Technical Team/Minutes/2020-02-25

From SPDX Wiki
< Technical Team‎ | Minutes
Revision as of 04:00, 27 February 2020 by Goneall (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

February 25, 2020

Attendees

  • Rose Judge
  • Steve Winslow
  • Alexios Zavras
  • Gary O’Neall
  • Kate Stewart
  • Peter Shin
  • Rohit
  • Paul Madick
  • Carmen Bianca Bakker
  • Rohit Lodha
  • tjsmith
  • Philippe O.
  • Brad Goldring
  • Alan Tse

Mime Type

  • Needed for container inclusion
  • Discussion on which types should be added
    • tag/value needs to be added
    • does RDF/XML, JSON and YAML need to be added?
  • Rose will follow-up
  • Tracked in issue #66

License Namespace

  • Review of proposal – PR #209
  • Some automation was done for last year’s GSoC
  • Discussion of the validation of namespaces
    • Verify the domain names before accepting
    • Could be burdensome if fully verified (e.g. modify DNS records to validate)
    • Propose to have a git repo for the namespaces with committers who can review/accept
  • Do we register all namespaces?
    • Would help manage the namespace collisions and verifications
  • Discussion on where the licenses definitions are stored and managed
    • Intent for the submitter of the namespace to manage the licenses
  • Discussion on private namespaces
    • Requested previously by Mark
    • Suggest that this would be outside the scope of proposal – you can use whatever text after the LicenseRef-
  • Discussion on whether this would allow for redefinition of an existing SPDX license
    • This is distinct from the curated SPDX license list
    • There is no implied trust between the SPDX org and the licenses in the namespace licenses, the trust would be between the creator of the SPDX document and the maintainer of the license namespaces
  • Need to update the rules for LicenseRef- format to disallow the namespace characters
  • Discussion on use of “.” For the format
    • If all namespaces are registered, you could search for the namespace if the text is not included in the document itself
    • Would still need some way of parsing the license ref to separate the namespace from the identifier
    • “-.” is prone to miss-typing
    • “-.” was chosen for compatibility – they are allowed characters in LicenseRef-
  • Need to define hierarchy if text is in the SPDX document and in an external license ref

Incorporating attribution tags

  • Desire to summarize the attribution text to be included in the documentation
  • Discussion on how the field is used
    • Agree that the spec shouldn’t specify how the attribution should be used – open to interpretation of the license
    • Agreed on wording, PR will be updated