Technical Team/Minutes/2020-05-05

May 5, 2020

Attendees

4 projects selected
Looking for mentoring possibility for one of the students who should have been selected but wasn’t
Currently in community bonding
Active coding about a month away, will start having the students join the call at that time
Discussion on the approach for repos:
- Up to student and mentor – Gary can create a repo in SPDX, can use a branch in an existing SPDX repo, or can use the student’s repo and transfer to SPDX at the end of the project
Question on Gitter
- We’ll use the public SPDX channel for most communications

Release done over the weekend
development/v2.2.1 branch created and made the default branch
Thanks to the many contributors and reviewers – especially Alexios, Steve, Thomas, William, Kate and Gary
Rendering for the v2 draft has some problems – William is looking into

Focused on the ISO standard
Conversion to the standard as first phase and move to word for submission as a second phase

See slides for the overview presented by Nisha
Issue with download URL not being a URL
Issue with the size – 7MB for the example shown
Issue with difference in representation in the layer descriptions and in the flattened image
- Name are based on the SHA checksum, not a natural filename
Is it possible to define an SPDX document for each layer
- Yes – external document refs can be used
- Discussion on tooling support
Discussion on different relationship types for the manifest.json and config.json
How do we account for content addressable “Packages”?
What does an external reference look like for deployments?
Can we compose/decompose SPDX documents?
Can we provide pipeline context?
General agreement that the relationships between docs and pipeline is related to the linking proposal Santiago is working on