Technical Team/Minutes/2011-11-29

Minutes 11/29/2011

Attendees:

• Gary O’Neall
• Bill Schineller
• Rana Rahal
• Ed Warnicke
• Brandon Robinson
• Peter Williams

Agenda:

• Bugzilla bug review

Updates:

• Bill pinged Jaime Garcia on validating the new package verification code algorithms, have not yet heard back
• Bugzilla is back!
• Minor progress on HTML pretty printer

Bugs:

• 818 – Composite packages – this represents the general discussion on hierarchies
• 968 – Package Verification Algorithm should be addressed.  Will be in a 1.1 version.
• 944 – Gary will propose a new filetype for version 2 for “CRUFT” files
• 878 – Download mechanism link would be a useful improvement.  Note that different source management systems have different mechanisms and information to denote the versions and download specifics.  DOAP has a vocabulary for this, proposal to look at DOAP and see if it can be leveraged.
• 898 - Changelog discussion:
• The proposal for composite packages can solve the need for changelogs by having one SPDX document refer to a previous SPDX document with an annotation on what has changed
• Should a complete copy be made or a reference?
• Should it be versioned?  No – a versioning would require an authority.  Need a mechanism to reliably refer to previous versions (e.g. a hashcode, verification code or other mechanism).  Action – add a bug to represent this issue – Peter will add.
• 591 – Proposal to change the license list to include “or later” for some of the license declarations.  Note that the license text for a GPL 2.0 or later license will reflect the GPL 2.0 text, which isn’t exactly correct (especially of a GPL 3.0 license is chosen).  Alternative, expand the model for the licenses to include an “or later” concept.
• 632, others – not yet discussed.