THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2011-04-07

From SPDX Wiki
Jump to: navigation, search

Attendees

  • Kate Stewart
  • Peter Williams
  • Bill Schineller
  • Gary O'Neall
  • Phil Odence
  • Kirsten Newcomer
  • Mark Gisi
  • Marshall Clow
  • Matt Germon
  • Michael Herzog
  • Scott Peterson
  • Jack Manbeck
  • Philip Koltun
  • Steve Cropper
  • Kim Weins
  • Martin Michlmayr
  • Guillaume Rousseau

Agenda

  • Review spec
  • Tools overview
  • Licensing model
  • Remainder of the bugs
  • Version 2.0 considerations

We reviewed the Specification as a group in order to close on issues and get agreement for the beta/release candidate version of the Specification.

There was a lot of lively and effective discussion.

A number of updates were made to the Specification during the meeting.

Below are the conclusions made during discussion, along with some issues identified for exploration after beta.

Again, please review and send additions/corrections as needed

Conclusions

  • Specification number will be set to version 0.8
  • Purpose text:
    • major versions incremented when incompatible changes are made.
    • minor field will be incremented when backward compatible changes are made.
    • Concern about the example where sections cause major version revisions. We’ll leave the example for now.
  • Section 2 will be split into two parts and the following sections will be re-numbered
  • Section 2 title: SPDX Document
    • sub-section 2.1 SPDX Specification Version Number
  • New Section 3 title: Creation Information
    • sub-sections include remaining fields from original Section 2, as modified during meeting
    • Creator: changed format to be future reference to format and define it to be just a string for version 1
    • Created: updated the definition to be the last update when the analysis was done
  • NOTE: Following comments refer to section numbers in place during the meeting
  • Add all the rdf properties to the SPDX Document to map the package and analysis
  • Add a checksum class to the Specification (referred to in File section)
  • Review for terminology consistency
    • license vs. licensing
    • Undetermined vs. Unknown: used to indicate that data was reviewed, but conclusion is not clear
    • Not Analyzed will be used to indicate that data was not looked for
    • None: data was looked for but none found
  • Package-level and File-level licensing fields:
    • Proposed licensing model that enables representation of disjunctive / conjunctive licensing is adopted. This means license cardinality can be 1.
      • Affected sections will be updated, including
      • 5.4.1
      • 5.5
  • Some Purpose/Intent text in the related sections needs to be reviewed with legal. Specifically:
    • 3.8.1: "all should be recited"
    • 3.10: text refers to both author and copyright, but field descriptions are specific to copyright. Intent/Purpose text and fields need to be in agreement
    • 4.1 wording in Intent -- exact words were highlighted in spec during discussion
  • Cardinality for Copyright will remain 1 for beta, but will be more than one after beta
  • Section 5.2.6:
    • Need to add definitions for listed types
    • For future version of Specification, consider mime types.
  • Section 5.6: Need this same field at the package level
  • Fix "SDPX" typo in footer
  • Review section (is this Review or Reviewer?)
    • Copy Creator Data format information to Reviewer section
    • Review Comment field: Needs intent text from Rockett
  • Appendix I will simply link to SPDX License repository
  • Graphical version of model will be added to the Specification (appendix?)

Action Items

  • Kate will complete first round of edits to Specification
  • Gary will make additional edits to the Specification to add RDF/XML examples and update the tools and example spreadsheet
  • Kate will get input on wording changes from legal where appropriate
  • Technical team will do a final review; date TBD

Open Issues

  • Concerns were raised about the verification mechanism (SHA1) not including the relative filename
  • Will the OWL document be added to the Specification?
  • Proposed that version two provide support for more hierarchical use cases (package in a package for example)
  • Concern about the created date being overly specified for the RDF format