From SPDX Wiki
- Gary O’Neall
- Bill Schineller
- Rana Rahal
- Ed Warnicke
- Brandon Robinson
- Peter Williams
- Bugzilla bug review
- Bill pinged Jaime Garcia on validating the new package verification code algorithms, have not yet heard back
- Bugzilla is back!
- Minor progress on HTML pretty printer
- 818 – Composite packages – this represents the general discussion on hierarchies
- 968 – Package Verification Algorithm should be addressed. Will be in a 1.1 version.
- 944 – Gary will propose a new filetype for version 2 for “CRUFT” files
- 878 – Download mechanism link would be a useful improvement. Note that different source management systems have different mechanisms and information to denote the versions and download specifics. DOAP has a vocabulary for this, proposal to look at DOAP and see if it can be leveraged.
- 898 - Changelog discussion:
- The proposal for composite packages can solve the need for changelogs by having one SPDX document refer to a previous SPDX document with an annotation on what has changed
- Should a complete copy be made or a reference?
- Should it be versioned? No – a versioning would require an authority. Need a mechanism to reliably refer to previous versions (e.g. a hashcode, verification code or other mechanism). Action – add a bug to represent this issue – Peter will add.
- 591 – Proposal to change the license list to include “or later” for some of the license declarations. Note that the license text for a GPL 2.0 or later license will reflect the GPL 2.0 text, which isn’t exactly correct (especially of a GPL 3.0 license is chosen). Alternative, expand the model for the licenses to include an “or later” concept.
- 632, others – not yet discussed.