http://wiki.spdx.org/view/General_Meeting/Minutes/2016-03-05
General Meeting/Minutes/2016-03-05 < General Meeting | Minutes Attendance: 12 Lead by Phil Odence Minutes of Feb meeting approved Contents [hide] 1 Special Guest Star - Camille Moulin, Inno3 2 Tech Team Report - Kate/Gary 3 Outreach Team Report - Jack 4 Legal Team Report - Jilayne 5 Cross Functional Topics - Phil 6 Attendees Special Guest Star - Camille Moulin, Inno3[edit] SPDX license list and expressions Most dependency management solutions include licensing info So you can extract and process the information Most clients aren’t using this approach, rather they use scanners like Black Duck, Palamida, Protecode The dependency manager approach This approach is not as accurate as code scanners No information at the sub level package Depends on quality metadata Metadata quality 30% of all packages have no license data SPDX Maturity Still a young project License expressions were a key addition Need to be clear on license version numbers SPDX is already adopted by most package manager, particularly newer ones Some useful tools are available Q&A What improvements in SPDX are required? He suggest separating License name from version number as separate attributes Tech Team Report - Kate/Gary[edit] Specification Update: meetings over last month spent continuing to refine the External Reference proposal from Bill and Yev. Its been refactored a couple of couple of time, and active discussion is ongoing. Introduced Draft version of Appendix on how to specify "SPDX-License-Expression:" in file comments. Summarized information on WIKI and input received from mail list. Team wants to make sure wording at top makes it clear that if a license has a standard header, that header should be used. Tools Update: None this month Outreach Team Report - Jack[edit] Website Still waiting on LF to update Webinars Just starting a regular series of Webinars Jilayne was “volunteered” talk about the license list as the initial one Talking to LF about hosting Legal Team Report - Jilayne[edit] Big Update: Templates Rehab Have reviewed guidelines and mark-up method and implementation Guidelines were human-friendly, not machine Fairly major overhaul back end Much better handling of single source than was possible with spreadsheet Better for machines Enabling others to contribute Easier to maintain OSI Have synced up our new license process Our heads up had been coming late, after their URLs were set up Now we can pick short ID first Cross Functional Topics - Phil[edit] Collab meeting: Walk through of the 2.1 SPEC changes in a combined document. All Day Wednesday Thursday Morning OpenChain- Trying to wrap up specification effort Afternoon- FOSSology- Working through what’s working/what’s not and infrastructure http://events.linuxfoundation.org/events/collaboration-summit/program/about Google SoC SPDX along was not accepted LF was, so we may be able to piggyback Attendees[edit] Phil Odence, Black Duck Yev Bronshteyn, Black Duck Kate Stewart, Linux Foundation Pierre LaPointe, nexB Jilayne Lovejoy, ARM Kirsten Newcomer, Black Duck Mark Gisi, Wind River Michael Herzog- nexB Dave Marr, Qualcomm Jack Manbeck, TI Camille Moulin, Inno3 Scott Sterling, Palamida
_______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx
