http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02
Thanks again to Gary and the UNO team for the interesting presentation. L. Philip Odence General Manager Audit Services Vice President of Corporate and Business Development Black Duck Software, Inc. 8 New England Executive Park, Suite 211, Burlington MA 01803 Phone: 781.810.1819, Mobile: 781.258.9502 Skype: philip.odence [email protected]<mailto:[email protected]> http://www.blackducksoftware.com<http://www.blackducksoftware.com/> http://twitter.com/podence http://www.linkedin.com/in/podence General Meeting/Minutes/2015-07-02 < General Meeting<http://wiki.spdx.org/view/General_Meeting> | Minutes<http://wiki.spdx.org/view/General_Meeting/Minutes> <http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#mw-navigation><http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#p-search> * Attendance: 15 * Lead by Phil Odence * Minutes of May meeting approved Contents [hide<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#>] * 1 UNO - Matt Germonprez<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#UNO_-_Matt_Germonprez> * 2 Tech Team Report - Kate & Gary<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Tech_Team_Report_-_Kate_.26_Gary> * 3 Legal Team Report - Paul<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Legal_Team_Report_-_Paul> * 4 Biz Team Report - Jack<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Biz_Team_Report_-_Jack> * 5 Cross Functional Topics - Phil<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Cross_Functional_Topics_-_Phil> * 6 Attendees<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Attendees> UNO - Matt Germonprez[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit§ion=1>] * Tools * DoSOCS - evolved from Yacto tool * Generalized to create ways of generating SPDX docs from various dev processes * Resulted DoSOCS- Ways to scan packages and repos (now source, but in theory binary) to generate SPDX * Main use case is generating SPDX 2.0 docs * Store in a relational database - trick was mapping obj-oriented SPDX to rel database * Very generic. Even on the back end; developed with FOSSology, but could plug in commercial scanners * Future- intake of SPDX * Idea is that this will eventually pull in all tools Git, Yacto, etc * And, can be tied into Jenkins * Ultimately will support an enterprise process to maintain a inventory of SPDX docs that come out of their processes * Also exploring production of security vulnerability info * Looking for where vulnerability info could be stored. * Need a spot for CPE (and other common ID standards) * Which would allow for vulnerability info * Tech team has been pursuing this idea * Group needs to address the mission creep issue * Git Scanner * Analyzes branch and contributes SPDX doc * Eclipse Plug In Tech Team Report - Kate & Gary[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit§ion=2>] * Proposal for wording on Snippets * Up as a Googledoc and available for review * Also one for None/No Assertion * Some discussion of best practices as well * Looking for folks to sign up on the wiki page to write up parts * Kicked of discussion Bake Off and what examples to use * BillS writing up proposal for including external component identifiers (GAV, CPE, others) * General agreement with concept * Tools * Discussion has been going for a couple months about mapping/reconciling various sources of tools (SPDX group, UNO) * Bakeoff at LinuxCon NA (Monday, 8-noon) * Will have 2-3 examples * Candidates are examples on best practices page * Tool providers will provide SPDX docs * Should learn a lot from comparisons Legal Team Report - Paul[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit§ion=3>] * Putting together rev License List (2.1) including exceptions * Lots of new exceptions * Mark Gisi is leading exploration of standard headers Biz Team Report - Jack[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit§ion=4>] * Working on new guidance pages * Phil and Jack have been prototyping * LinuxCon * Back off Monday * Aiming for BoF on Tuesday * SPDX talk from Gary (Tues am) * Mark will be giving a more general talk that will relate to SPDX (Tues pm) Cross Functional Topics - Phil[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit§ion=5>] * Continually looking for presenters for General Meeting Attendees[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit§ion=6>] * Phil Odence, Black Duck * Mike Dolan, Linux Foundation * Mark Gisi, Wind River * Scott Sterling, Palamida * Gary O’Neill, SourceA * Kate Stewart, LF * Hassib Khanafer, Protecode * Paul Maddick, HP * Scott Lamons * Jack Manbeck, TI * Matt Germonprez, UNO * Tom Gurney, UNO * Uday Shankar, UNO * Michael H- nexB * Kirsten Newcomer, Black Duck
_______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx
