015-07-02
From SPDX Wiki
< General Meeting | Minutes
- Attendance: 15
- Lead by Phil Odence
- Minutes of May meeting approved
Contents
UNO - Matt Germonprez
- Tools
- DoSOCS - evolved from Yacto tool
- Generalized to create ways of generating SPDX docs from various dev processes
- Resulted DoSOCS- Ways to scan packages and repos (now source, but in theory binary) to generate SPDX
- Main use case is generating SPDX 2.0 docs
- Store in a relational database - trick was mapping obj-oriented SPDX to rel database
- Very generic. Even on the back end; developed with FOSSology, but could plug in commercial scanners
- Future- intake of SPDX
- Idea is that this will eventually pull in all tools Git, Yacto, etc
- And, can be tied into Jenkins
- Ultimately will support an enterprise process to maintain a inventory of SPDX docs that come out of their processes
- Also exploring production of security vulnerability info
- Looking for where vulnerability info could be stored.
- Need a spot for CPE (and other common ID standards)
- Which would allow for vulnerability info
- Tech team has been pursuing this idea
- Group needs to address the mission creep issue
- Git Scanner
- Analyzes branch and contributes SPDX doc
- Eclipse Plug In
- DoSOCS - evolved from Yacto tool
Tech Team Report - Kate & Gary
- Proposal for wording on Snippets
- Up as a Googledoc and available for review
- Also one for None/No Assertion
- Some discussion of best practices as well
- Looking for folks to sign up on the wiki page to write up parts
- Kicked of discussion Bake Off and what examples to use
- BillS writing up proposal for including external component identifiers (GAV, CPE, others)
- General agreement with concept
- Tools
- Discussion has been going for a couple months about mapping/reconciling various sources of tools (SPDX group, UNO)
- Bakeoff at LinuxCon NA (Monday, 8-noon)
- Will have 2-3 examples
- Candidates are examples on best practices page
- Tool providers will provide SPDX docs
- Should learn a lot from comparisons
- Will have 2-3 examples
Legal Team Report - Paul
- Putting together rev License List (2.1) including exceptions
- Lots of new exceptions
- Mark Gisi is leading exploration of standard headers
Biz Team Report - Jack
- Working on new guidance pages
- Phil and Jack have been prototyping
- LinuxCon
- Back off Monday
- Aiming for BoF on Tuesday
- SPDX talk from Gary (Tues am)
- Mark will be giving a more general talk that will relate to SPDX (Tues pm)
Cross Functional Topics - Phil
- Continually looking for presenters for General Meeting
Attendees
- Phil Odence, Black Duck
- Mike Dolan, Linux Foundation
- Mark Gisi, Wind River
- Scott Sterling, Palamida
- Gary O’Neill, SourceA
- Kate Stewart, LF
- Hassib Khanafer, Protecode
- Paul Maddick, HP
- Scott Lamons
- Jack Manbeck, TI
- Matt Germonprez, UNO
- Tom Gurney, UNO
- Uday Shankar, UNO
- Michael H- nexB
- Kirsten Newcomer, Black Duck