THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Minutes/2011-06-14"

From SPDX Wiki
Jump to: navigation, search
(Convert to MediaWiki syntax)
 
Line 1: Line 1:
<p><span style="font-family: Times New Roman; font-size: small;">Minutes 6/14/2011</span></p>
+
== Attendees ==
<p><span style="font-family: Times New Roman; font-size: small;"> </span></p>
+
<p><span style="font-family: Times New Roman; font-size: small;">Attendees:</span></p>
+
<ul>
+
<li><span style="font-family: Times New Roman; font-size: small;">Bill Schineller</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Kirsten Newcomer</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Kate Stewart</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Nicholas Loke</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Peter Williams</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Gary O’Neall</span></li></ul>
+
<p><span style="font-family: Times New Roman; font-size: small;"> </span></p>
+
<p><span style="font-family: Times New Roman; font-size: small;">Agenda:</span></p>
+
<ul>
+
<li><span style="font-family: Times New Roman; font-size: small;"> </span></li></ul>
+
<p><span style="font-family: Times New Roman; font-size: small;">Review of last week’s items:</span></p>
+
<ul>
+
<li><span style="font-family: Times New Roman; font-size: small;">Legal language updated from last week completed</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Review of document – Kate received some comments</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Spreadsheet example of the URI for artifactOf (Gary) – Still pending </span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Spec updated with change to hasFile</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">PackageVerificationCode – still pending</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">SimpleLicensingInfo – pending</span></li>
+
<li><span style="font-family: Times New Roman; font-size: small;">Embedded Octect Stream  - pending</span></li></ul>
+
<p><span style="font-family: Times New Roman; font-size: small;"> </span></p>
+
<p><span style="font-family: Times New Roman; font-size: small;">Update on Kate’s conversation with Steve</span></p>
+
<ul>
+
<li><span style="font-family: Times New Roman; font-size: small;">Need to capture a “supply chain” for the origin of the packages</span><ul>
+
<li><span style="font-family: Times New Roman; font-size: small;">Can capture this as a reviewer, but would require a company – proposal to have Reviewer be an Agent.  Agree to change the spec to accommodate company.  We can change the definition of the string or we can implement Agent.  For Beta, we can change the definition of the string.  We would like to implement an Agent structure, but that would require a more detailed proposal and incrementing the version number.  Kate will work on a proposal.</span></li></ul></li>
+
  
<li><span style="font-family: Times New Roman; font-size: small;">Proposal to have a package level ArtifactOf.  Agree that this will be useful.  This may require two different properties to represent A) if the package is part of a larger project and B) the package originates in a particular project.  We need some use cases written – Peter will write one of the use cases in a bug.</span></li>
+
* Bill Schineller
<li><span style="font-family: Times New Roman; font-size: small;">Need to write-up usage of the spec</span><ul>
+
* Kirsten Newcomer
<li><span style="font-family: Times New Roman; font-size: small;">Agree to create a Wiki page for usage guidelines.  This would be structured around use cases and a description of the fields.  The per-field would shadow the spec.  Any contributed conversations to the per-field could be rolled into the spec itself at a later date.  Would like to create a separate Beta web page which would include a link to the usage guidelines page.  This could be added under participation.  Kirsten will add after checking with Kim.</span></li></ul></li>
+
* Kate Stewart
 +
* Nicholas Loke
 +
* Peter Williams
 +
* Gary O’Neall
  
<li><span style="font-size: small;"><span style="font-family: Times New Roman;">Crypto flag request – need a proposal. </span></span></li>
+
== Review of last week’s items ==
<li><span style="font-family: Times New Roman; font-size: small;">Suggest that we add bugs for the new proposal.</span></li>
+
 
<li><span style="font-family: Times New Roman; font-size: small;">Open source or commercial package flag request – concern that different companies/organizations have different definitions of open source and commercial package</span></li>
+
* Legal language updated from last week completed
<li><span style="font-family: Times New Roman; font-size: small;">Package version – request to make the version parseable. Agree to add a field, but there was concern on making it parseable – Kate will add this in the next draft</span></li>
+
* Review of document – Kate received some comments
<li><span style="font-family: Times New Roman; font-size: small;">Use of term package, raises questions about the hierarchy of packages. ArtifactOf at the package level will help.</span></li>
+
* Spreadsheet example of the URI for artifactOf (Gary) – Still pending
<li><span style="font-family: Times New Roman; font-size: small;">A third delivery model – 1) SPDX is a sidecar to the package archive, 2) SPDX is embedded in the package, 3) a third proposal would be to have the SPDX document itself contains the archive.</span></li></ul>
+
* Spec updated with change to hasFile
 +
* PackageVerificationCode – still pending
 +
* SimpleLicensingInfo – pending
 +
* Embedded Octect Stream - pending
 +
 
 +
== Update on Kate’s conversation with Steve ==
 +
 
 +
* Need to capture a “supply chain” for the origin of the packages
 +
** Can capture this as a reviewer, but would require a company – proposal to have Reviewer be an Agent. Agree to change the spec to accommodate company. We can change the definition of the string or we can implement Agent. For Beta, we can change the definition of the string. We would like to implement an Agent structure, but that would require a more detailed proposal and incrementing the version number. Kate will work on a proposal.
 +
* Proposal to have a package level ArtifactOf. Agree that this will be useful. This may require two different properties to represent A) if the package is part of a larger project and B) the package originates in a particular project. We need some use cases written – Peter will write one of the use cases in a bug.
 +
* Need to write-up usage of the spec
 +
** Agree to create a Wiki page for usage guidelines. This would be structured around use cases and a description of the fields. The per-field would shadow the spec. Any contributed conversations to the per-field could be rolled into the spec itself at a later date. Would like to create a separate Beta web page which would include a link to the usage guidelines page. This could be added under participation. Kirsten will add after checking with Kim.
 +
* Crypto flag request – need a proposal.
 +
* Suggest that we add bugs for the new proposal.
 +
* Open source or commercial package flag request – concern that different companies/organizations have different definitions of open source and commercial package
 +
* Package version – request to make the version parseable. Agree to add a field, but there was concern on making it parseable – Kate will add this in the next draft
 +
* Use of term package, raises questions about the hierarchy of packages. ArtifactOf at the package level will help.
 +
* A third delivery model – 1) SPDX is a sidecar to the package archive, 2) SPDX is embedded in the package, 3) a third proposal would be to have the SPDX document itself contains the archive.
 +
 
 +
[[Category:Technical|Minutes]]
 +
[[Category:Minutes]]

Latest revision as of 13:12, 6 March 2013

Attendees

  • Bill Schineller
  • Kirsten Newcomer
  • Kate Stewart
  • Nicholas Loke
  • Peter Williams
  • Gary O’Neall

Review of last week’s items

  • Legal language updated from last week completed
  • Review of document – Kate received some comments
  • Spreadsheet example of the URI for artifactOf (Gary) – Still pending
  • Spec updated with change to hasFile
  • PackageVerificationCode – still pending
  • SimpleLicensingInfo – pending
  • Embedded Octect Stream - pending

Update on Kate’s conversation with Steve

  • Need to capture a “supply chain” for the origin of the packages
    • Can capture this as a reviewer, but would require a company – proposal to have Reviewer be an Agent. Agree to change the spec to accommodate company. We can change the definition of the string or we can implement Agent. For Beta, we can change the definition of the string. We would like to implement an Agent structure, but that would require a more detailed proposal and incrementing the version number. Kate will work on a proposal.
  • Proposal to have a package level ArtifactOf. Agree that this will be useful. This may require two different properties to represent A) if the package is part of a larger project and B) the package originates in a particular project. We need some use cases written – Peter will write one of the use cases in a bug.
  • Need to write-up usage of the spec
    • Agree to create a Wiki page for usage guidelines. This would be structured around use cases and a description of the fields. The per-field would shadow the spec. Any contributed conversations to the per-field could be rolled into the spec itself at a later date. Would like to create a separate Beta web page which would include a link to the usage guidelines page. This could be added under participation. Kirsten will add after checking with Kim.
  • Crypto flag request – need a proposal.
  • Suggest that we add bugs for the new proposal.
  • Open source or commercial package flag request – concern that different companies/organizations have different definitions of open source and commercial package
  • Package version – request to make the version parseable. Agree to add a field, but there was concern on making it parseable – Kate will add this in the next draft
  • Use of term package, raises questions about the hierarchy of packages. ArtifactOf at the package level will help.
  • A third delivery model – 1) SPDX is a sidecar to the package archive, 2) SPDX is embedded in the package, 3) a third proposal would be to have the SPDX document itself contains the archive.