Technical Team/Minutes/2015-05-15

From SPDX Wiki
Jump to: navigation, search

April 28, 2015


  • Gary O'Neall
  • Jack Manbeck
  • Scott Sterling
  • Bill Schineller
  • Kate Stewart
  • Mark Gisi
  • Michael Herzog


  • SPDX 2.0 release Feedback
  • Snippets
  • External package management system identifiers

SPDX 2.0 Release Feedback

  • Need a bug for documenting the difference between "SPDX File" and "SPDX Document"
  • Best practices - should be updated


  • Proposal to focus on collateral and postpone snippets until fall
  • Discussed use cases and priority
  • Structure in the tag/value document
    • Adding byte range makes it difficult to create
    • Can we make the byte range optional?
    • Should it be its own tag or just a sub-tag in the file? Postponed to a future discussion

External / Package Management systems identifiers

  • Bill S articulated the benefit of having a place in the model to identify the package/versionnot by a URL / VCS, but rather by the unique package name/version within some namespace (package mgr)
    • e.g. (pseudo package manager command lines…)
    • apt get foo 1.1 (Debian / Ubuntu)
    • rpm install foo 1.1 (Redhat / CentOS)
    • pip install foo 1.1 (Python Package Index)
    • cpan get (Perl - Comprehensive Perl Archive Network)
    • maven get foo 1.1 (Maven Central)
  • Bill will file a Bugzilla bug report to track the issue

Discussion: how to get developers to have good OSS hygiene

  • Suggest Markup / Put inside source files:
    • license notice
    • contributors notice
  • “Grading OSS projects” (Apache projects get A+ generally)
  • Michael: acknowledge expansion of mission of group?
  • If this happened, generating SPDX document becomes mechanical.