THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Minutes/2016-03-30
From SPDX Wiki
Linux Collaboration Summit F2F Meeting March 30, 2016
Attendees
- Kate Stewart
- Gary O'Neall
- Jack Manbeck
- Bill Schineller
- Robin Gandhi
- Tom Vidal
- Matt Germonprez
- David Wheeler
Review of the 2.1 Spec
- See updated Google Doc for results of the review: https://docs.google.com/document/d/112x3s3g1Qg2tj8bjvIPsqIBlWUp3Sob37cvAx2eiS6U
- Update section 1.8 to reflect that NONE and NOASSERTION have been clarified
- In the context of external packages, have a couple examples of scenerios 3.5, 3.6, and 3.7 filled in
- Section 3.8 - add a Project example for the case when the SPDX document represent a meta level project
- Discussion on the requirement to have a package in every SPDX document
- Has been an assumption in the past
- Correction use case - just refer to another SPDX document that has the package and make a correction
- Will discuss in the next meeting
- Should we expand the purpose to include more than just the binary file case? Agree it should be expanded - Rob to propose
- Discussion on the cardinality of the packageVerificationCode being dependent on the has files field
- Can not use the OWL constraint
- Discussed possibly requiring the verification code but changing the algorithm
- Could not arrive at a satisfactory algorithm for all the use cases discussed
- External reference ID
- Rule to add a new pre-defined reference
- Must have a valid regular expression for the reference
- Rule to add a new pre-defined reference