From SPDX Wiki
- Gary O’Neall
- Bill Schineller
- Kirsten Newcomer
- Ed Warnicke
- Brandon Robinson
- Peter William
- Rana Rahal
- Jack Manbeck
- Update on tools
- Discuss proposal for hierarchical supply chain (bug 818)
Update on tools
- Discussed using XSLT to produce HTML form an RDF/XML file including some of the challenges with order not being guarenteed
- Jack offered to help with the HTML and .css on the RDF to HTML tools
- Agreed to add SPDX examples to the git repo (bug 988 assigned to Gary)
Hierarchical supply chain
- Agreed that UML would be a good way to describe and discuss the proposal
- Ed drafted a class diagram
- Discussion on the need to discuss more concrete classes vs. modeling higher levels of abstraction – agreed that we need to do both simultaneously
- Discussion on relationship between SPDX element and current model, will pick up the discussion with more concrete examples
- Example of a file – proposal would be a URI and Checksum reference to a file (under specifier)
- Referential nodes - are referenced nodes things that must be referenced or can be referenced? Proposal that it would be “best if referenced”
- Do referential nodes introduce an unnecessary complexity?
- This may be required for signing the references.
- Alternative proposal to signing – archive structure where the files are copied
- Do references need to be resolved for the SPDX specification to work? Problem with requiring references to be resolved is the SPDX doc could not be read without access to those references.
- Having a reference model would make it easier for certain use cases and scenarios (e.g. packager of a WAR file containing many copyrighted elements).
- Ed will send out the class diagram once complete
- We will pick up the discussion next week