THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Minutes/2015-05-15
From SPDX Wiki
April 28, 2015
Contents
Attendees
- Gary O'Neall
- Jack Manbeck
- Scott Sterling
- Bill Schineller
- Kate Stewart
- Mark Gisi
- Michael Herzog
Agenda
- SPDX 2.0 release Feedback
- Snippets
- External package management system identifiers
SPDX 2.0 Release Feedback
- Need a bug for documenting the difference between "SPDX File" and "SPDX Document"
- Best practices - should be updated
- this is the Best Practices wiki page Jack/Gary referring to from the past http://wiki.spdx.org/view/Technical_Team/Best_Practices
- Jack will review/add additional best practices to the Wiki
Snippets
- Proposal to focus on collateral and postpone snippets until fall
- Discussed use cases and priority
- Model (should be) completed - Snippets were notionally on this older version of SPDX Model work-in-progress http://wiki.spdx.org/view/Technical_Team/Proposals/2012-02-01/Merged_Model_Proposal
- JavaScript creates a number of issues
- Michael gave an example in healthcare.gov and suggested this is a more urgent issue due to JavaScript
- Gary and Michael will provide examples
- Structure in the tag/value document
- Adding byte range makes it difficult to create
- Can we make the byte range optional?
- Should it be its own tag or just a sub-tag in the file? Postponed to a future discussion
External / Package Management systems identifiers
- Bill S articulated the benefit of having a place in the model to identify the package/versionnot by a URL / VCS, but rather by the unique package name/version within some namespace (package mgr)
- e.g. (pseudo package manager command lines…)
- apt get foo 1.1 (Debian / Ubuntu)
- rpm install foo 1.1 (Redhat / CentOS)
- pip install foo 1.1 (Python Package Index)
- cpan get (Perl - Comprehensive Perl Archive Network)
- maven get foo 1.1 (Maven Central)
- Bill will file a Bugzilla bug report to track the issue
Discussion: how to get developers to have good OSS hygiene
- Suggest Markup / Put inside source files:
- license notice
- contributors notice
- “Grading OSS projects” (Apache projects get A+ generally)
- Michael: acknowledge expansion of mission of group?
- If this happened, generating SPDX document becomes mechanical.