Technical Team/Minutes/2014-10-14

From SPDX Wiki
Jump to: navigation, search

October 14, 2014

Attendees

  • Gary O'Neall
  • Bill Schineller
  • Kate Stewart
  • Mark Gisi
  • Scott Sterling

Agenda

Document ID proposal

  • Gary will update proposal to include the RDF and tag/value specifics

Checksums

  • Reviewed syntax
  • Resolved discrepancy found in the 1.2 spec regarding the RDF checksum syntax (the file checksum example is not correct, the package checksum example is correct)
  • Agreed to add MD5, SHA256
  • Discussed if we should add additional checksums
    • Agreed that we will start small and add additional checksums in future minor releases
  • Kate will add the additional the number of bits to the description for MD5 and SHA256 (similar to the current SHA1 definition)
  • Agreed not to mess with the verification code - we will revisit when we discuss signing in a future release

License Expression Language

  • Discussion on where to define the license list exception id's
    • will include in spec as an appendix
  • Mark will hand over the license expression document to Kate to include in the specification
  • NOASSERTION and NONE - currently in the license expression document, but should be pulled out into a section global to the SPDX document. Suggestion to define once in the document.
    • Appendix of definitions
      • Should be the first appendix
      • Will include some of the syntax definitions which are currently in the RDF section
  • will discuss next week along with the appendix refactoring

File Tagging

  • Do we need to specify it?
  • Need to have a discussion on whether this should be specified.
  • Need to be careful that the spec is done right if we do go down that path.
  • Agree that we can separate this from SPDX 2.0.
  • Agree that Wiki page for the tagging should describe this as a best practice and subject to change
  • General agreement that this should be a separate SPDX specification from the SPDX document, but we may revisit this in the future.