Technical Team/Minutes/2014-10-14

October 14, 2014

Attendees

• Gary O'Neall
• Bill Schineller
• Kate Stewart
• Mark Gisi
• Scott Sterling

Agenda

Document ID proposal

• Gary will update proposal to include the RDF and tag/value specifics

Checksums

• Reviewed syntax
• Resolved discrepancy found in the 1.2 spec regarding the RDF checksum syntax (the file checksum example is not correct, the package checksum example is correct)
• Agreed to add MD5, SHA256
• Discussed if we should add additional checksums
  • Agreed that we will start small and add additional checksums in future minor releases
• Kate will add the additional the number of bits to the description for MD5 and SHA256 (similar to the current SHA1 definition)
• Agreed not to mess with the verification code - we will revisit when we discuss signing in a future release

License Expression Language

• Discussion on where to define the license list exception id's
  • will include in spec as an appendix
• Mark will hand over the license expression document to Kate to include in the specification
• NOASSERTION and NONE - currently in the license expression document, but should be pulled out into a section global to the SPDX document. Suggestion to define once in the document.
  • Appendix of definitions
    • Should be the first appendix
    • Will include some of the syntax definitions which are currently in the RDF section
• will discuss next week along with the appendix refactoring

File Tagging

• Do we need to specify it?
• Need to have a discussion on whether this should be specified.
• Need to be careful that the spec is done right if we do go down that path.
• Agree that we can separate this from SPDX 2.0.
• Agree that Wiki page for the tagging should describe this as a best practice and subject to change
• General agreement that this should be a separate SPDX specification from the SPDX document, but we may revisit this in the future.