http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02
General Meeting/Minutes/2017-03-02 < General Meeting<http://wiki.spdx.org/view/General_Meeting> | Minutes<http://wiki.spdx.org/view/General_Meeting/Minutes> * Attendance: 11 * Lead by Phil Odence * Minutes of Feb meeting approved Contents [hide<http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02>] * 1 Special Presentation- Mark Charlebois / Rashmi Chitrakar, Qualcomm<http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02#Special_Presentation-_Mark_Charlebois_.2F_Rashmi_Chitrakar.2C_Qualcomm> * 2 Tech Team Report - Kate<http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02#Tech_Team_Report_-_Kate> * 3 Outreach Team Report - Jack<http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02#Outreach_Team_Report_-_Jack> * 4 Legal Team Report - Jilayne/Paul<http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02#Legal_Team_Report_-_Jilayne.2FPaul> * 5 Attendees<http://wiki.spdx.org/view/General_Meeting/Minutes/2017-03-02#Attendees> Special Presentation- Mark Charlebois / Rashmi Chitrakar, Qualcomm[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2017-03-02&action=edit§ion=1>] * Mark from corp R&D, Rashmi from the open source group * Mark works on Dronecode * Goal is to build with Yocto * Want to provide good license info * At the outset Yocto build only supported SPDX 1.0 and uses FOSSology for scanning * Yocto is a distribution that comes with recipes for custom builds * Motivation * reducing scan times was key * FOSSology was taking as much as 6 days * Introducing LiD to address * (Deck is available) * Yocto * has a number of build stages * current integration was inserted after patch stage to only scan what’s patched * but that doesn’t allow for reusability * So, the approach was to scan upstream sources and focus scan on only patches * Uses Yocto archiver * FOSSology integration * Mark was not able to even get it going * Old, did not seem well maintained * New integration * Implements approach to * Leverage newer SPDX capabilities * Relationships between files * Usage info (e.g. dynamic library) * Allows for parallelizing across machines * Can flag discrepancies (e.g. two different licenses declared) * Goal * create a federated commons of pre-scanned code * so, everyone’s work is cut by, say, 90% (as they only need to scan their customer 10%) * LiD * Main Features of Scanners * They have access to FOSSology tools (Nomos, Monk) * Evaluated using Qualcomm code for testing * Nomos was pretty good at detecting license language (94%) * Monk, only about 25% * Used SPDX license list as source for license matching * Goal * Aiding in license compliance * Hope was to generate SPDX * Main functions * Scans source code to ID license language * Natural Language Process “Bag of words” approach * Jakarta index shows how well it matches * Levenstein measures to determine where to start/end * Output- color coded matches (and deviations) * Matched about as well as Noms * Accuracy * Right license * Right region * Better than Nomos at extracting full text; Monk really fell short * Can be tuned * Based on LiD Scores (1-perfect) * Scores of above .6 were pretty good, but user can adjust * Nomos, being REGEX based is very computationally expensive. * Will be available on GitHub * But available already * Q&A * What’s going on with Debian? * It’s being tested on Debian, not a lot of feedback yet Tech Team Report - Kate[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2017-03-02&action=edit§ion=2>] * Spec * Have been working on reference examples * Filling in how to do examples * Spec being converted to docbooks for style * Mobile-friendly * Getting the spec up on GitHub so changes can be tracked, pull requests, etc * Eventually we’ll move there from Bugzilla for issue tracking * FacetoFace in Tahoe * Jilayne did a great presentation that is available as video, Kate’s as well * JSON format discussion * Tools * Talked through plans at Face to Face Outreach Team Report - Jack[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2017-03-02&action=edit§ion=3>] * Accepted for Google Summer of Code * Starting to get interest * Short meeting last week * Talked about feedback from Matt’s project surveying companies * Need to decide if we will do a survey * Jack says we really need to look at the Ecosystem * Define user types and what to tell them they should do * Need to paint a picture of what success is with SPDX * Some feedback from site “I’m a developer, what do I do?” * Considering whether we need someone on the outreach team who is more OSS community-focused * Perhaps looking at “SPDX lite” (wrong word) sort of approach, and easy way to get started Legal Team Report - Jilayne/Paul[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2017-03-02&action=edit§ion=4>] * Good meetings at Tahoe * 2 hour working session * Action plan for XML conversion * How to completely connect the dots and organize upcoming task * Today’s call will follow up * Brad Edmondson developing deck and presenting to ABA group Attendees[edit<http://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2017-03-02&action=edit§ion=5>] * Mark Charlebois, Qualcomm * Rashmi Chitrakar, Qualcomm * Phil Odence, Black Duck * Kate Stewart, Linux Foundation * Philippe Ombrédanne- nexB * Paul Madick, Dimension Data * Jilayne Lovejoy, ARM * Jack Manbeck, TI * Michael Herzog- nexB * Mark Gisi, Wind River * Thomas Steenbergen, HERE
_______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx
