Technical Team/Minutes/2011-11-29

Attendees

Bill pinged Jaime Garcia on validating the new package verification code algorithms, have not yet heard back
Bugzilla is back!
Minor progress on HTML pretty printer

818 – Composite packages – this represents the general discussion on hierarchies
968 – Package Verification Algorithm should be addressed. Will be in a 1.1 version.
944 – Gary will propose a new filetype for version 2 for “CRUFT” files
878 – Download mechanism link would be a useful improvement. Note that different source management systems have different mechanisms and information to denote the versions and download specifics. DOAP has a vocabulary for this, proposal to look at DOAP and see if it can be leveraged.
898 - Changelog discussion:
- The proposal for composite packages can solve the need for changelogs by having one SPDX document refer to a previous SPDX document with an annotation on what has changed
- Should a complete copy be made or a reference?
- Should it be versioned? No – a versioning would require an authority. Need a mechanism to reliably refer to previous versions (e.g. a hashcode, verification code or other mechanism). Action – add a bug to represent this issue – Peter will add.
591 – Proposal to change the license list to include “or later” for some of the license declarations. Note that the license text for a GPL 2.0 or later license will reflect the GPL 2.0 text, which isn’t exactly correct (especially of a GPL 3.0 license is chosen). Alternative, expand the model for the licenses to include an “or later” concept.
632, others – not yet discussed.