THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Minutes/2014-02-04"
From SPDX Wiki
< Technical Team | Minutes
(Created page with "Feb 4, 2014 == Attendees == * Gary O’Neall * Bill Schineller * Jack Manbeck * Michael Herzog * Mark Gishi * Scott Sterling == Agenda == * Review instance diagrams * POM plug...") |
|||
| Line 33: | Line 33: | ||
** one per GAVCP C=Classifier e.g. binary vs. sources.jar P=Packaging e.g. war or jar | ** one per GAVCP C=Classifier e.g. binary vs. sources.jar P=Packaging e.g. war or jar | ||
| − | apache-servicemix-web-3.2.3.war <- the binary | + | ***apache-servicemix-web-3.2.3.war <- the binary |
| − | apache-servicemix-web-3.2.3.war.md5 <- md5 of the binary | + | ***apache-servicemix-web-3.2.3.war.md5 <- md5 of the binary |
| − | apache-servicemix-web-3.2.3.war.sha1 <- sha1 of the binary | + | ***apache-servicemix-web-3.2.3.war.sha1 <- sha1 of the binary |
| − | apache-servicemix-web-3.2.3.war.spdx <- SPDX of the binary | + | ***apache-servicemix-web-3.2.3.war.spdx <- SPDX of the binary |
| − | apache-servicemix-web-3.2.3.war.asc | + | ***apache-servicemix-web-3.2.3.war.asc |
| − | apache-servicemix-web-3.2.3.war.asc.md5 | + | ***apache-servicemix-web-3.2.3.war.asc.md5 |
| − | apache-servicemix-web-3.2.3.war.asc.sha1 | + | ***apache-servicemix-web-3.2.3.war.asc.sha1 |
| − | apache-servicemix-web-3.2.3-sources.jar | + | ***apache-servicemix-web-3.2.3-sources.jar |
| − | apache-servicemix-web-3.2.3-sources.jar.md5 | + | ***apache-servicemix-web-3.2.3-sources.jar.md5 |
| − | apache-servicemix-web-3.2.3-sources.jar.sha1 | + | ***apache-servicemix-web-3.2.3-sources.jar.sha1 |
| − | apache-servicemix-web-3.2.3.war.spdx <- SPDX of the sources (SCANNED) | + | ***apache-servicemix-web-3.2.3.war.spdx <- SPDX of the sources (SCANNED) |
* Apache Maven guys: anyone have connections with them to influence SPDX adoption? | * Apache Maven guys: anyone have connections with them to influence SPDX adoption? | ||
Latest revision as of 03:50, 5 February 2014
Feb 4, 2014
Contents
Attendees
- Gary O’Neall
- Bill Schineller
- Jack Manbeck
- Michael Herzog
- Mark Gishi
- Scott Sterling
Agenda
- Review instance diagrams
- POM plugin efforts
Instance Diagram Review
- No updates since last meeting
- Plans for future instance diagrams:
- a 'distro' with a kernel + packages (e.g. Android)
- a java e.g. Hibernate scenario
- spdx of sources of whole github repo,
- spdx of binary jars (finer grained artifacts) they publish to maven (refer back to sources spdx)
- spdx of an application that uses jars (refers back to spdx's of binaries)
Apache Maven/ POM Plugin efforts
- Effort underway to create a Maven plugin which creates an SPDX file from a Maven POM file
- Reviewed issues from Maven mailing list
- Issue with using POM license info
- not always filled in
- not always accurate
- Feedback from Maven community is it would only be valuable if the code was scanned
- Discussed targeting the code originators and the value to the originators
- suggestion to use the SPDX standard license short names in the POM file
- Plugin currently uses the standard SPDX license URL's and there is some indication that Apache will use those URLs
- where in a Maven repo would .spdx file(s) best land?
- one per GAV?
- one per GAVCP C=Classifier e.g. binary vs. sources.jar P=Packaging e.g. war or jar
- apache-servicemix-web-3.2.3.war <- the binary
- apache-servicemix-web-3.2.3.war.md5 <- md5 of the binary
- apache-servicemix-web-3.2.3.war.sha1 <- sha1 of the binary
- apache-servicemix-web-3.2.3.war.spdx <- SPDX of the binary
- apache-servicemix-web-3.2.3.war.asc
- apache-servicemix-web-3.2.3.war.asc.md5
- apache-servicemix-web-3.2.3.war.asc.sha1
- apache-servicemix-web-3.2.3-sources.jar
- apache-servicemix-web-3.2.3-sources.jar.md5
- apache-servicemix-web-3.2.3-sources.jar.sha1
- apache-servicemix-web-3.2.3.war.spdx <- SPDX of the sources (SCANNED)
- Apache Maven guys: anyone have connections with them to influence SPDX adoption?
- Here's a list of contributors to Maven https://www.ohloh.net/p/maven2/contributors?sort=latest_commit&time_span=12+months
- Maven License Plugin project we might join forces with? http://code.mycila.com/license-maven-plugin/
- Other organizations originating or assembling code will face similar issues as the Maven/POM - could use this as a good test case
Next Week
Next Week - Bill and Gary will not be on the call. Will check with Kate to see if we should have a call next week.
