https://wiki.spdx.org/index.php?title=Technical_Team/Minutes/2020-03-31&feed=atom&action=historyTechnical Team/Minutes/2020-03-31 - Revision history2024-03-28T19:28:59ZRevision history for this page on the wikiMediaWiki 1.23.13https://wiki.spdx.org/index.php?title=Technical_Team/Minutes/2020-03-31&diff=4822&oldid=prevGoneall: Created page with "March 31, 2020 == Attendees == * Santiago Torres Arias * Gary O’Neall * Jack Manbeck * Jim Hutchinson * Peter Shin * Alexios Zavras * Andrea Denisse Gomez (new) * Nisha Kuma..."2020-04-20T18:34:31Z<p>Created page with "March 31, 2020 == Attendees == * Santiago Torres Arias * Gary O’Neall * Jack Manbeck * Jim Hutchinson * Peter Shin * Alexios Zavras * Andrea Denisse Gomez (new) * Nisha Kuma..."</p>
<p><b>New page</b></p><div>March 31, 2020<br />
== Attendees ==<br />
* Santiago Torres Arias<br />
* Gary O’Neall<br />
* Jack Manbeck<br />
* Jim Hutchinson<br />
* Peter Shin<br />
* Alexios Zavras<br />
* Andrea Denisse Gomez (new)<br />
* Nisha Kumar<br />
* Steve Winsolw<br />
* William Bartholmew<br />
* Kate Stewart<br />
* Vicfred Petrelli<br />
* Jiyun Kang<br />
<br />
==3.0==<br />
* Santiago provide overview of linking profile being proposed for 3.0<br />
Recording of the presentation can be found at https://zoom.us/rec/share/-90lL_Lo03hOfLPv2QbZAa8kH5j4X6a8hihKqaBczEpJTJHaMzbGpfUcPBpgfz7y<br />
* 8 locations in abstract supply chain can be compromised<br />
* Looking for people to participate in work group on this.<br />
* Nisha: what's the difference between relationships vs. links? <br />
** Looking for these artifacts come from build stage.<br />
* Alexios: Multiple inputs/outputs - love this idea of documenting what is happening, very much in favor of having this information. Only objection with name "linking profile" - points to something else. <br />
** Santiago receptive for changing the name if we can find a better idea. <br />
* Gary: The way I'm thinking about it is relationships are static - the state how the artifacts are related at the time the SPDX document is created. Links are more dynamic, they describe an action taken which probably creates a relationship - including the who and how in addition to the "what" of the relationship.<br />
* Nisha Kumar: Post build state vs build time state?<br />
* Steve Winslow: <br />
* I think that's right, Gary. A relationship just describes "this thing is this way", e.g. "Package A depends on Package B". A Link goes further to assert who does what, e.g. "I added Package B as a dependency for Package A, I got B's source code and built it"<br />
* Peter Shin: Which words do you use to describe "link" in the in-toto process? Do you use the word, "link" or multiple words?<br />
* Gary - very interested in participating in these discussions, and interested to do some object modeling here. Linking relating to relationships. <br />
* - Santiago interested in making this an SPDX native concept. Possibly extend relationships.<br />
* Explicit Interest in making this a focus of 3.0 from: Santiago, WIlliam, Gary, Rose, Nitsha, Alexios, Kate, Steve <br />
** Decision to work on spdx-tech mail list. Then possibly dedicate some weekly call. <br />
<br />
==2.2 issues==<br />
* https://github.com/spdx/spdx-spec/issues/97<br />
* Other issues recorded in Github<br />
<br />
<br />
[[Category:Technical|Minutes]]<br />
[[Category:Minutes]]</div>Goneall