THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

General Meeting/Minutes/2016-06-02

From SPDX Wiki
Jump to: navigation, search
  • Attendance: 14
  • Lead by Phil Odence
  • Minutes of May meeting approved

Special Guest - Dave Marr, Qualcomm

  • SPDX is a critical piece of getting well and getting good at managing open source
  • Open source overall
    • Requires cross functional participation
    • Some very intellectual interesting aspects
    • Management
      • really requires a lot of uninteresting, rote work
      • Necessary to get it right
    • Opportunity for automation
      • Requires standard practices
      • Customer focus required
        • Focus on internal customers too, requires mindset shift
        • Delivering code with compliance problems is like delivering bad code
        • Qualcomm engineers all take Dave’s training
          • The more specific instructions the better
      • SPDX connection
        • Information must be in a factorable form
        • Standardization is key
      • Process required to yield the output
        • That’s the hard part
        • Can’t have drag on engineering processes
        • So need automation and “plumbing”
      • Direction
        • Aiming for seamlessness
        • Suppliers need to be brought into this
        • If everyone provides SPDX, there’s still the need to efficiently consume and manage through the dev process
        • Solution needs to handle version control and compilation
        • The dream is a way to move the SPDX files along with the code and to handle refactoring to the ultimately the SPDX files for products the ship are available and largely accurate.
      • How to get there?
        • Tricky to improve the plane while still flying
      • Does annotation in SPDX help?
        • So far they struggle with achieving behavioral change in engineering
        • Works best when product managers drive
        • Annotations are good for simple use case
      • Looking at hooks into version control systems?
        • Yes, and this might be the ultimate approach
        • At least part of the solution
        • One source of truth is required -- and as contained within the version control system


Tech Team Report - Kate

  • Spec
    • 2.1 very close to getting pushed out
      • two appendices need a little work, but that’s it
      • Kate can provide link to review for everyone
      • Somewhat waiting for Gary’s return from vaca
    • Live on the new website
  • Tools
    • Starting to update for 2.1


Outreach Team Report - Jack

  • Website
    • Still working it through
    • Lots to talk about in team call today
    • Still a few functional issues, need to resolve with LF folks


Legal Team Report - Paul

  • Primary focus getting all the licenses into GitHub
      • for maintenance
      • and more future utility
    • all license have been converted
      • going thru manually
  • New licenses
    • knocking them down as they come in
    • little backlog at this point


Cross Functional Topics - Phil

  • Guest stars
    • Sam Ellis, Dave Marr, one more in pipeline


Attendees

  • Phil Odence, Black Duck
  • Kate Stewart, Linux Foundation
  • Jilayne Lovejoy, ARM
  • Jack Manbeck, TI
  • Scott Sterling, Palamida
  • Paul Madick, Dimension Data
  • Robin Gandhi, UNO
  • Alexios Zavras, Intel
  • Pierre LaPointe, nexB
  • Michael Herzog- nexB
  • Mike Dolan, Linux Foundation
  • Matt Germonprez, UNO
  • Yev Bronshteyn, Black Duck
  • Matija Suklje, FSFE