Technical Team/Minutes/2013-02-19

From SPDX Wiki
Jump to: navigation, search


  • Gary O’Neall
  • Marshall Clow
  • Bill Schineller
  • Kate Stewart
  • Matt Germonprez
  • Liang Cao


  • Model Discussion
  • Updates


  • Reviewed proposed model
    • rename the top level SPDXFile to SPDXDoc (duplicate class name in the model)
    • Discussed the relationship betw SPDXPackage and SPDXFile (the subclass)
      • must have this; SPDX 1.1 implied containment relationship
      • Discussed examples of SPDXElementRelationship
        • 'compiledFrom' another SPDXElement....
        • 'patchTo' another SPDXElement....
        • 'isContainedIn' (SPDXPackage contains Files)
        • 'isSameAs' (exact same SHA contained in different packages)
      • SPDXDoc to SPDXDoc relationship ? How to uniquely refer to the SPDXDocument containing an SPDXElement we want to reference?
        • Probably need to add SPDXDocument reference in the relationship object
      • Discussed definition of Specifier.
        • Same as Ed’s proposal – can be a URI
        • any SPDXElement has a Specifier, which is a way that others can refer to 'me' ?
      • Usage: add a property to SPDXElement. Enumeration of e.g.
        • Tool, not shipped
        • Optional element (like contrib module)
        • Dynamically linked (e.g. a replaceable library like a jar file or DLL)

Update from Matt and Liang

  • New demo version available on Github:
  • Package level release in early March
  • File level editing to follow
  • Dashboard and compare utilities will follow
  • SPDX Tools Compare utility was reviewed and a few differences found. Matt will email the spreadsheet results of the comparison.