THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2020-08-04

From SPDX Wiki
Jump to: navigation, search

August 4, 2020

Attendees

  • Kate Stewart
  • Thomas Steenbergen
  • William Bartholomew
  • Steve Winslow
  • Gary O’Neall
  • Rose Judge
  • Peter Shin

Topics:

  • SPDX 3.0 Document Structure
  • GSoC Update
  • SPDX Online Tools
  • Security related – LF security

GSoC Update

  • All students passed
  • Some issues making good progress on the generating Java code from XSD – more complex than we originally thought
  • Some issues with communications
    • Rishabh has been keeping a log on Google Docs which is a good practice
    • Kate will suggest on gitter that all students adopt this practice.

SPDX Online Tools Web Application

SPDX Document Structure

  • Update to model
    • Added name to Artifact
  • Document proposal to break down into clauses
    • Constrained by ISO to not having sub-sections or clauses
  • Structure on subclasses
    • Suggested we having a naming standard for the clauses that indicate the subclasses
  • Structure
  • Moving external document references to the linking profile
    • Concern about requiring all the requirements of linking profile
      • Possible 2 profiles, one for document linking and a stronger one for InToto
    • Concern about having required information for being able to link to a document
      • General agreement
      • Would like to simplify the approach language
      • Several possible solutions including the PURL
    • SPDX Lite – should it be part of licensing or separate profile?
    • Suggestion to introduce pre-requisite profiles

Next Week

  • Continue discussion on container SBOM relationships
  • Aug 11 Legal profile