From SPDX Wiki
- Jack Manbeck
- Norm Glaude
- Scott Lamons
- Mike Dolan
- Pierre Lapointe
- Mark Gisi
- Gary O'Neall
- None was published
- Jack informed team he only had 30 minutes for this call but the line would stay open if they wanted to continue. Scoot offered to finish taking notes. Many thanks Scott.
- Mark gave a short up date on the Tech Report Framework (TRF). It should be ready to go. We will put a few documents through it as a pipe cleaner. Mark will go over the Framework at the Collab Summit and after that we will put it place officially.
- One of the documents to put through the Framework will be Kirstens SPDX 2.0 Overview.
- We want to be sure we encourage everyone to put anything SPDX related through the TRF process.
- Several discussions items on the license list came up.
- It would be good of we could access the older versions of the license list from the site. Jack will work with Gary and Jilayne to get them on the site (at least the ones we have archived).
- Scott made a suggestion for a tech report around programmatic access to the license list based on some recent experience within HP. Jack indicated that he has run into the same thing at TI – basically we both have tools that need a copy of the most current license list, version, and possibly previous versions for comparison. Gary indicated that he might have some bandwidth to work on this and do a write up. Apparently all versions of the license list are available on Github but we were not successful in locating a pointer on the website.
- The Collab summit is coming up at the end of March. The Tech team will have a meeting the day before on the 2.0 spec to do a deep dive. If Kate is unable to get a room it might be possible for someone in SPDX in the area to get space. Jack is working to set up an SPDX track at the summit.
- 2.0 Requirements
- Everyone on the call felt that the snippet capability was a low priority for 2.0
- It was pointed out that signing involves a lot of complexity beyond the spec (e.g. infrastructure issues, signing authority, etc) and there may be ways outside the spec to tackle the authenticity requirement. Gary pointed out that perhaps the goal should be to not design it out; that is, don’t do things that would prevent anyone from signing or implementing other measures to insure authenticity.
- As Mark put it, the killer feature in 2.0 is the “relationships” or hierarchies as some have called it and it was felt that this should really be the focus of 2.0. Mark is working on an example of this using Busybox.
- Other high level needs that we have heard:
- It’s flat - relationships will address this.
- It’s too complex -> probably there’s nothing we can do about this and it will get a little more complex with the addition of hierarchies and relationships
- what’s in for the developer? Why should I take time to do this? -> Mark pointed out that many FOSS developers want recognition -- with 1.2 we added the ability to capture contributors at the file level when you couple this with the relationship/hierarchy feature in 2.0 developers now have a potentially powerful way to track how their contributions propagate through the ecosystem. It was felt that this is something we need to better articulate and communicate to developers.
- See above