The Linux Foundation Collaboration Summit is an exclusive, invitation-only summit gathering core kernel developers, distribution maintainers, ISVs, end users, system vendors and other community organizations for plenary sessions and workgroup meetings to meet face-to-face to tackle and solve the most pressing issues facing Linux today. If your company is not a member of The Linux Foundation and you are interested in joining please visit our website to learn more about how you can become a Corporate Member.
This session will be an open discussion on SPDX 2.0 with particular focus on the various proposals for modeling SPDX 2.0. Background on the Models and proposals can be found here: http://spdx.org/wiki/spdx-20-model-proposals
This session will focus on finishing the work on the License Matching Guidelines. The current License Matching Guidelines are located here: http://spdx.org/wiki/spdx-ll-license-matching-guidelines
Below are links to meeting minutes during which this topic was discussed:
Come join us in an informal and open discussion (held under the Chatham House rule) on the current views of the benefits and concerns with using SPDX data within and across different organizations. Share what you think, learn what others think or ask questions to better understand how SPDX can potentially benefit your organization. If you are new to SPDX, come learn what it’s all about. We look forward to seeing you here.
There is only one criterion that makes a piece of software, open source - the License. Although the open source movement is founded upon other core pillars such as a community development model, community review and peer recognition; without the license, there is no movement.The management of licensing in most open source projects today is often poorly executed such that the project fails to grant the intended permissions. Just as the lack of coding discipline can lead to maintenance nightmares and unstable code; the lack of licensing discipline can cripple the legal usability of your code. We present examples found in popular Linux packages; discuss the threat Github presents to the open source movement; the benefits of SPDX; and conclude with six critical coding guidelines every developer should consider to ensure the legitimate usability of their code by everyone is preserved.
There is a strong need for both suppliers and consumers of open source software to communicate the licenses, components, and copyrights associated with the open source projects in a consistent and accurate manner. In response to this need, the Linux Foundation’s Software Package Data Exchange (SPDX™) working group released version 1.1. of the specification last fall.
In this session we provide an overview of the current open source tools available which support SPDX including extensions to Fossology to support SPDX being done at the University of Nebraska at Omaha, the Ninka license identification tools developed at the University of Victoria, as well as other open source SPDX tools. A survey of commercial tools supporting SPDX will also be presented.
For business, legal, or technical individuals interested in using SPDX data, this talk will provide a good overview of what tools are available. For open source developers that are interested in supporting SPDX, building their own tools, or contributing to the SPDX tooling effort, this talk will provide a good overview of the existing software which can be re-used.
There is a strong need for both suppliers and consumers of open source software to communicate the licenses, components, and copyrights associated with the open source projects in a consistent and accurate manner. In response to this need, the Linux Foundation’s Software Package Data Exchange (SPDX™) working group released version 1.1. of the specification last fall.
In this session we provide an overview of the current open source tools available which support SPDX including extensions to Fossology to support SPDX being done at the University of Nebraska at Omaha, the Ninka license identification tools developed at the University of Victoria, as well as other open source SPDX tools. A survey of commercial tools supporting SPDX will also be presented.
For business, legal, or technical individuals interested in using SPDX data, this talk will provide a good overview of what tools are available. For open source developers that are interested in supporting SPDX, building their own tools, or contributing to the SPDX tooling effort, this talk will provide a good overview of the existing software which can be re-used.
In this working session we will do a deeper dive on the various tools (both open source and commercial) for producing and consuming SPDX 1.1. Bring your tools, bring your ideas for tools, and be prepared to roll up your selves and get your hands dirty with SPDX. In order to facilitate discussion and collaboration we encourage SPDX producers to generate SPDX 1.1 data files (tag-value format) for the following open source projects: Time v1.7 (a small package for the purpose of comparing SPDX output from different tools), Busybox v1.20.2, Linux Kernel v3.8.1(optional), or any other open source package that presents interesting results or anomalies that should be discussed with the working group.
Before the session you may upload your data files to the SPDXbakeoff folder on Google Docs. Create a folder with the name of your organization and deposit whatever files you have.
We will have several projectors in order to facilitate side-by-side comparisons of SPDX data and we might also have a shiny new tool for automatically comparing two SPDX files.
We hope to accomplish the following in this session:
This session will be of primary interest to SPDX tool developers, users of those tools (corporations and open source developers/projects), SPDX specification developers and other members of the SPDX working groups.
If you plan to attend we would appreciate having you drop us an email at scott.lamons at hp dot com and kate.stewart at linaro dot org.