https://wiki.spdx.org/index.php?action=history&feed=atom&title=Technical_Team%2FMinutes%2F2020-08-18 2026-05-07T15:36:54Z Revision history for this page on the wiki MediaWiki 1.23.13 https://wiki.spdx.org/index.php?title=Technical_Team/Minutes/2020-08-18&diff=4871&oldid=prev 2020-08-18T18:06:21Z

<p>Created page with &quot;August 18, 2020 == Attendees == * Kate Stewart * Thomas Steenbergen * John Horan * Gary O’Neall * Peter Shin * Philippe Ombredanne Topics: * Google Summer of Code * Legal...&quot;</p> <p><b>New page</b></p><div>August 18, 2020<br /> == Attendees ==<br /> * Kate Stewart<br /> * Thomas Steenbergen <br /> * John Horan<br /> * Gary O’Neall<br /> * Peter Shin<br /> * Philippe Ombredanne<br /> <br /> Topics:<br /> * Google Summer of Code<br /> * Legal profile – continuing discussion<br /> * Gitlab support of SPDX<br /> <br /> ==GSoC==<br /> * Philip’s project should be able to present next General meeting – Kate will arrange<br /> * Philippe will meet with Philip and check on progress<br /> <br /> ==Legal Profile==<br /> * Communicating between tools<br /> ** Example: How well was the match to the license – would be helpful for a tool to tool relationship<br /> ** Issue – loss of information detail<br /> ** Snippets don’t really work – will capture the line range, but isn’t always correct<br /> ** Should it be simplified or include a lot of detail?<br /> ** Thomas: I found this license in this file at this line number<br /> ** Would like to communicate scanning results from Scancode to SW360<br /> ** Would help with audits and detecting errors/bugs<br /> ** All on the call it would be useful<br /> ** Kate created a Google doc to track the license scanning tooling profile: https://docs.google.com/document/d/1p24qf2uNk5b1rU0m_Tvj2cD-lioFaaeJKh9PmnPbhwo/edit<br /> ** Kate also added a dependency tree profiles: https://docs.google.com/document/d/1IfcSlrDou-8KLqkLr568DKGaQiHXmt_EFsZRfcf0Ej8/edit<br /> ** Kate also created a Google doc for the vulnerabilities profile: https://docs.google.com/document/d/11S8FTG5zSwmH-o_Conp9-mkzWyOuxC_KXx3VNHlhbws/edit<br /> ** Will also create an issue<br /> * Question on how to represent a source file: I have a question on how to handle declared license. If it's a short reference to a license, for example, how should SPDX or tool handle &quot;See the license file&quot; snippet. Should the SPDX handle it as a declared and none?<br /> ** Thomas, Gary and Philippe think it would be declared, but the discussion in legal was interpreted as “None” or “LicenseRef-“ with the text found in the file<br /> * Discussion on having a primary license for a package<br /> ** Philippe will propose an extension to the license expression<br /> ** Introduce “PLUS” operator with the same semantics as AND except the expression to the left of the operator is the primary license for the package<br /> <br /> <br /> ==Gitlab==<br /> * Gitlab jobs do not support SPDX<br /> * Issue logged at https://gitlab.com/gitlab-org/gitlab/-/issues/218521<br /> * Thomas requested support and comments on the issue in support of SPDX<br /> * Steve is active with Gitlab and should be able to help<br /> * Kate will add some pointers in the issue<br /> <br /> ==DCO signoff on SPDX Spec==<br /> * Currently not enabled for the spec<br /> * Agreed we will enable the DCO BOT<br /> * Will be turn on Sept. 1<br /> * Kate will send out an email<br /> * Thomas will submit a PR<br /> <br /> ==Next Week==<br /> * Vulnerabilities Profile<br /> <br /> [[Category:Technical|Minutes]]</div>

Goneall