http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07
General Meeting/Minutes/2016-07-07 < General Meeting<http://wiki.spdx.org/view/General_Meeting> | Minutes<http://wiki.spdx.org/view/General_Meeting/Minutes> <http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#mw-navigation><http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#p-search> * Attendance: 13 * Lead by Phil Odence * Minutes of June meeting approved Contents [hide<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#>] * 1 Special Guest - Sam Ellis, ARM<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#Special_Guest_-_Sam_Ellis.2C_ARM> * 2 Tech Team Report - Kate/Gary<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#Tech_Team_Report_-_Kate.2FGary> * 3 Outreach Team Report - Jack<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#Outreach_Team_Report_-_Jack> * 4 Legal Team Report - Jilayne<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#Legal_Team_Report_-_Jilayne> * 5 Cross Functional Topics - Phil<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#Cross_Functional_Topics_-_Phil> * 6 Attendees<http://wiki.spdx.org/view/General_Meeting/Minutes/2016-07-07#Attendees> Special Guest - Sam Ellis, ARM[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-07-07&action=edit§ion=1>] * Sam works in ARM’s Cambridge HQ * SW Engineer/Mgr * No legal training * Has gotten involved just as part as his job * Now acts as bridge between dev and legal teams * They use a license scanning tool * That’s the implementation of SPDX * Keen on the license list for name consistency * And using SPDX basis of repository of data about open source in products * Dev process * Similar to most * Are careful to separate out open source archive * Basis of license scanning * Develop an SPDX tag format report for each product * Legal Approval Process * They use a custom tool internally * When open source comes into the company, they assess risk * Recently put a new system in place * Asks the type of questions that SPDX captures * Package name, licenses, copyright notices, where downloaded, etc. * Goal is to to eventually import/export SPDX for this purposes * Tracks OSS use cases * Two systems using * Approval process * Data from the build * Will eventually try to compare to ensure sync * Can be hard to maintain, particularly when removing stuff. * Sam’s projects use and exceptionally large amount of OSS * Need to explain to customers * Ideally would like to auto-gen the list of licenses they publish * Practical Problem: They don’t want to declare all * For example, disjunctive license, may only want declare one * Would like to ship SPDX * Need to work out how much to declare * They get a lot of queries * Concern is does providing more info, generate more queries * * Certainly they feel that SPDX is the right format * Observations * Tag file is large - 130 MB for one product * Too large to ship, but could include on website * Too much info to be comprehensible * People who need to use, don’t have the tools * Need something that can open and filter/summarize * Learning * In the past have developed one big SPDX file * Probably a mistake, should have broken it down * Discussion * Tooling- perhaps the convertor to spreadsheet * Supply chain partners are really interested in use cases, not just what’s in product * Any sharing SPDX docs within company yet? - No, not yet. Tech Team Report - Kate/Gary[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-07-07&action=edit§ion=2>] * Spec * 2.1 draft is out for review * open until the end of the month * assuming no show stoppers, that should be it * Tooling * Started updating for 2.1 last week * External references implementation taking more time than anticipated * Tooling first pass should be ready with 2.1 release timeframe * Gary is keen for feedback on our tools and any issues in implementing other tools Outreach Team Report - Jack[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-07-07&action=edit§ion=3>] * Website * Very close to wrapping up * Looking at final review next week Legal Team Report - Jilayne[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-07-07&action=edit§ion=4>] * XML templates * Review continuing * Call today will checkpoint where we are and remaining work * 2.5 list release * Should be live in the next day or two * Not too many new licenses Cross Functional Topics - Phil[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-07-07&action=edit§ion=5>] * Guest stars * Always looking for more * LinuxCon * Looks light nothing official Attendees[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2016-07-07&action=edit§ion=6>] * Phil Odence, Black Duck * Kate Stewart, Linux Foundation * Jilayne Lovejoy, ARM * Scott Sterling, Palamida * Robin Gandhi, UNO * Jack Manbeck, TI * Yev Bronshteyn, Black Duck * Gary O’Neill, SourceAuditor * Mark Gisi, Wind River * Dave Marr, Qualcomm * Matt Germonprez, UNO * Michael Herzog- nexB * Sam Ellis, ARM
_______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx
