Technical Team/Minutes/2011-12-05

Attendees

Ed walked through the proposal
Discussion on the ACL – can be used to describe what is included or excluded – perhaps even what source files are used to produce a particular binary.
Discussion on the domain model – should we be modeling general copyrightable material or modeling software packaging? Agree that we are not modeling the entire copyright domain. Mapping a subset of the copyright domain. The proposal is to model more of “copyrightable things” rather than just packages.
Do we need to have more detail on the relationship between elements? (left open)
Do we have a separate file for signature or do we have an “envelope” with a signature?
Should we separate out the concept of what is physically included/embedded from the relationship of analyzed components? Should these be represented as separate graphs?
Annotations approach compared to modifying a copy of an SPDX document. Annotations help solve the provenance problems. Annotation approach would be difficult for tools to recreate the new SPDX file representation. (left open)
- Example use cases – Different opinion on the licensing for the package, choice of a license for a package that offers license choices
- Alternative proposal – add an additional tag in an SPDX file to denote which SPDX file it is based on and what changes were made
Do we care about backwards compatibility? Agree to have a future discussion.