THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2015-11-05

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 12
  • Lead by Phil Odence
  • Minutes of Oct meeting approved/

Siemens - Oliver Fendt

  • Open Source Group
    • Deals with compliance issues
    • Made up of members from all parts of the company
    • Has been going for 2.5 years
    • Recognized SPDX early in their existence
      • Took a close look
      • First interest was in the license list
        • Requested some license for list; some successful, some not
        • Participated in discussion about how to handle license exceptions
    • SPDX 2.0 was coming on line
      • Voted internally to adopt SPDX
      • And to start requiring SPDX docs from their suppliers
    • Got involved with FOSSology
      • Implemented initial SPDX 2.0 in FOSSology
        • Just RDF, not yet Tag Value
    • Became aware of process of development of standard
        • Concerned about the direction, specifically snippet discussion
        • Concerns that it contradicts vision/mission
        • Minimizing costs across the supply chain
        • Concerned that granularity of snippets and that it’s hard to say, unless you are the developer
        • So, worries about usability
        • And that it adds interpretation, for example, Black Duck Protex requires the human to interpret
        • Also, since there is no open source tool that does snippets, adoption may be limited
      • Would be interested in adding other sorts of information like ECC info
    • They are currently using the latest/greatest FOSSology and encouraging suppliers to do same
    • Starting to see projects using SPDX short IDs in files
    • Suppliers normally don’t deliver source code; Siemens requires that they assert that the comply w/copyrights
      • So they typically don’t scan source.
      • They use FOSSo
      • And they encourage SPDX to supply the info


Tech Team Report - Kate/Gary

  • Busy refining external identifiers proposal
    • Aim was a single field
    • Thought is to break into multiple fields, source of identifier and the domain
    • Wrestling with the difference between security IDs (NVD/CPE) and repos (e.g. Debian)
  • Also, recently revisited snippets proposal
    • Now is a good time to weigh in.
  • Tools
    • Active; Sebastian Schubert has been a big contributor recently
      • Mostly fixes
      • 2.1 will add some work
      • UNO repos also very active


Legal Team Report - Jilayne

  • Cross functional work with tech team on templates and matching
    • recent joint call, apologies for 10 person limit on call; will address
    • Looking to change maintenance process
    • Lots of good discussion about implementing matching guidelines
    • plan is for another joint call in early December


Biz Team Report - Jack

  • Working with LF on a new look feel for website
    • In parallel, changing some of the navigation.
    • Looks like it’s been delayed, so probably 2-3 weeks before rollout
    • Some progress already; looking good so far
  • In process of changing name of team to Outreach Team
    • Will roll out with new website
  • Eclipse Foundation
    • Might be interesting group to speak with about SPDX

Cross Functional Topics - Phil

  • See Jack’s brief blog on SPDX.org pointing must read blog by Eric Raymond on SPDX


Attendees

  • Phil Odence, Black Duck
  • Oliver Fendt, Siemens
  • Tarek Jomaa. ARM
  • Gary O’Neill, SourceAuditor
  • Jilayne Lovejoy, ARM
  • Jack Manbeck, TI
  • Richard Christie, ARM
  • Pierre LaPointe, nexB
  • Sami Atabani, ARM
  • Kate Stewart, Linux Foundation
  • Michael Herzog- nexB
  • Scott Sterling, Palamida