http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02

Thanks again to Gary and the UNO team for the interesting presentation.


L. Philip Odence
General Manager Audit Services
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
[email protected]<mailto:[email protected]>
http://www.blackducksoftware.com<http://www.blackducksoftware.com/>
http://twitter.com/podence
http://www.linkedin.com/in/podence



General Meeting/Minutes/2015-07-02
< General Meeting<http://wiki.spdx.org/view/General_Meeting> | 
Minutes<http://wiki.spdx.org/view/General_Meeting/Minutes>
<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#mw-navigation><http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#p-search>

  *   Attendance: 15
  *   Lead by Phil Odence

  *   Minutes of May meeting approved

Contents
 [hide<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#>]

  *   1 UNO - Matt 
Germonprez<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#UNO_-_Matt_Germonprez>
  *   2 Tech Team Report - Kate & 
Gary<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Tech_Team_Report_-_Kate_.26_Gary>
  *   3 Legal Team Report - 
Paul<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Legal_Team_Report_-_Paul>
  *   4 Biz Team Report - 
Jack<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Biz_Team_Report_-_Jack>
  *   5 Cross Functional Topics - 
Phil<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Cross_Functional_Topics_-_Phil>
  *   6 
Attendees<http://wiki.spdx.org/view/General_Meeting/Minutes/2015-07-02#Attendees>

UNO - Matt 
Germonprez[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit&section=1>]

  *   Tools
     *   DoSOCS - evolved from Yacto tool
        *   Generalized to create ways of generating SPDX docs from various dev 
processes
        *   Resulted DoSOCS- Ways to scan packages and repos (now source, but 
in theory binary) to generate SPDX
           *   Main use case is generating SPDX 2.0 docs
           *   Store in a relational database - trick was mapping obj-oriented 
SPDX to rel database
           *   Very generic. Even on the back end; developed with FOSSology, 
but could plug in commercial scanners
           *   Future- intake of SPDX
           *   Idea is that this will eventually pull in all tools Git, Yacto, 
etc
           *   And, can be tied into Jenkins
           *   Ultimately will support an enterprise process to maintain a 
inventory of SPDX docs that come out of their processes
        *   Also exploring production of security vulnerability info
           *   Looking for where vulnerability info could be stored.
           *   Need a spot for CPE (and other common ID standards)
           *   Which would allow for vulnerability info
           *   Tech team has been pursuing this idea
           *   Group needs to address the mission creep issue
     *   Git Scanner
        *   Analyzes branch and contributes SPDX doc
     *   Eclipse Plug In


Tech Team Report - Kate & 
Gary[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit&section=2>]

  *   Proposal for wording on Snippets
     *   Up as a Googledoc and available for review
  *   Also one for None/No Assertion
  *   Some discussion of best practices as well
     *   Looking for folks to sign up on the wiki page to write up parts
  *   Kicked of discussion Bake Off and what examples to use
  *   BillS writing up proposal for including external component identifiers 
(GAV, CPE, others)
     *   General agreement with concept
  *   Tools
     *   Discussion has been going for a couple months about 
mapping/reconciling various sources of tools (SPDX group, UNO)
     *   Bakeoff at LinuxCon NA (Monday, 8-noon)
        *   Will have 2-3 examples
           *   Candidates are examples on best practices page
        *   Tool providers will provide SPDX docs
        *   Should learn a lot from comparisons

Legal Team Report - 
Paul[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit&section=3>]

  *   Putting together rev License List (2.1) including exceptions
     *   Lots of new exceptions
  *   Mark Gisi is leading exploration of standard headers


Biz Team Report - 
Jack[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit&section=4>]

  *   Working on new guidance pages
     *   Phil and Jack have been prototyping
  *   LinuxCon
     *   Back off Monday
     *   Aiming for BoF on Tuesday
     *   SPDX talk from Gary (Tues am)
     *   Mark will be giving a more general talk that will relate to SPDX (Tues 
pm)


Cross Functional Topics - 
Phil[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit&section=5>]

  *   Continually looking for presenters for General Meeting


Attendees[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2015-07-02&action=edit&section=6>]

  *   Phil Odence, Black Duck
  *   Mike Dolan, Linux Foundation
  *   Mark Gisi, Wind River
  *   Scott Sterling, Palamida
  *   Gary O’Neill, SourceA
  *   Kate Stewart, LF
  *   Hassib Khanafer, Protecode
  *   Paul Maddick, HP
  *   Scott Lamons
  *   Jack Manbeck, TI
  *   Matt Germonprez, UNO
  *   Tom Gurney, UNO
  *   Uday Shankar, UNO
  *   Michael H- nexB
  *   Kirsten Newcomer, Black Duck
_______________________________________________
Spdx mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx

Reply via email to