- Kirsten Newcomer
- Bill Schineller
- Brandon Robinson
- Gary O’Neall
- Peter Williams
- Nicholas Loke
- Marshall Clow
- Discuss the email thread on the terms for undetermined/none seen/not analyzed licenses (email thread originated by Peter)
- Review the verification algorithm (email from Gary)
- Discuss the relationship between the SPDX Document and the extracted licensing info
None Seen, None, Not Analyzed, Undetermined
- Discussed meaning of the terms.
- Discussed need for 4 terms.
- Discussed some proposals for different terms (unfortunately, I did not capture the specifics).
- Did not reach a conclusion on the call, will follow-up on email
- Kirsten to write-up the definition of the 4 terms
- Peter to follow-up with a proposal based on Kirsten’s write-up
File Verification Algorithm
- Reviewed the proposal – consensus on the general approach of generating a sha1 from the filenames + sha1’s of the individual files
- File path – reference the file name in the document rather than define the filepath in the verification section
- Check the file name specification to make sure it specifies forward slash “/” as the separator character
- Sha1 – reference the sha1 in the doc rather than define the format in the verification section
- Change sorting to start with sha1 followed by file path. Note that this resolves case sensitive sorting issues with the file name.
- Change sha1 definition to specify lowercase a-f for the hexadecimal representation
- What to do with the spdx file itself – proposal is to leave it out of the verification algorithm. Peter to review and possibly propose other terms. This will be specific proposal will continue on the email thread.
Extracted Licensing Info at the Doc level
- Agreed to add a property at the SPDX document to capture all of the extracted licensing infos
- Proposed property name “hasExtractedLicensingInfo”
- Range ExtractedLicensingInfo
- Cardinality 0 or more
- The URI associated with this property would be the same URI used in licenseInfoFromFile and licenseInfoInFile
- Peter will update the spec with this information
With the two outstanding items on the spec (terms for unused/none/noneseen licenses and how to treat the spdx fil in the File Verification algorithm), there may be impact on the beta start date. Depending on the outcome of the email discussions, we will alert the business team to the possible schedule impact on Thursday.