THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Minutes/2011-12-05"
From SPDX Wiki
< Technical Team | Minutes
(Convert to MediaWiki syntax) |
|||
Line 1: | Line 1: | ||
− | + | == Attendees == | |
+ | |||
+ | * Gary O’Neall | ||
+ | * Bill Schineller | ||
+ | * Kirsten Newcomer | ||
+ | * Kate Stewart | ||
+ | * Rana Rahal | ||
+ | * Ed Warnicke | ||
+ | * Brandon Robinson | ||
+ | * Peter Williams | ||
+ | |||
+ | == Agenda == | ||
+ | |||
+ | * Ed’s composite package proposal | ||
+ | |||
+ | == Updates == | ||
+ | |||
+ | * Git repos back online | ||
+ | |||
+ | == Composite Package Proposal == | ||
+ | |||
+ | * Ed walked through the proposal | ||
+ | * Discussion on the ACL – can be used to describe what is included or excluded – perhaps even what source files are used to produce a particular binary. | ||
+ | * Discussion on the domain model – should we be modeling general copyrightable material or modeling software packaging? Agree that we are not modeling the entire copyright domain. Mapping a subset of the copyright domain. The proposal is to model more of “copyrightable things” rather than just packages. | ||
+ | * Do we need to have more detail on the relationship between elements? (left open) | ||
+ | * Do we have a separate file for signature or do we have an “envelope” with a signature? | ||
+ | * Should we separate out the concept of what is physically included/embedded from the relationship of analyzed components? Should these be represented as separate graphs? | ||
+ | * Annotations approach compared to modifying a copy of an SPDX document. Annotations help solve the provenance problems. Annotation approach would be difficult for tools to recreate the new SPDX file representation. (left open) | ||
+ | ** Example use cases – Different opinion on the licensing for the package, choice of a license for a package that offers license choices | ||
+ | ** Alternative proposal – add an additional tag in an SPDX file to denote which SPDX file it is based on and what changes were made | ||
+ | * Do we care about backwards compatibility? Agree to have a future discussion. | ||
+ | |||
+ | [[Category:Technical|Minutes]] | ||
+ | [[Category:Minutes]] |
Latest revision as of 13:19, 6 March 2013
Attendees
- Gary O’Neall
- Bill Schineller
- Kirsten Newcomer
- Kate Stewart
- Rana Rahal
- Ed Warnicke
- Brandon Robinson
- Peter Williams
Agenda
- Ed’s composite package proposal
Updates
- Git repos back online
Composite Package Proposal
- Ed walked through the proposal
- Discussion on the ACL – can be used to describe what is included or excluded – perhaps even what source files are used to produce a particular binary.
- Discussion on the domain model – should we be modeling general copyrightable material or modeling software packaging? Agree that we are not modeling the entire copyright domain. Mapping a subset of the copyright domain. The proposal is to model more of “copyrightable things” rather than just packages.
- Do we need to have more detail on the relationship between elements? (left open)
- Do we have a separate file for signature or do we have an “envelope” with a signature?
- Should we separate out the concept of what is physically included/embedded from the relationship of analyzed components? Should these be represented as separate graphs?
- Annotations approach compared to modifying a copy of an SPDX document. Annotations help solve the provenance problems. Annotation approach would be difficult for tools to recreate the new SPDX file representation. (left open)
- Example use cases – Different opinion on the licensing for the package, choice of a license for a package that offers license choices
- Alternative proposal – add an additional tag in an SPDX file to denote which SPDX file it is based on and what changes were made
- Do we care about backwards compatibility? Agree to have a future discussion.