Technical Team/Minutes/2020-08-18

From SPDX Wiki
Jump to: navigation, search

August 18, 2020

Attendees

  • Kate Stewart
  • Thomas Steenbergen
  • John Horan
  • Gary O’Neall
  • Peter Shin
  • Philippe Ombredanne

Topics:

  • Google Summer of Code
  • Legal profile – continuing discussion
  • Gitlab support of SPDX

GSoC

  • Philip’s project should be able to present next General meeting – Kate will arrange
  • Philippe will meet with Philip and check on progress

Legal Profile

  • Communicating between tools
  • Question on how to represent a source file: I have a question on how to handle declared license. If it's a short reference to a license, for example, how should SPDX or tool handle "See the license file" snippet. Should the SPDX handle it as a declared and none?
    • Thomas, Gary and Philippe think it would be declared, but the discussion in legal was interpreted as “None” or “LicenseRef-“ with the text found in the file
  • Discussion on having a primary license for a package
    • Philippe will propose an extension to the license expression
    • Introduce “PLUS” operator with the same semantics as AND except the expression to the left of the operator is the primary license for the package


Gitlab

  • Gitlab jobs do not support SPDX
  • Issue logged at https://gitlab.com/gitlab-org/gitlab/-/issues/218521
  • Thomas requested support and comments on the issue in support of SPDX
  • Steve is active with Gitlab and should be able to help
  • Kate will add some pointers in the issue

DCO signoff on SPDX Spec

  • Currently not enabled for the spec
  • Agreed we will enable the DCO BOT
  • Will be turn on Sept. 1
  • Kate will send out an email
  • Thomas will submit a PR

Next Week

  • Vulnerabilities Profile