THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2011-04-07

From SPDX Wiki
< Technical Team‎ | Minutes
Revision as of 16:30, 11 April 2011 by Goneall (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Attendees

--------------

Kate Stewart

Peter Williams

Bill Schineller

Gary O'Neall

Phil Odence

Kirsten Newcomer

Mark Gisi

Marshall Clow

Matt Germon

Michael Herzog

Scott Peterson

Jack Manbeck

Philip Koltun

Steve Cropper

Kim Weins

Martin Michlmayr

Guillaume Rousseau

 

Agenda

-----------

  • Review spec 
  • Tools overview
  •  Licensing model
  • Remainder of the bugs
  •  Version 2.0 considerations

 

We reviewed the Specification as a group in order to close on issues and get agreement for the beta/release candidate version of the Specification. 

There was a lot of lively and effective discussion. 

A number of updates were made to the Specification during the meeting. 

Below are the conclusions made during discussion, along with some issues identified for exploration after beta. 

Again, please review and send additions/corrections as needed

 

Conclusions

-----------------

  • Specification number will be set to version 0.8
  • Purpose text:
    •  major versions incremented when incompatible changes are made. 
    • minor field will be incremented when backward compatible changes are made. 
    • Concern about the example where sections cause major version revisions.  We’ll leave the example for now.
  • Section 2 will be split into two parts and the following sections will be re-numbered
  • Section 2 title: SPDX Document 
    • sub-section 2.1 SPDX Specification Version Number
  • New Section 3 title:  Creation Information 
    •  sub-sections include remaining fields from original Section 2, as modified during meeting
    • Creator: changed format to be future reference to format and define it to be just a string for version 1
    • Created: updated the definition to be the last update when the analysis was done
  • NOTE: Following comments refer to section numbers in place during the meeting
  • Add all the rdf properties to the SPDX Document to map the package and analysis
  • Add a checksum class to the Specification (referred to in File section)
  • Review for terminology consistency
    • license vs. licensing
    • Undetermined vs. Unknown: used to indicate that data was reviewed, but conclusion is not clear
    • Not Analyzed will be used to indicate that data was not looked for
    • None: data was looked for but none found
  • Package-level and File-level licensing fields:
    • Proposed 

licensing model that enables representation of disjunctive / conjunctive licensing is adopted. This means license cardinality can be 1. 

  •  
    • Affected sections will be updated, including
      • 5.4.1
      • 5.5
  •   Some Purpose/Intent text in the related sections needs to be reviewed with legal. Specifically:
    • 3.8.1: "all should be recited"
    • 3.10:  text refers to both author and copyright, but field descriptions are specific to copyright. Intent/Purpose text and fields need to be in agreement
    • 4.1 wording in Intent -- exact words were highlighted in spec during discussion
  • Cardinality for Copyright will remain 1 for beta, but will be more than one after beta
  • Section 5.2.6: 
    • Need to add definitions for listed types
    • For future version of Specification, consider mime types.
  • Section 5.6: Need this same field at the package level
  • Fix "SDPX" typo in footer
  • Review section (is this Review or Reviewer?)
    • Copy Creator Data format information to Reviewer section
    • Review Comment field: Needs intent text from Rockett
  • Appendix I will simply link to SPDX License repository
  •  

Graphical version of model will be added to the Specification (appendix?)

 

Action Items

-----------------

Kate will complete first round of edits to Specification by 4/7

Gary will complete additional updates to Specification by 4/11

Kate will get input on wording changes from legal where appropriate

Technical team will do a final review on 4/12

 

Open Issues

------------------

Concerns were raised about the verification mechanism (SHA1) not including the relative filename

Will the OWL document be added to the Specification?

Proposed that version two provide support for more hierarchical use cases (package in a package for example)

Concern about the created date being overly specified for the RDF format