General Meeting/Minutes/2018-08-02

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 13
  • Lead by Phil Odence
  • Minutes of July meeting approved

Guest Presentation, - Supporting Continuous Integration, Ndip Tanyi

  • Idea- Automatically generating SPDX docs as part of CI process
  • Scope
    • Focused on Travis CI, NPM and Python
  • Demo
    • Add an install and SPDX build script to build script
    • And some statements to push the SPDX docs to the repo
  • Future extensions
    • Pushing to GItHub as a commit
    • Other CI systems
  • Has been designed generically enough to be extensible to other languages and environments


Tech Team Report - Kate/Gary

  • Tools: GSoC is wrapping up in the next couple of weeks. Thank you to the students for their hard work and improvements to the project tools!
  • Specification:
    • Working through resolution of the external identifiers of the PURL specfication and our External Identifiers. We’re trying to get key discussion participants (Yev, Philippe, Treveor, Gary, Kate) all on the same call.
    • on that note, we’re seeing a lot of interest in Security and ties into External Identifiers
  • Security:
    • NTIA held a software transparency workshop 2 weeks ago, and are moving forward with a workgroup to reconcile the formats that are out there. When there are more details on the workgroup, Kate will send out the invitation to participate to the SPDX general and technical lists.
    • SPDX team will also be spinning up a security working group to focus on improving SPDX to support the SBOM for security issues, so watch out for more information, and if you have security contacts who are interested in participating, please subscribe to https://lists.spdx.org/g/spdx-security We'll be starting discussions there in the next month.


Legal Team Report - Jilayne/Paul

  • 3.2 is out
  • Some clean up of old issues in process
  • Request to that legal folks try out Tushar’s tool
  • Exceptions
    • The term is imperfect as it handles some items that are not “exceptions” per se
      • Patent grants, for example
      • Considering changing the term to be more neutral and inclusive
        • “Modifiers” maybe?
        • Will send an email to a wide audience get people thinking about it and set up a special meeting


Outreach Team Report - Jack

  • Website
    • Making more sense of the License List and Documents section
  • New time for Outreach calls is 7pm EDT
    • * Shane Coughlin, from Open Chain, is getting involved to lead the Outreach to Companies (Japan based)
  • OSS Summit
    • Bake-off is on the Tuesday
    • Morning will be on producing SPDX documents, and checking valid
    • Afternoon session will be on consuming them.
    • 6 tools (3 open source, 3 commercial) will be participating.

Attendees

  • Phil Odence, Black Duck/Synopsys
  • Kate Stewart, Linux Foundation
  • Ndip Tanyi, Alberta University
  • Tushar Mittal, GSoC Student
  • Gary O’Neall, SourceAuditor
  • Yash Nisar, GSoC Student
  • Jack Manbeck, TI
  • Steve Winslow, LF
  • Jilayne Lovejoy, ARM
  • Paul Madick, Dimension Data
  • Mike Dolan, Linux Foundation
  • Matije Suklje, Liferay
  • Mark Atwood, Amazon