From SPDX Wiki
- Gary O’Neall
- Marshall Clow
- Bill Schineller
- Kate Stewart
- Matt Germonprez
- Liang Cao
- Model Discussion
- Reviewed proposed model
- rename the top level SPDXFile to SPDXDoc (duplicate class name in the model)
- Discussed the relationship betw SPDXPackage and SPDXFile (the subclass)
- must have this; SPDX 1.1 implied containment relationship
- Discussed examples of SPDXElementRelationship
- 'compiledFrom' another SPDXElement....
- 'patchTo' another SPDXElement....
- 'isContainedIn' (SPDXPackage contains Files)
- 'isSameAs' (exact same SHA contained in different packages)
- SPDXDoc to SPDXDoc relationship ? How to uniquely refer to the SPDXDocument containing an SPDXElement we want to reference?
- Probably need to add SPDXDocument reference in the relationship object
- Discussed definition of Specifier.
- Same as Ed’s proposal – can be a URI
- any SPDXElement has a Specifier, which is a way that others can refer to 'me' ?
- Usage: add a property to SPDXElement. Enumeration of e.g.
- Tool, not shipped
- Optional element (like contrib module)
- Dynamically linked (e.g. a replaceable library like a jar file or DLL)
Update from Matt and Liang
- New demo version available on Github: https://github.com/spdx-tools
- Package level release in early March
- File level editing to follow
- Dashboard and compare utilities will follow
- SPDX Tools Compare utility was reviewed and a few differences found. Matt will email the spreadsheet results of the comparison.