- Gary O’Neall
- Bill Schineller
- Savino Sguera
- Peter Williams
- Kate Stewart
- Rana Rahal
- Brandon Robinson
- Steve Cropper
- Date for version 1.1
- Discussion on SPDX package definitions
- Discuss proposal for hierarchical supply chain (bug 818)
Update on license text
Large text issue for spreadsheet – proposal to use external text files for the large text. Will be discussed in the legal team.
Date for 1.1
- Would need feedback from the verification code implementations first
Comparing two proposals from Gary and Peter:
- One difference in the models is how the relationships between SPDX documents are implemented. Gary’s proposal implements it at the Licensable/SPDX Element level while Peter’s proposal implements the relationship at a more concrete level (e.g. SPDX Package and SPDX File).
- Peter’s model is more straightforward – 1 RDF triplet to describe a relationship vs. 3 RDF triplets
- The indirect relationship model has the advantage of being more extensible and will allow applications which only want to deal with the SPDX Element/licensable level
- Question: Is there any use cases which would only use the SPDX Element and not want to go down to the file/package level of detail? No one on the call could think of any examples.
- Is there enough value having a level of abstraction and flexibility to describe the relationship to warrant the additional complexity? (We did not close on this question, but the discussion seemed to trend towards the simpler approach)
Note: the top level element of the combined proposal should be SPDX Document (not SPDX file)
Postpone discussion on package definition for when Ed’s back.
Supply Chain Summit will be held immediately after Linux Collaboration Summit – Question – Can we present/discuss the version 2.0?