Skip to content

Latest commit

 

History

History
93 lines (68 loc) · 3.7 KB

2020-06-04.md

File metadata and controls

93 lines (68 loc) · 3.7 KB

Meeting Minutes for June 4, 2020

Follow-up on previous meetings

Charter changes

Sebastian: Is the source for the charter template publicly available?

Thomas: No, it's only available on Google Docs with restricted access. But the diff to the original charter can be seen here.

Agenda

Contributing file

The CONTRIBUTING.md needs to be updated. The reference file is in the governance repository, the other repositories should link to that to minimize the effort to keep them in sync. There probably is a GitHub feature to automate this (Thomas, #5).

ort-governance is now public

Thomas: The repository was made public using CC-BY-4.0 as license and is now also used for the meeting minutes.

  1. Make the master branch protected (Martin, already done).
  2. Update the code owners file (Thomas, already done).
  3. Fix the messed up diff in the history (Thomas, already done).

Changing ORT's copyright headers

We want to simplify the copyright statements in the license headers of ORT to a more generic message. Everyone agrees on the phrase "Copyright 201x-2020 The OSS Review Toolkit contributors". Check with LF if there legal issues with this replacement and if we need approval from every single copyright holder (Thomas, #6).

90-day roadmap

Update on what the different contributors plan for the next 90 days:

HERE:

  • New license API - consolidate license handling throughout the code base.
  • Improved notice reporter with template support.
  • SPDX 2.2 reporter.
  • Various web app reporter improvements.
  • Improve documentation - dedicated docs for each tool.
    • Sebastian: Could be done in subfolders like docs/reporter/antenna.md.
    • Thomas will propose a structure before starting the work.

Bosch:

  • Filed several GitHub issues for things they want to work on.
  • Main focus is using SW360 as a scan result storage backend and curation provider.
  • Many smaller changes done on an ad-hoc basis.
  • Advisor module using Sonatype OSS index.
    • Thomas is working on the security profile for SPDX which needs feedback. Sebastian: Version ranges should be machine readable.
    • Data from Sonatype OSS index can be cached, but long term storage is not permitted.
    • Thomas gives update on experiments with GitHub index.
    • Sebastian: There are problems contributing required changes to the Sonatype client library, might require a fork of the library before we can integrate it.

Read all files from config directory

Sebastian: Work is started, but the layout of the directory needs to be discussed. No plans to work on this in the next weeks.

Check if there is a GitHub issue for this and if not create one (Sebastian created #2756 in the meantime).

Various topics

  • Team agrees on adding the suggestion to the CONTRIBUTING.md to announce major new features (like the attribution build reporter) via Slack (Thomas).

  • Make the Slack link in the README more prominent to get more people to ask questions on Slack.

  • Issue/PR templates: Team agrees on not using templates for now. For PRs we do not want to increase the hurdle for contributors, for issues it is not required, because there are not so many issues filed.

  • Enable sponsorships for ORT with the help of LF (Thomas, #7).