Dave Marr did a great job presenting the importance of SPDX to Qualcomm. Please let me know if you or colleagues would be willing to give a brief, high level talk on how SPDX is being thought about and used (or planned to be used) in the field. Thanks!
http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02 General Meeting/Minutes/2016-06-02 < General Meeting<http://wiki.spdx.org/view/General_Meeting> | Minutes<http://wiki.spdx.org/view/General_Meeting/Minutes> <http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#mw-navigation><http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#p-search> * Attendance: 14 * Lead by Phil Odence * Minutes of May meeting approved Contents [hide<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#>] * 1 Special Guest - Dave Marr, Qualcomm<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#Special_Guest_-_Dave_Marr.2C_Qualcomm> * 2 Tech Team Report - Kate<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#Tech_Team_Report_-_Kate> * 3 Outreach Team Report - Jack<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#Outreach_Team_Report_-_Jack> * 4 Legal Team Report - Paul<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#Legal_Team_Report_-_Paul> * 5 Cross Functional Topics - Phil<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#Cross_Functional_Topics_-_Phil> * 6 Attendees<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-06-02#Attendees> Special Guest - Dave Marr, Qualcomm[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-06-02&action=edit§ion=1>] * SPDX is a critical piece of getting well and getting good at managing open source * Open source overall * Requires cross functional participation * Some very intellectual interesting aspects * Management * really requires a lot of uninteresting, rote work * Necessary to get it right * Opportunity for automation * Requires standard practices * Open Chain * SPDX * SIPOC model (https://en.wikipedia.org/wiki/SIPOC) * Customer focus required * Focus on internal customers too, requires mindset shift * Delivering code with compliance problems is like delivering bad code * Qualcomm engineers all take Dave’s training * The more specific instructions the better * SPDX connection * Information must be in a factorable form * Standardization is key * Process required to yield the output * That’s the hard part * Can’t have drag on engineering processes * So need automation and “plumbing” * Direction * Aiming for seamlessness * Suppliers need to be brought into this * If everyone provides SPDX, there’s still the need to efficiently consume and manage through the dev process * Solution needs to handle version control and compilation * The dream is a way to move the SPDX files along with the code and to handle refactoring to the ultimately the SPDX files for products the ship are available and largely accurate. * How to get there? * Tricky to improve the plane while still flying * Does annotation in SPDX help? * So far they struggle with achieving behavioral change in engineering * Works best when product managers drive * Annotations are good for simple use case * Looking at hooks into version control systems? * Yes, and this might be the ultimate approach * At least part of the solution * One source of truth is required -- and as contained within the version control system Tech Team Report - Kate[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-06-02&action=edit§ion=2>] * Spec * 2.1 very close to getting pushed out * two appendices need a little work, but that’s it * Kate can provide link to review for everyone * Somewhat waiting for Gary’s return from vaca * Live on the new website * Tools * Starting to update for 2.1 Outreach Team Report - Jack[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-06-02&action=edit§ion=3>] * Website * Still working it through * Lots to talk about in team call today * Still a few functional issues, need to resolve with LF folks Legal Team Report - Paul[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-06-02&action=edit§ion=4>] * Primary focus getting all the licenses into GitHub * * for maintenance * and more future utility * all license have been converted * going thru manually * New licenses * knocking them down as they come in * little backlog at this point Cross Functional Topics - Phil[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-06-02&action=edit§ion=5>] * Guest stars * Sam Ellis, Dave Marr, one more in pipeline Attendees[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-06-02&action=edit§ion=6>] * Phil Odence, Black Duck * Kate Stewart, Linux Foundation * Jilayne Lovejoy, ARM * Jack Manbeck, TI * Scott Sterling, Palamida * Paul Madick, Dimension Data * Robin Gandhi, UNO * Alexios Zavras, Intel * Pierre LaPointe, nexB * Michael Herzog- nexB * Mike Dolan, Linux Foundation * Matt Germonprez, UNO * Yev Bronshteyn, Black Duck * Matija Suklje, FSFE
_______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx
