Technical Team/Minutes/2015-09-15

From SPDX Wiki
Jump to: navigation, search

Sept 15, 2015

Attendees

  • Kate Stewart
  • Bill Schineller
  • Yev Bronshteyn
  • Hassib Khanafer
  • Matt Germonprez
  • Mark Gisi
  • Michael Herzog

External Identifiers

External Identifiers proposal for discussion: https://docs.google.com/document/d/1RpIFg41LdD6CKcw2FyJw1G5fpaEK6Z-XFM-66JUc8Jo/edit

  • title agreed to be “External Identifiers” - drop Packages & Versions (although all agree version information is important to capture, want to have broader reach)>
  • general agreement that Appendix approach is way we want to go.
  • want to have separate section for “security reference” to make easy to find/marketing purposes.
  • software package management systems (Group Artifact Version) and software distributions sections consider to combine to "Package Managers and Code Repositories" for next meeting.
  • how handle other external databases?
  • space for cross links to other tools (like Open Hub, Proprietary tools)
  • github example - where does this fit? (reason for merging package managers & code repositories to one section"
  • Criteria for adding to appendix:
  • We get agreement from project on data format, if it doesn’t have a formalized version already documented. Like feedback we've just gotten from Debian which needs to be included in next draft.
  • Tables in Appendix to be reformatted a bit, so better ties up to text, Bill to work on for next meeting.
  • Open Questions:
  • Which section does External Identifiers live? likely in Package level (discuss usecase with FIle, and make sure ok to refer to as External Package).
  • Will it work for Financial Services Applications examples - looking to build on CPEs with External Packages. BOM with CPEs.

External Packages proposal. https://docs.google.com/document/d/11kjtrzuZVKlbWIjaEq7bbZPA_cT55eLOOxpnnQ_rghU/edit#heading=h.gjdgxs

Next week, revisit external IDs and External Packages - does the use case work. Bill to make changes to External Identifiers proposal prior to meeting.

Reminder please sign up for: Supply chain workshop on October 8 in Dublin. (Stefano and Uday). http://events.linuxfoundation.org/events/linuxcon-europe/extend-the-experience/supply-chain-summit