Technical Team/Minutes/2014-10-22

From SPDX Wiki
Jump to: navigation, search

October 21, 2014

Attendees

  • Gary O'Neall
  • Bill Schineller
  • Kate Stewart
  • Mark Gisi
  • Kirsten Newcomer
  • Scott Sterling
  • Jack Manbeck

Agenda

  • License Expression Language
  • File Tagging
  • Schedule Update

License Expression Language

  • Mark will email Kate the word doc with the current proposal
  • Kate will upload to a Google doc. for sharing

File Tagging

  • Reviewed Jack's proposal
  • Agreed to the text for Jack's proposal
  • Proposal to use the tags for more than just the license ID
    • Would imply a format that makes it easy to translate (e.g. SPDX.[tag]:)
    • Agreed not to change the tag name from SPDX-License-Id since it is already in use
    • In the future, we could extend and perhaps use SPDX- as the prefix
  • Agreed to update the source files for the SPDX tools with the tags
    • Kate will do a pull request
  • How to delimit the license ID's?
    • Parens are no longer required in the license expression
    • Also a problem in the tag/value
    • Several proposals
      • Use end of line to terminate
      • Use parenthesis to expressions beyond the single license IDs
      • Use <text> </text> tags
      • Use the end of comment
  • Add suggestion to declare a string variable with the tag/value pair to include in the binaries
    • Some concern we may want to hold off for now
    • Agree to hold off for one week - will discuss next week

Schedule Update

  • November 14th: SPDX 2.0 Draft (RC1) Complete, distributed for internal review/comment (committees)
  • December 1 - deadline for feedback
  • Dec 1-17: incorporate feedback
  • Dec 18: SPDX 2.0 Specification Release Candidate (RC2) For Tool Implementation (Public Review via general mailing list)
  • Dec 19th: Tool Implementation Kickoff
  • Jan 15: SPDX 2.0 Specification Release Candidate (RC3) - Updates from Tool Impl Feedback
  • February 18-20, 2015: Linux Collab Summit, SPDX 2.0 Tools Bakeoff
    • compare SPDX 2.0 output of different tools for compatibility/consistency
    • supply chain example. Upstream SPDX consumed by downstream SPDX.