THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2017-01-05

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 14
  • Lead by Phil Odence
  • Minutes of Dec meeting approved


Special Presentation- Georgia (Zeta) Kapitsaki

  • Goals of work
    • Automate license specification and selection
    • Helping smaller companies and independent developers
    • Helping with combining licenses
      • Created a graph of compatibility for this purpose
      • Based on analysis by computer scientists (not reviewed by lawyers
  • Selected SPDX because it was the only standard way to represent
  • Analysis
    • Use RDF version of SPDX
    • Parse and find the different licenses
    • Based on compability graph to determine whether the license combinations are OK
    • Can analyze multiple docs to determine compatibility as well
  • Implementation
    • Based tools on SPDX community tools; implemented Java
    • Started with v1.1; needs upgrading
    • Had a problem with finding real files and so used on line FOSSology tools to create
  • Process
    • Uses graph, but graph could be used manually independent of SPDX
    • Find compatible/incompatible licenses
    • Determines problems and flags compatibility problems
  • Available on GitHub
  • Question
    • Are you looking at type of file when analyzing compatibility? Make files for example
      • No they analyze all licenses
      • Would be a direction for the future
      • Might also us dependency information
    • How did you determine which files were compatible and incompatible
      • Did their own analysis
      • Perhaps allow configuration of compatibility


Cross Functional Topics - Phil

  • ANNUAL GOALS
    • Roll out github-maintainable XML license templates
    • Define an approach to creating notice files from an SPDX doc
    • Develop a web-based license match tool
    • Implement tool to score a project’s licensing quality
    • Gain Apache/Eclipse Foundation adoption
    • Sponsor a Google Summer of Code Project
    • Conduct a supply chain management survey
    • Build “whole product” around the spec—what is required for adoption
    • Deploy existing SPDX group tools on web
    • Develop a git plug-in to generate an SPDX doc


Tech Team Report - Kate/Gary

  • Spec
    • Focus has been on support for implementations
      • Best practice
      • Tools
        • Pseudo code for notices generation
  • Moving git repo from LF over to GitHub at end of January

Legal Team Report - Jilayne/Paul

  • License list release
    • No Q4 license list release
    • Next one in next few days
  • Transition to Github list will be around end of January

Outreach Team Report - Jack

  • No meeting yet this year
  • Look at Leadership Conference
  • Approach to Summer of Code
  • Create survey
  • Working on supporting docs



Attendees

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Paul Madick, Dimension Data
  • Gary O’Neill, SourceAuditor
  • Georg Link, UNL
  • Mark Gisi, Wind River
  • Jack Manbeck, TI
  • Alexios Zavras, Intel
  • Matt Germonprez, UNO
  • Robin Gandhi, UNO
  • Dave Marr, Qualcomm
  • Sayonnha Mandal, UNO
  • Georgia Kapitsaki, U of Cyprus