Re: Knowledge Sharing: Reference guideline for exchanging license information in the supply chain


J Lovejoy
 

Hi Fukuchi-San,

Thanks for the additional information. I agree with everything you have said below!

As to this point: 
SPDX short identifier is very famous, but SPDX specification is not so.
(Many engineers confusingly think SPDX short identifier as SPDX.)

I too have observed this. If you or anyone has any ideas on how to prevent this, that would be very helpful!


Thanks,
Jilayne

On Jan 14, 2019, at 6:24 PM, <Hiroyuki.Fukuchi@...> <Hiroyuki.Fukuchi@...> wrote:

Hi Jilayne-san,
 
Thank you for your comment and having an interest in our activity.
 
I agree with you. SPDX has mandatory fields to fill.
I also understand the current “SPDX light” is not compliant with the specification, and SPDX is specified by the SPDX workgroup.
 
I am sorry for using a confusing word “SPDX light”.
But we just want to represent our concept by an easy word.
 
Now we are collecting a minimum and actual information that is used in our actual business in Japan.
 
We observe:
SPDX short identifier is very famous, but SPDX specification is not so.
(Many engineers confusingly think SPDX short identifier as SPDX.)
Some companies use SPDX files in actual business.
But many other companies do not use SPDX specification, but use their own format.
The fields in the formats they use are almost included in SPDX specification.
The formats are very similar each other (but not identical), so we make the list:
I think this actual data is a good feedback to the specification.
 
 
We think SPDX is very useful to communicating license information between organizations.
We basically want to recommend SPDX in the supply chain ecosystem and want to promote.
 
But in reality, many companies do not know and use SPDX.
We want to resolve this issue and foster the SPDX and OpenChain world.
 
We are sharing these information with Kate-san and will continue to do.
If needed, I would like to join the SPDX subgroup.
 
 
---
Hiro Fukuchi (Hiroyuki.Fukuchi@...)
Sony
 
From: J Lovejoy <opensource@...> 
Sent: Saturday, January 12, 2019 9:34 AM
To: Fukuchi, Hiroyuki (Sony) <Hiroyuki.Fukuchi@...>
Cc: Shane Coughlan <coughlan@...>; Jeff.McAffer@...; openchain@...; openchain-japan-wg@...
Subject: Re: [OpenChain] Knowledge Sharing: Reference guideline for exchanging license information in the supply chain
 
Hi all,
 
I’m a bit confused with the reference to “SPDX light”. The SPDX specification has mandatory and optional fields. An SPDX document that only uses the mandatory files is… and SPDX document, plain and simple; there is no reason to call it something else. 
 
The graphic below is a easy-reference of all the mandatory fields (it is also an old graphic, but I don’t think anything has changes for mandatory fields). I just want to be sure that any consideration here is made with full awareness of the different types of fields (mandatory v. optional) in the SPDX Specification.
 
There was some discussion about an “SPDX light” variant in the SPDX working group some years ago, but never took wings. Kate can probably provide more background on that (if even needed, it was a long time ago…) but I seem to recall part of the reason was along the lines of what I’ve stated above: the mandatory fields seem to represent the minimum information that most suppliers would ask for anyway.  
 
Also, I’d highly encourage that any discussion relating to SPDX and the SPDX specification fields should really be done via the SPDX working group :)
 
Cheers,
Jilayne
 
 
 
<image001.png>


On Jan 11, 2019, at 2:10 AM, <Hiroyuki.Fukuchi@...> <Hiroyuki.Fukuchi@...> wrote:
 
Hi all,

Yesterday, the subgroup held a face-to-face meeting to discuss SPDX light.
(Members belong to the automotive, consumer electronics and IT industries.)
The outcome is here:
https://github.com/OpenChain-Project/Japan-WG-General/blob/master/License-Info-Exchange/Doc-at-Meeting/Candidate-of-SDPX-light.md

You can see which items in SPDX are being discussed.

---
Hiro Fukuchi (Hiroyuki.Fukuchi@...)
Sony


-----Original Message-----
From: Fukuchi, Hiroyuki (Sony)
Sent: Friday, January 11, 2019 9:27 AM
To: Shane Coughlan <coughlan@...>; Jeff McAffer
<Jeff.McAffer@...>
Cc: OpenChain <openchain@...>;
openchain-japan-wg@...
Subject: RE: [OpenChain] Knowledge Sharing: Reference guideline for
exchanging license information in the supply chain

Hi Jeff-san,


     • Is there more detail somewhere on SPDX light?

Now Japan WG is considering the "SPDX light".

The current format under discussion is shared at GitHub:
(An Example of Minimum License Information List (Automotive))
https://github.com/OpenChain-Project/Japan-WG-General/blob/master/Licens
e-Info-Exchange/Doc-at-Meeting/License-Info-list-automotive.md

We will prepare a brief explanation, a sample data and a procedure to produce it.


The concept is:
The target user of "SPDX light" is a supplier who do not have enough knowledge
about SPDX and OSS compliance.
It is easy to use without tool, but having minimum set for compliance and
SPDX-affinity.


---
Hiro Fukuchi (Hiroyuki.Fukuchi@...) Sony


-----Original Message-----
From: openchain-bounces@...
<openchain-bounces@...> On Behalf Of Shane
Coughlan
Sent: Thursday, January 10, 2019 3:56 PM
To: Jeff McAffer <Jeff.McAffer@...>
Cc: OpenChain <openchain@...>;
openchain-japan-wg@...
Subject: Re: [OpenChain] Knowledge Sharing: Reference guideline for
exchanging license information in the supply chain

Hi Jeff!

Great question. The OpenChain Japan WG has adjacent material on
SDPX/FOSSology:

- to-use-spdx-and-fossology-from-the-openchain-japan-work-group
(Just announced a couple of minutes ago)

About ClearlyDefined, absolutely. All community projects should align
closely for cross-use and interoperability. Let me hook you up to the
Japan WG (in CC) so you can chat direct about how the reference materials can
be expended.


Regards

Shane


On Jan 10, 2019, at 15:49, Jeff McAffer <Jeff.McAffer@...> wrote:

Looks good Shane. Two questions:
     • Is there more detail somewhere on SPDX light?
     • Would it make sense for ClearlyDefined to be a Community source
of
license and copyright info?

<openchain-bounces@...> On Behalf Of Shane
Coughlan

Sent: Wednesday, January 9, 2019 10:34 PM
To: OpenChain <openchain@...>
Subject: [OpenChain] Knowledge Sharing: Reference guideline for
exchanging
license information in the supply chain


<image001.jpg>
The OpenChain Project Japan Work Group is creating a reference
guideline for
exchanging license information in the supply chain. The basic concept
is that all the entities, suppliers, integrators and OSS communities
exchange license information by SPDX (Software Package Data Exchange),
an open standard for communicating software bill of material information.


Learn More:
               • Japan work group:
               • SPDX: https://spdx.org/
               • REUSE initiative: https://reuse.software/

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Schedule a call:
https://calendly.com/shanecoughlan

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain

Join main@lists.openchainproject.org to automatically receive all group messages.