Technical Team/Minutes/2013-02-19

Attendees

• Gary O’Neall
• Marshall Clow
• Bill Schineller
• Kate Stewart
• Matt Germonprez
• Liang Cao

Agenda

• Model Discussion
• Updates

Modeling

• Reviewed proposed model
  • rename the top level SPDXFile to SPDXDoc (duplicate class name in the model)
  • Discussed the relationship betw SPDXPackage and SPDXFile (the subclass)
    • must have this; SPDX 1.1 implied containment relationship
    • Discussed examples of SPDXElementRelationship
      • 'compiledFrom' another SPDXElement....
      • 'patchTo' another SPDXElement....
      • 'isContainedIn' (SPDXPackage contains Files)
      • 'isSameAs' (exact same SHA contained in different packages)
    • SPDXDoc to SPDXDoc relationship ? How to uniquely refer to the SPDXDocument containing an SPDXElement we want to reference?
      • Probably need to add SPDXDocument reference in the relationship object
    • Discussed definition of Specifier.
      • Same as Ed’s proposal – can be a URI
      • any SPDXElement has a Specifier, which is a way that others can refer to 'me' ?
    • Usage: add a property to SPDXElement. Enumeration of e.g.
      • Tool, not shipped
      • Optional element (like contrib module)
      • Dynamically linked (e.g. a replaceable library like a jar file or DLL)

Update from Matt and Liang

• New demo version available on Github: https://github.com/spdx-tools
• Package level release in early March
• File level editing to follow
• Dashboard and compare utilities will follow
• SPDX Tools Compare utility was reviewed and a few differences found. Matt will email the spreadsheet results of the comparison.