THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Minutes/2011-04-07
Attendees
--------------
Kate Stewart
Peter Williams
Bill Schineller
Gary O'Neall
Phil Odence
Kirsten Newcomer
Mark Gisi
Marshall Clow
Matt Germon
Michael Herzog
Scott Peterson
Jack Manbeck
Philip Koltun
Steve Cropper
Kim Weins
Martin Michlmayr
Guillaume Rousseau
Agenda
-----------
- Review spec
- Tools overview
- Licensing model
- Remainder of the bugs
- Version 2.0 considerations
We reviewed the Specification as a group in order to close on issues and get agreement for the beta/release candidate version of the Specification.
There was a lot of lively and effective discussion.
A number of updates were made to the Specification during the meeting.
Below are the conclusions made during discussion, along with some issues identified for exploration after beta.
Again, please review and send additions/corrections as needed
Conclusions
-----------------
- Specification number will be set to version 0.8
- Purpose text:
- major versions incremented when incompatible changes are made.
- minor field will be incremented when backward compatible changes are made.
- Concern about the example where sections cause major version revisions. We’ll leave the example for now.
- Section 2 will be split into two parts and the following sections will be re-numbered
- Section 2 title: SPDX Document
- sub-section 2.1 SPDX Specification Version Number
- New Section 3 title: Creation Information
- sub-sections include remaining fields from original Section 2, as modified during meeting
- Creator: changed format to be future reference to format and define it to be just a string for version 1
- Created: updated the definition to be the last update when the analysis was done
- NOTE: Following comments refer to section numbers in place during the meeting
- Add all the rdf properties to the SPDX Document to map the package and analysis
- Add a checksum class to the Specification (referred to in File section)
- Review for terminology consistency
- license vs. licensing
- Undetermined vs. Unknown: used to indicate that data was reviewed, but conclusion is not clear
- Not Analyzed will be used to indicate that data was not looked for
- None: data was looked for but none found
- Package-level and File-level licensing fields:
- Proposed
licensing model that enables representation of disjunctive / conjunctive licensing is adopted. This means license cardinality can be 1.
-
- Affected sections will be updated, including
- 5.4.1
- 5.5
- Affected sections will be updated, including
- Some Purpose/Intent text in the related sections needs to be reviewed with legal. Specifically:
- 3.8.1: "all should be recited"
- 3.10: text refers to both author and copyright, but field descriptions are specific to copyright. Intent/Purpose text and fields need to be in agreement
- 4.1 wording in Intent -- exact words were highlighted in spec during discussion
- Cardinality for Copyright will remain 1 for beta, but will be more than one after beta
- Section 5.2.6:
- Need to add definitions for listed types
- For future version of Specification, consider mime types.
- Section 5.6: Need this same field at the package level
- Fix "SDPX" typo in footer
- Review section (is this Review or Reviewer?)
- Copy Creator Data format information to Reviewer section
- Review Comment field: Needs intent text from Rockett
- Appendix I will simply link to SPDX License repository
Graphical version of model will be added to the Specification (appendix?)
Action Items
-----------------
Kate will complete first round of edits to Specification
Gary will make additional edits to the Specification to add RDF/XML examples and update the tools and example spreadsheet
Kate will get input on wording changes from legal where appropriate
Technical team will do a final review; date TBD
Open Issues
------------------
Concerns were raised about the verification mechanism (SHA1) not including the relative filename
Will the OWL document be added to the Specification?
Proposed that version two provide support for more hierarchical use cases (package in a package for example)
Concern about the created date being overly specified for the RDF format