THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2019-05-28

From SPDX Wiki
Jump to: navigation, search

May 28, 2019

Attendees

  • Kate Stewart
  • Gary O’Neall
  • Xavier Figueroa
  • Krys Nuvadga
  • Mathew Crawford
  • Nisha Kumar
  • Steve Wilson
  • Natish
  • Umang

GSoC

  • Philippe O, recommended waiting PRs to be merged.
  • PRs not merged yet.
  • Next steps: 96 & 98. Gary to work with Philippe to get unblocked
  • Recommend to tart working now.
  • Proposed a timeline for work. JSON support already done (in PR 96), want to suggest a change in timeline. XML first. All agree.
  • Gary suggests reserving time for https://github.com/spdx/spdx-spec/issues/96
  • Updates on Gitter channel https://gitter.im/spdx-org/Lobby

Package Definition

  • Gary remembers as distributable unit. Collection of things that can be copyrighted. tar ball, commit record, directory, .. more of a collection with 2.0. Include subdirectory as its own package.
  • Kate notes that - “Common grouping”
  • Nish likes idea of common distribution - lowest common denominator is that they are sent somewhere.
  • Steve willing to give it a try - simple as possible, follow with examples.

Semi-colon proposal

  • Mark Gisi’s proposal of “;” operator. https://github.com/spdx/spdx-spec/issues/123 https://github.com/spdx/spdx-spec/issues/124
  • Gary - AND used to describe “ALL” the license that apply to a distinct package. If more than 1 separate work, it becomes confusing.
  • Adding another operator similar to “AND”, parts of distribution. Don’t want to imply that they apply to the same package.
  • Nisha would like to see this, defining execution environments.
  • Steve not sure what “;” is meant to communicated, 2 or more both apply to a unit of software. CC-BY-4.0 for documentation, code under Apache. So package as a whole would be Apache-2.0 AND CC-BY-4.0.
  • Suggest subdivide and refers to subpackages within a packages.
  • “OR” is a choice between licenses.
  • What is meant to be communicated by the “;” operator. Want to say it applies, but not when it conflicts. At package level is

LICENSE_INFORMATION_FOUND_IN_FILES.

  • Steve - concern people will use “;” when AND is really appropriate.
  • Want to reach out to legal team to get their perspective.
  • We should either decide to support, or get rid of WIKI page that is confusing people.
  • Nisha: AND, OR, and NOT used for licenses is sufficient. Semantic wise, AND and OR are ok.
  • Gary: Kick this over to the legal team.

JSON Format Examples

  • Steve: Examples - pull request #120 in SPDX Spec. Call at end of April.
  • Iterate what JSON format looks like. Branch for new FORMATs, sample XML and YAML documents. Iterate and comment to flesh it out on branch. JSON - gets towards a workable example. Get more official.