MartinMichlmayr: Convert to MediaWiki syntax

2013-03-29T11:07:20Z

Convert to MediaWiki syntax

Goneall at 19:47, 26 March 2013

2013-03-26T19:47:59Z

New page

General Upates:Jack requests we walk through the website / wiki next time Kate wants to start a draft of SPDX 2.0 documentationKate mentions that the UNO folks felt need for a reviewer comment at every level (e.g. File Level, not just the Doc level) Modeling:Next steps would be to do an instance diagram.Kate suggests use case of Time 1.7 upstream getting consumed by Ubuntu who applies patches to it.  <a href="http://archive.ubuntu.com/ubuntu/pool/main/t/time/">http://archive.ubuntu.com/ubuntu/pool/main/t/time/</a> Items for discussion about the updated modelDocument Relationship:  the 'downstream' Document includes the relationship, and propose it carries the SHA-1 hash of the document it refers to.  And optionally the digitally signed hash...Specifier: let's get concrete about this...  Gary thinks Specifier is a pair of a URI plus some sort of checksum that can be used to validate what the URI refers to.SPDXDoc can't have a Specifier inside itself.  But SPDXElements / SPDXPackage / could reference a specifier.Bill points out that Ed's Adopted Proposal <a href="http://spdx.org/wiki/proposal-2012-mar-06-detached-signed-spdx-files">http://spdx.org/wiki/proposal-2012-mar-06-detached-signed-spdx-files</a>indicates influence of Maven guys who do similar.Perhaps our Spec / Best Practices can point to how we recommend people publish their public keys...<a href="https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven">https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven</a> Here's an excerpt from that post talking about digital signatures:-----------Distribute Your Public KeySince other people need your public key to verify your files, you have to distribute your public key to a key server:$ gpg --keyserver hkp://pool.sks-keyservers.net --send-keys C6EED57A Here I distributed my public key to hkp://pool.sks-keyservers.net, use  --keyserver along with a key server address, and use --send-keys along with a keyid. You can get your keyid by listing the public keys.NotePublic keys are synced among key servers, but it may take a while.Now other people can import your public key from the key server to their local machines:$ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys C6EED57A-----------

← Older revision		Revision as of 11:07, 29 March 2013
Line 1:		Line 1:
−	~~<p><span style~~=~~"font-family: Times New Roman; font-size: medium;">~~ General Upates~~:</span></p><p><span style~~=~~"font-family: Consolas; font-size: medium;">~~Jack requests we walk through the website / wiki next time~~</span></p><p><span style="font-family: Times New Roman; font-size: medium;"> K</span><span style="font-family: Consolas; font-size: medium;">ate~~ wants to start a draft of SPDX 2.0 documentation~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Kate mentions that the UNO folks felt need for a reviewer comment at every level (e.g. File Level, not just the Doc level)~~</span></p><p><span style~~=~~"font-family: Times New Roman; font-size: medium;">~~ Modeling~~:</span></p><p><span style~~=~~"font-family: Times New Roman; font-size: medium;">~~Next steps would be to do an instance diagram.~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Kate suggests use case of Time 1.7 upstream getting consumed by Ubuntu who applies patches to it.~~  </span><a href="~~http://archive.ubuntu.com/ubuntu/pool/main/t/time/~~"><span style~~=~~"color: #0000ff; font-family: Consolas; font-size: medium;">http://archive.ubuntu.com/ubuntu/pool/main/t/time/</span></a></p><p> </p><p><span style~~=~~"font-family: Consolas; font-size: medium;">~~Items for discussion about~~ ~~the updated model~~</span></p><p><span style~~=~~"font-family: Consolas; font-size: medium;">~~Document Relationship:~~<span style="mso-spacerun: yes;">  </span>~~the 'downstream' Document includes the relationship, and propose it carries the SHA-1 hash of the document it refers to.~~<span style="mso-spacerun: yes;">  </span>~~And optionally the digitally signed hash...~~</span></p><p><span style="font-size: medium;"><span style="font-family: Consolas;">~~Specifier: let's get concrete about this...~~<span style="mso-spacerun: yes;">  </span></span></span></p><p><span style="font-family: Consolas; font-size: medium;">~~Gary thinks Specifier is a pair of a URI plus some sort of checksum that can be used to validate what the URI refers to.~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~SPDXDoc can't have a Specifier inside itself.~~<span style="mso-spacerun: yes;">  </span>~~But SPDXElements / SPDXPackage / could reference a specifier.~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Bill points out that ~~Ed's Adopted Proposal <~~/~~span><a href="http:~~/~~/spdx.org/wiki/proposal-~~2012~~-mar~~-06~~-detached-signed-spdx-files"><span style="color: #0000ff; font-family: Consolas; font-size: medium;">http://spdx.org/wiki/proposal-2012-mar~~-06~~-detached-signed-spdx-files<~~/~~span></a></p><p><span style="font-family: Consolas; font-size: medium;">~~indicates influence of Maven guys who do similar.~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Perhaps our Spec / Best Practices can point to how we recommend people publish their public keys...~~</span></p><p><a href="~~https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven"><span style="color: #0000ff; font-family: Consolas; font-size: medium;">https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven</span></a></p><p> </p><p class="MsoPlainText" style="margin: 0in 0in 0pt;"><span style="font-family: Consolas; font-size: medium;">Here's an excerpt from that post talking about digital signatures:~~</span></p><p><span style="font-family: Consolas; font-size: medium;">-----------</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Distribute Your Public Key~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Since other people need your public key to verify your files, you have to distribute your public key to a key server:~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~$ gpg --keyserver hkp://pool.sks-keyservers.net --send-keys C6EED57A Here I distributed my public key to hkp://pool.sks-keyservers.net, use~~<span style="mso-spacerun: yes;">  </span>~~--keyserver along with a key server address, and use --send-keys along with a keyid. You can get your keyid by listing the public keys.~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Note~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Public keys are synced among key servers, but it may take a while.~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~Now other people can import your public key from the key server to their local machines:~~</span></p><p><span style="font-family: Consolas; font-size: medium;">~~$ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys C6EED57A~~</span></p><p><span style="font-family~~: ~~Consolas; font-size~~: ~~medium;">-----------</span></p><p> </p>~~	+	== General Upates ==
		+
		+	Jack requests we walk through the website / wiki next time
		+
		+	Kate wants to start a draft of SPDX 2.0 documentation
		+
		+	Kate mentions that the UNO folks felt need for a reviewer comment at every level (e.g. File Level, not just the Doc level)
		+
		+	== Modeling ==
		+
		+	Next steps would be to do an instance diagram.
		+
		+	Kate suggests use case of Time 1.7 upstream getting consumed by Ubuntu who applies patches to it. http://archive.ubuntu.com/ubuntu/pool/main/t/time/
		+
		+	== Items for discussion about the updated model ==
		+
		+	Document Relationship: the 'downstream' Document includes the relationship, and propose it carries the SHA-1 hash of the document it refers to. And optionally the digitally signed hash...
		+
		+	Specifier: let's get concrete about this...
		+
		+	Gary thinks Specifier is a pair of a URI plus some sort of checksum that can be used to validate what the URI refers to.
		+
		+	SPDXDoc can't have a Specifier inside itself. But SPDXElements / SPDXPackage / could reference a specifier.
		+
		+	Bill points out that [[Technical_Team/Proposals/2012-06-06/Detached_Signed_SPDX_Files\|Ed's Adopted Proposal]] indicates influence of Maven guys who do similar.
		+
		+	Perhaps our Spec / Best Practices can point to how we recommend people publish their public keys...
		+
		+	https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven
		+
		+	Here's an excerpt from that post talking about digital signatures:
		+
		+	''Distribute Your Public Key
		+
		+	Since other people need your public key to verify your files, you have to distribute your public key to a key server:
		+
		+	$ gpg --keyserver hkp://pool.sks-keyservers.net --send-keys C6EED57A
		+	Here I distributed my public key to hkp://pool.sks-keyservers.net, use --keyserver along with a key server address, and use --send-keys along with a keyid. You can get your keyid by listing the public keys.
		+
		+	Note
		+
		+	Public keys are synced among key servers, but it may take a while.
		+
		+	Now other people can import your public key from the key server to their local machines:
		+
		+	$ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys C6EED57A
		+	''
		+
		+	[[Category:Technical\|Minutes]]
		+	[[Category:Minutes]]

Technical Team/Minutes/2013-03-19 - Revision history

MartinMichlmayr: Convert to MediaWiki syntax

Goneall at 19:47, 26 March 2013