THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Minutes/2017-06-20"

From SPDX Wiki
Jump to: navigation, search
(Created page with "June 20, 2017 == Attendees == * Gary O’Neall * Thomas Steenberg * Anna Buhman * Krys Nuvadga * Alexios Zavras * Yev Bronshteyn * Uday Korlimarla ==GitHub SPDX Project Archi...")
 
Line 28: Line 28:
 
* Thomas has first draft of OpenChain specification 1.0 in Markdown, building HTML via GitBook: https://github.com/tsteenbe/openchain-spec
 
* Thomas has first draft of OpenChain specification 1.0 in Markdown, building HTML via GitBook: https://github.com/tsteenbe/openchain-spec
 
** work-in-progress; history being re-written
 
** work-in-progress; history being re-written
 
 
[[Category:Technical|Minutes]]
 
[[Category:Technical|Minutes]]
 
[[Category:Minutes]]
 
[[Category:Minutes]]

Revision as of 17:59, 13 July 2017

June 20, 2017

Attendees

  • Gary O’Neall
  • Thomas Steenberg
  • Anna Buhman
  • Krys Nuvadga
  • Alexios Zavras
  • Yev Bronshteyn
  • Uday Korlimarla

GitHub SPDX Project Architecture

  • Review architecture for github spdx project
  • Proposal – use github webhooks for the user integration and integrate multiple back-end scanners through a REST based API
  • Reference: https://github.com/spdx/spdx-github/wiki/Architecture
  • Yev suggested integrating with a Continuous Integration system may be a better approach
    • Yev suggested generating outside of github was an overkill, Thomas agreed
    • Gary suggested focus could be on open source project originators where dependencies are not as prevalent – example, NodeJS where there are only 2-3 files
    • Gary responded that there is a separate project proposal for integration system hooks, and this project is focused on github
  • Discussion on the multiple scanner integration
    • Could use the integration for a build oriented SPDX generator (such as the Maven build) – Gary will build an integration once the tool is available
    • Existing scanners can be “wrapped” by the API – either a command line or a library call
  • Discussion on authentication
    • Primary mechanism would be github
    • Need to authenticate external services if used
    • First release, we could scope it to everything running on a local server

Other Topics

  • Further discussion on next SPDX spec postponed to next week, waiting larger quorum
  • Thomas has first draft of OpenChain specification 1.0 in Markdown, building HTML via GitBook: https://github.com/tsteenbe/openchain-spec
    • work-in-progress; history being re-written