Technical Team/Minutes/2011-11-29

From SPDX Wiki
Jump to: navigation, search


  • Gary O’Neall
  • Bill Schineller
  • Rana Rahal
  • Ed Warnicke
  • Brandon Robinson
  • Peter Williams


  • Bugzilla bug review


  • Bill pinged Jaime Garcia on validating the new package verification code algorithms, have not yet heard back
  • Bugzilla is back!
  • Minor progress on HTML pretty printer


  • 818 – Composite packages – this represents the general discussion on hierarchies
  • 968 – Package Verification Algorithm should be addressed. Will be in a 1.1 version.
  • 944 – Gary will propose a new filetype for version 2 for “CRUFT” files
  • 878 – Download mechanism link would be a useful improvement. Note that different source management systems have different mechanisms and information to denote the versions and download specifics. DOAP has a vocabulary for this, proposal to look at DOAP and see if it can be leveraged.
  • 898 - Changelog discussion:
    • The proposal for composite packages can solve the need for changelogs by having one SPDX document refer to a previous SPDX document with an annotation on what has changed
    • Should a complete copy be made or a reference?
    • Should it be versioned? No – a versioning would require an authority. Need a mechanism to reliably refer to previous versions (e.g. a hashcode, verification code or other mechanism). Action – add a bug to represent this issue – Peter will add.
  • 591 – Proposal to change the license list to include “or later” for some of the license declarations. Note that the license text for a GPL 2.0 or later license will reflect the GPL 2.0 text, which isn’t exactly correct (especially of a GPL 3.0 license is chosen). Alternative, expand the model for the licenses to include an “or later” concept.
  • 632, others – not yet discussed.