General Meeting/Minutes/2019-09-05

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 17
  • Lead by Phil Odence
  • Minutes of Aug meeting approved


Special Presentations - Hiro Fukuchi, Sony

  • SPDX- Lite
    • Open Chain Japan Work Group
      • Member companies- Toyota, Denso, Panasonic, Pioneer, Sony, Fujitsu, Olympus, Renesas
    • Common Problem- Can’t get OSS information from suppliers (HW vendors, ODMs, SOC, partners…in Asia (China/Taiwan) and Japan
      • They don’t have complete information
      • Don’t have the tools to generate and evaluate
    • SPDX Lite is part of guidelines
      • Fits in at a fairly high level of maturity
        • OpenChain - “Making Process”
        • SPDX (and OSS tooling) - “Improving Process”
        • Most suppliers are at low levels of maturity
      • Looking not to fork, but to expand usage of SPDX Lite
    • Lite Description
      • Subset of SPDX
      • Minimum requirement
      • Can be manually generated
      • Proved in actual business use
    • Scenarios
      • 1 Unskilled suppliers
        • Useful at a lower level of maturity than SPDX requires
      • 2 Non-engineering Staff
        • More understandable by Legal and Procurement staff.
      • Skilled suppliers would still use full SPDX
        • OpenChain compliant suppliers would be sophisticated enough
    • Question: Is SPDX Lite fully SPDX compliant
      • Yes, all mandatory fields are included in SPDX Lite plus some of the optional fields may be included.

Tech Team Report - Gary

  • Spec
    • Being worked in a GitHub repo
      • Set up for pull requests for 2.2
      • Anyone who has ideas or proposed changes, please submit as a pull request
      • One in place is SPDX Lite
        • Proposal is as an Appendix
        • Thought is a profile for a specific use case
        • Could be first of a number of profiles
  • Tools
    • Successful conclusion to GSoC
      • All passed
      • A number of new libraries including Python, Golang
      • Mentors and students were great
      • Record number of projects
    • Challenge now is integrating and putting into production
      • All legal team tools have been submitted as pull requests
        • Should be up and running in a month or so.

Legal Team Report - Jilayne/Paul/Steve

  • Legal Team License Submittal Demo (GSoC)
    • Video and minutes available
    • Need to update contribution instructions
  • Team call today
  • License List
    • 3.7 release at end of month
      • Fewer licenses in release that some recents
    • Recent discussions have been more high level on principles than specific licenses


Outreach Team Report - Jack

  • Survey
    • Has been out for a few months
    • 37 responses so far
    • Will make one more pass
    • Looking at presenting at Gen Meeting in Nov
  • Philipe has been talking to the Python community about using SPDX License IDs and expressions in Python package manifest
    • Could be a model for other communities
      • …some of which have been using formally or informally
      • Potentially high leverage
      • RUST and Go are using sporadically

Cross Functional -

  • None

Attendees

  • Phil Odence, Black Duck/Synopsys
  • Steve Winslow, LF
  • Gary O’Neall, SourceAuditor
  • Jack Manbeck, TI
  • Nicolas Toussaint, Orange
  • Mark Atwood, Amazon
  • Jilayne Lovejoy, Canonical
  • Hiro Fukuchi, Sony
  • Shinsuke Kato, Panasonic
  • Philippe Ombrédanne- nexB
  • Michael Herzog, NexB
  • Patrice-Emmanuel Schmitz, Trasys International, European Commission
  • Richard Fontana, Red Hat
  • Mark Baushke, Juniper
  • Paul Madick, Dimension Data
  • Nisha Kumar, VMWare
  • David Marr, Qualcomm