THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2011-12-05

From SPDX Wiki
< Technical Team‎ | Minutes
Revision as of 13:19, 6 March 2013 by MartinMichlmayr (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Attendees

  • Gary O’Neall
  • Bill Schineller
  • Kirsten Newcomer
  • Kate Stewart
  • Rana Rahal
  • Ed Warnicke
  • Brandon Robinson
  • Peter Williams

Agenda

  • Ed’s composite package proposal

Updates

  • Git repos back online

Composite Package Proposal

  • Ed walked through the proposal
  • Discussion on the ACL – can be used to describe what is included or excluded – perhaps even what source files are used to produce a particular binary.
  • Discussion on the domain model – should we be modeling general copyrightable material or modeling software packaging? Agree that we are not modeling the entire copyright domain. Mapping a subset of the copyright domain. The proposal is to model more of “copyrightable things” rather than just packages.
  • Do we need to have more detail on the relationship between elements? (left open)
  • Do we have a separate file for signature or do we have an “envelope” with a signature?
  • Should we separate out the concept of what is physically included/embedded from the relationship of analyzed components? Should these be represented as separate graphs?
  • Annotations approach compared to modifying a copy of an SPDX document. Annotations help solve the provenance problems. Annotation approach would be difficult for tools to recreate the new SPDX file representation. (left open)
    • Example use cases – Different opinion on the licensing for the package, choice of a license for a package that offers license choices
    • Alternative proposal – add an additional tag in an SPDX file to denote which SPDX file it is based on and what changes were made
  • Do we care about backwards compatibility? Agree to have a future discussion.