THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2011-08-02

From SPDX Wiki
Jump to: navigation, search

Attendees

  • Kirsten Newcomer
  • Nicholas Loke
  • Peter Williams
  • Kate Stewart
  • Steve Cropper
  • Jack Manbeck
  • Marshall Clow

Agenda

  • Discussion of Supplier related fields
  • Review of recent updates to the Spec
  • Open Action Items (see list at end of minutes)

Supplier fields discussion

  • Kate has updated the working version of the spec with the two fields discussed last week
    • Package Supplier
    • Package Originator
  • Today's discussion started with some email threads on intended use of
  • We seem to have a common understanding of what info should be used to fill in the Package Supplier field
  • We're still working toward a common understanding for the Package Originator field
    • We discussed a few possibilities. For example, is the data in the Package Originator field
      • the copyright holder?
      • the place where the Supplier got the code?
    • We discussed the desire to capture the chain of custody in the SPDX document; Kate noted that was part of the original intent of the Reviewer field
    • We noted that there is an overlap between the goal of capturing chain of custody and the need for hierarchy in the SPDX document; hierarchy will be discussed post 1.0
  • Concluded: we need to make an extra effort to document the thinking behind these fields and provide usage guidelines

Additional updates to Spec

  • Kate walked the team through some additional updates that have been made to the spec as well as some planned changes based on feedback
  • Key changes include:
    • Clean up of RDF section (typos, spelling)
    • Proposed changes to certain field names for tag/value
    • Section 1.7: Conformance statement will point to trademark statement that is being worked by legal team and will be posted to web. This is not yet finalized.
    • Section 2.2: SPDX data will still be delivered under PDDL-1.0. Confidentiality field has been dropped.
      • Acknowledged that this could be an issue for using SPDX with commercial/proprietary code and plan to discuss commercial code use case post-1.0 GA
    • Recommend that info be added on where to provide feedback

Open Action Items

  • Everyone: Bug list review
    • review for any open P1s assigned to you
    • review closed bugs to be sure we're in agreement
  • Start developing Guidelines for Implementation/Use and/or Best Practices
    • Everyone: Review current FAQ as starting point. You can find it here: http://spdx.org/spec/guidelines
    • If you've volunteered to update/add to a certain section, please add your name here. :-)
  • Kirsten: Provide website location for 2 items so can be referenced in Spec
    • Process for requesting licenses be added to SPDX license list.
    • SPDX trademark terms.
      • I've added placehoder text for a links here: http://spdx.org/spec
      • I don't have the privs to create a new child page and will send a note to Martin
  • Everyone: Please review the spec with the goal of approving final version next week if possible

Corrections, additions welcome.