https://wiki.spdx.org/index.php?title=Technical_Team/Minutes/2015-07-28&feed=atom&action=historyTechnical Team/Minutes/2015-07-28 - Revision history2024-03-29T06:24:44ZRevision history for this page on the wikiMediaWiki 1.23.13https://wiki.spdx.org/index.php?title=Technical_Team/Minutes/2015-07-28&diff=3637&oldid=prevGoneall at 18:15, 28 July 20152015-07-28T18:15:26Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 18:15, 28 July 2015</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 4:</td>
<td colspan="2" class="diff-lineno">Line 4:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Kate Stewart</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Kate Stewart</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Matt Germonprez</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Matt Germonprez</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">(UNO)</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">Shankar Korlimarla</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Bill Schineller</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Bill Schineller</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Scott Sterling</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Scott Sterling</div></td></tr>
</table>Goneallhttps://wiki.spdx.org/index.php?title=Technical_Team/Minutes/2015-07-28&diff=3636&oldid=prevGoneall: Created page with "July 28, 2015 == Attendees == * Gary O'Neall * Kate Stewart * Matt Germonprez * (UNO) * Bill Schineller * Scott Sterling * Yev Bronshteyn * Mark Gisi ==Security Identifier Pro..."2015-07-28T18:14:30Z<p>Created page with "July 28, 2015 == Attendees == * Gary O'Neall * Kate Stewart * Matt Germonprez * (UNO) * Bill Schineller * Scott Sterling * Yev Bronshteyn * Mark Gisi ==Security Identifier Pro..."</p>
<p><b>New page</b></p><div>July 28, 2015<br />
== Attendees ==<br />
* Gary O'Neall<br />
* Kate Stewart<br />
* Matt Germonprez<br />
* (UNO)<br />
* Bill Schineller<br />
* Scott Sterling<br />
* Yev Bronshteyn<br />
* Mark Gisi<br />
==Security Identifier Proposal==<br />
* Proposal at https://docs.google.com/document/d/1WfArS8_xR_CQ_5plOOMtj1y9ps5M-gXFjofUBXR8hyE/edit#<br />
* Proposal for an SPDX Item level property to hold a reference to an external database for packages<br />
* Discussion on how much duplication of other efforts<br />
** Proposal to only provide a link to the other efforts (using a common ID, e.g. CPE) and not duplicate any of the effort<br />
* Do we want a special section dedicated to vulnerability information or do we want it broader?<br />
* Discussion on the two proposals for external systems references<br />
** General need for referencing external systems<br />
** Proposal that there should be one solution<br />
** Concern that the CPE/SWID is different from the repositories and should be a different schema<br />
* Discussion on tag/value and RDF representations<br />
** For tag/value - need to be a single string for the package reference<br />
** RDF can either be a single string reference or could be a more general class model<br />
*** Gary to propose a follow-up after doing some research<br />
* Proposal for a table with the following columns:<br />
** prefix<br />
** URL for database or definition of the external reference<br />
** Checkbox if the syntax is validated by the SPDX<br />
** ABNF format if syntax is to be validated<br />
** Domain - could be checkboxes for each domain covered (e.g. security, asset management)<br />
* Is this at the item level or at the package level?<br />
** Other than hardware, all of the external references reference something we would describe as a package in SPDX terms<br />
** There is an issue when we have a binary file which represents a package and that package is described by an SPDX document - we would like to have a way to reference the external package without requiring the full SPDX package information (which may not be available)<br />
** There is a proposal for external package references in bugzilla (bug 1298 https://bugs.linuxfoundation.org/show_bug.cgi?id=1298)<br />
** Agree to decide package or item level after the external package reference proposal is discussed next week<br />
[[Category:Technical|Minutes]]<br />
[[Category:Minutes]]</div>Goneall