Technical Team/Minutes/2019-07-16

July 16, 2019

Attendees

Tanjong - promotion to license repository method, questions and suggestions welcomed for the namespace repository.
Tushar - some suggestions about code give
Uday and Philippe – Ndip has made good progress so far, shared info about data stats. Working prototype is there. Ndip - dealing with flooding.
Rohit - student is a bit behind, but seems to be catching up.
Philippe - ahead of schedule for original plan. Working on enhancements to python library.
Krys - .pdf/html documentation - students making good progress. Internal links in .pdf now work. Natish working on language conversion, but some snags. Wordpress library plugin template going well.

Workflow: Monitoring issues – bot teams monitor both sets of issue?
- Recommend subscribing both, tagging technical issues in legal, and visa version.
Use filter listed of topics from tags.
This call will be used for figuring out from the filtered list.

We have short form identifier format for licenses in source code.
Should there be something similar for copyright notices. No prescribed format, but here is a prefix that can be used to find them. FSFE reuse version has proposed “SPDX-Copyright:”, lengthy discussion in github https://github.com/spdx/spdx-spec/issues/122. Concerns from legal side, implying that SPDX has a copyright in it, or the format is recommended by SPDX, and other things that the legal team was ok with. More comfort to the exact tag used in SPDX specification - SPDX-FileCopyrightText: <copyright notice>
Instructs someone reading the code that plops into the specific name.
Call - one way to add SPDX information inside files - then use exact tag name as defined in the spec.
Philippe: concerns about asking for structured copyright information is only value of adding SPDX-Copyright.
Steve: Legal concern does not want to prescribe one format over another, so not sure that SPDX project should be doing this.
Philippe: Don’t see why we shouldn’t follow https://dep-team.pages.debian.net/deps/dep5/#copyright-field

Since change is lets do it right, regex, any generic is fine. Broader discussion.

Vladimir: could SPDX-Copyright:… reference a file?
Gary: If the FileCopyrightText is in an SPDX document, it could reference a file. For this proposal, the tag would be in the file itself. Tools could then generate a valid SPDX document from the source file parseable information.
SPDX-Fieldname:value - will have some places where it won’t make sense.
Does it make sense to indicate which ones actually make sense?
- Alexios - just an indication want to share information, rather than authorative.
- Gary - makes sense to go through the specific level fields, does this field make sense. The follow are ones that have been discussed and may be in use.
- Probably a good idea to make up a table. Explain why not identifer, checksum, etc.
Agree to put Files & Packages fields, and put information in table on the ones that make sense, and an explanation of for the ones that don’t.

reviewed GSoC project https://summerofcode.withgoogle.com/projects/#5604490302980096
need to be registered vs -. do not need.
possibly make a fully currated for the registered list.
Do we have fully uncurrated - first come, first serve, be their name on official list of spdx list promoted registry.
Philippe - understand legal concern, but intent is just to have known strings being used as prefix. With ok with no registry.
Gary - project proposal was already agreed by technical and legal. Change nature of considerations to what can we do to make this sucessful, and implementable processes.
Alexios - separate registry of namespaces from registry licenses. Don’t see this easy to be automated - we need namespace registry.
Gary follow up call? Yes, proposing when Legal team spot would be this thursday.
Philippe willing to pilot namespaces about Namepace for ClearlyDefined & ScanCode.