THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Minutes/2011-01-25"

From SPDX Wiki
Jump to: navigation, search
 
(Convert to MediaWiki syntax)
 
Line 1: Line 1:
<p>Minutes 1/25/2011</p><p>Attendees:</p><p>Bill Schineller<br />Gary O'Neall<br />Peter Williams<br />Kate Stewart</p><p>Summary of follow-up items from the call:</p><ul><li>License section - consider renaming non-standard licenses to embedded licenses - has implications on the short form names.&nbsp; Todo: Kate to follow-up on the proposal.&nbsp; </li><li>Document and review the algorithm for creating the xor'd sha1's from the file list</li><li>Change the description in the source information field in the package section</li><li>Discuss/decide if the package level asserted license should be optional or mandatory</li><li>Rename "asserted license" to "asserted licensing"</li><li>Future topic- should there be additional optional fields for non-standard licenses?</li><li>Add a comment for the reviewer in the review section</li><li>Reconcile the tag names with the SPDX overview</li><li>consider a more consistent naming convention</li></ul><p>Minute details:</p><p>Review spdx overview slides sent by Kate - purpose to align on the current status of the spec:<br />&nbsp;Section Headers in the spec - Reviewer information has been moved to a separate section at the end<br />&nbsp;License section - consider renaming non-standard licenses to embedded licenses - has implications on the short form names.&nbsp; Todo: Kate to follow-up on the proposal.&nbsp; Note that embedded is somewhat ambiguous - used for "embedded in the package" as opposed to "embedded in the SPDX file"<br />&nbsp;Identification section - Version of SPDX - does it make sense in the RDF spec?&nbsp; Topic for future discussion.<br />&nbsp;Identification section - Method of xor for all file sha's to generate overall checksum - need to publish and review the specific algorithm<br />&nbsp;The package file sha is optional in case the spdx file is embedded<br />&nbsp;Source information - change description to reflect additional information on the source rather than anomalies (e.g. the download URL is no longer available)<br />&nbsp;Package level - agree to add asserted license<br />&nbsp;&nbsp;Asserted may include logic (and/or disjunctive/etc)<br />&nbsp;&nbsp;Seen licenses would just be a list<br />&nbsp;&nbsp;Not clear if asserted license at the package level should be mandatory or optional - future discussion<br />&nbsp;Copyright - just a string for release 1 of SPDX<br />&nbsp;<br />&nbsp;Should there be additional optional tags in the non-standard license?&nbsp; Topic for a future proposal.<br />&nbsp;File - Asserted License -&gt; Asserted Licensing (takes care of possibility of multiple licenses)<br />&nbsp;File - Seen license - can be multiple licenses<br />&nbsp;&nbsp;Cardinality - does it make sense to have a mandatory field that may contain 0 items&nbsp; - yes since it confirms that "none were found"<br />&nbsp;Reviews - should there be a comment for the reviewer?&nbsp; Yes - add this as an optional field.</p><p>Todo: reconcile the tag names with the spdx overview<br />Need a better naming convention - add to topic for next week's call - suggestion to invite the individual providing the feedback to the call.</p>
+
== Attendees ==
 +
 
 +
* Bill Schineller
 +
* Gary O'Neall
 +
* Peter Williams
 +
* Kate Stewart
 +
 
 +
== Summary of follow-up items from the call ==
 +
 
 +
* License section - consider renaming non-standard licenses to embedded licenses - has implications on the short form names. Todo: Kate to follow-up on the proposal.
 +
* Document and review the algorithm for creating the xor'd sha1's from the file list
 +
* Change the description in the source information field in the package section
 +
* Discuss/decide if the package level asserted license should be optional or mandatory
 +
* Rename "asserted license" to "asserted licensing"
 +
* Future topic- should there be additional optional fields for non-standard licenses?
 +
* Add a comment for the reviewer in the review section
 +
* Reconcile the tag names with the SPDX overview
 +
* consider a more consistent naming convention
 +
 
 +
== Minute details ==
 +
 
 +
Review spdx overview slides sent by Kate - purpose to align on the current status of the spec:
 +
 
 +
* Section Headers in the spec - Reviewer information has been moved to a separate section at the end
 +
* License section - consider renaming non-standard licenses to embedded licenses - has implications on the short form names. Todo: Kate to follow-up on the proposal. Note that embedded is somewhat ambiguous - used for "embedded in the package" as opposed to "embedded in the SPDX file"
 +
* Identification section - Version of SPDX - does it make sense in the RDF spec? Topic for future discussion.
 +
* Identification section - Method of xor for all file sha's to generate overall checksum - need to publish and review the specific algorithmThe package file sha is optional in case the spdx file is embedded
 +
 
 +
* Source information - change description to reflect additional information on the source rather than anomalies (e.g. the download URL is no longer available)
 +
* Package level - agree to add asserted license. Asserted may include logic (and/or disjunctive/etc)
 +
** Seen licenses would just be a list
 +
** Not clear if asserted license at the package level should be mandatory or optional - future discussion
 +
* Copyright - just a string for release 1 of SPDX
 +
* Should there be additional optional tags in the non-standard license? Topic for a future proposal.
 +
* File - Asserted License Asserted Licensing (takes care of possibility of multiple licenses)
 +
* File - Seen license - can be multiple licenses
 +
* Cardinality - does it make sense to have a mandatory field that may contain 0 items - yes since it confirms that "none were found"
 +
* Reviews - should there be a comment for the reviewer? Yes - add this as an optional field.
 +
 
 +
Todo: reconcile the tag names with the spdx overview
 +
 
 +
Need a better naming convention - add to topic for next week's call - suggestion to invite the individual providing the feedback to the call.
 +
 
 +
[[Category:Technical|Minutes]]
 +
[[Category:Minutes]]

Latest revision as of 12:56, 6 March 2013

Attendees

  • Bill Schineller
  • Gary O'Neall
  • Peter Williams
  • Kate Stewart

Summary of follow-up items from the call

  • License section - consider renaming non-standard licenses to embedded licenses - has implications on the short form names. Todo: Kate to follow-up on the proposal.
  • Document and review the algorithm for creating the xor'd sha1's from the file list
  • Change the description in the source information field in the package section
  • Discuss/decide if the package level asserted license should be optional or mandatory
  • Rename "asserted license" to "asserted licensing"
  • Future topic- should there be additional optional fields for non-standard licenses?
  • Add a comment for the reviewer in the review section
  • Reconcile the tag names with the SPDX overview
  • consider a more consistent naming convention

Minute details

Review spdx overview slides sent by Kate - purpose to align on the current status of the spec:

  • Section Headers in the spec - Reviewer information has been moved to a separate section at the end
  • License section - consider renaming non-standard licenses to embedded licenses - has implications on the short form names. Todo: Kate to follow-up on the proposal. Note that embedded is somewhat ambiguous - used for "embedded in the package" as opposed to "embedded in the SPDX file"
  • Identification section - Version of SPDX - does it make sense in the RDF spec? Topic for future discussion.
  • Identification section - Method of xor for all file sha's to generate overall checksum - need to publish and review the specific algorithm. The package file sha is optional in case the spdx file is embedded
  • Source information - change description to reflect additional information on the source rather than anomalies (e.g. the download URL is no longer available)
  • Package level - agree to add asserted license. Asserted may include logic (and/or disjunctive/etc)
    • Seen licenses would just be a list
    • Not clear if asserted license at the package level should be mandatory or optional - future discussion
  • Copyright - just a string for release 1 of SPDX
  • Should there be additional optional tags in the non-standard license? Topic for a future proposal.
  • File - Asserted License → Asserted Licensing (takes care of possibility of multiple licenses)
  • File - Seen license - can be multiple licenses
  • Cardinality - does it make sense to have a mandatory field that may contain 0 items - yes since it confirms that "none were found"
  • Reviews - should there be a comment for the reviewer? Yes - add this as an optional field.

Todo: reconcile the tag names with the spdx overview

Need a better naming convention - add to topic for next week's call - suggestion to invite the individual providing the feedback to the call.