Technical Team/Minutes/2020-02-18

February 18, 2020

Attendees

• Thomas Steenbergen
• Rose Judge
• Steve Winslow
• Jim Hutchinson
• Gary O’Neall
• Kate Stewart
• Philippe Ombredanne
• Peter Shin
• Rohit
• William Bartholomew

GSoC

• Need some additional project ideas
• Kate suggested adding package manager plugins for SPDX
• Gary suggested some additional Java projects could be added
• SPDX tools for updated license submission is pending a fix: https://github.com/spdx/spdx-online-tools/issues/140

Joint legal/tech call

• Feedback from the meeting at FOSDEM was adding the ability to add licenses
  • There was a project last year that still needs to be deployed
  • Discussion having a non-curated or semi-curated license list
  • Steve proposed having a joint call with legal
  • Issue https://github.com/spdx/spdx-spec/issues/113 tracks last year’s proposal
  • Hashing of names proposed
  • Concern with hashing, two licenses match, but end up with 2 different ids, as they hash differently. Namespace approach from Mark Atwood avoids issue, avoids the duplicate license text being represented with multiple license ids
  • William raised the advantage of hashing allows for offline use
  • Philippe mentioned 1000+ additional licenses could be added
  • William suggested an aliasing approach to resolve duplicate licenses
  • Need a PR to specify the proposal
    • Kate agreed to write up the spec

2.2 Release

• Merged PR’s#202 – updated matching guidelines
• Merged #203 – new version of mkdocs and upgrade to Python 3
• JSON-LD PR – fixed plural issue and will merge
  • Gary to fix tools
• PR #206 – Optional-of – added NPM example and merged
• Issue #174 – dependency root of
  • Discussed the use cases – example given of a packages.json file which is the “root” of all dependencies for a NPM package.
  • Suggest different name since what is being described is not really a dependency but a metadata file
  • Suggestion dependency_manifest_of
• New draft view of the 2.2 in development spec is available: