I’ve posted these notes and the proposal to the meeting minutes page for May
3rd here, but I don’t know who else was on the call. Can someone fill that in?
SPDX Legal Team co-lead
> On May 3, 2018, at 12:36 PM, g...@sourceauditor.com wrote:
> Hi Paul, Brad and Galo,
> Below are my notes from the discussion on the SPDX GSoC project “Add New
> License Submittal Feature to Online Tools”.
> We would like to have a follow-up discussion with Galo, Paul, Brad and Gary.
> We reviewed the use cases in the proposal (attached).
> There were three key points made during the review:
> - The primary motivation for the tool is to make it easy for the submitters
> (the Producer actor)
> - The legal team would like to continue to use github issues to track new
> license submittals as opposed to using the tool forms
> - To keep the scope of the project achievable, we can take an incremental
> Discussion prior to the use case reviews:
> Do we want to require a github account for the Producers: We agreed that the
> Producers would not need a github account and could log in anonymously as
> long as an email is available
> How do we know if the email is valid? [I believe we decided this didn’t need
> to be resolved on the first release]
> We should describe why the email is needed for the submittal – e.g. in case
> there are any questions, follow-up required
> UC-001 Submit a license request:
> We should validate the license is valid and is not a duplicate license
> Anonymous login OK as long as email address is captured
> As a post condition, a github issue should be submitted with the proper tags
> to denote a new license request. The Github API’s can be used for this
> purpose: https://developer.github.com/v3/issues/#create-an-issue
> We could add some helpful information on the different fields (e.g. what a
> short-identifier is, pointer to the OSI license list)
> UC-002 View submitted license requests:
> Since the legal team will use the github issues list to track, the view
> function will primarily be used by producers and people interested in the
> status outside of the legal team itself. We did feel this was still a
> valuable use case, just with different actors.
> No need to authenticate – could be a public access view
> Suggest the following states for the license: submitted (non-reviewed),
> submitted (under-review), approved, rejected
> The state could be determined by the tags in the issue within github
> We discussed what we would list under approved – all licenses? Just licenses
> submitted through the app? We agreed that the list under approved would be
> all licenses which have been approved but not yet released/published. Once a
> license is released/published it would no longer be visible. We could add a
> link to the listed licenses page as a reference for all published licenses.
> UC-003 and UC-004 Approve and Deny license request:
> Not needed since the legal team will use github for tracking status
> UC-005 View a license request information:
> The actors would include the Producer and also the general public
> Could be a drilldown from the view on UC-002
> UC-006 Generate a license XML file
> Actor would be the legal team since the Producer will not be required to have
> a github account necessary for the pull request.
> Ideally, this could generate a pull request, but it could just download the
> XML and the user could create the pull request.
> We would need to also download a test file which would be the text of the
> We also discussed if the original submittal should generate the pull request
> with the XML file and we decided it should only generate the issue.
> We discussed a scenario where there may be a family of licenses submitted
> together. Should we support multiple licenses submitted in the same issue?
> All: Please let me know if I missed anything.
> Gary O'Neall
> Principal Consultant
> Source Auditor Inc.
> Mobile: 408.805.0586
> Email: g...@sourceauditor.com <mailto:g...@sourceauditor.com>
> <GSOC_2018 -SPDX_Add_Licenses-Galo
> Spdx-legal mailing list
> Spdxfirstname.lastname@example.org <mailto:Spdxemail@example.com>
Spdx-legal mailing list