THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2016-03-30

From SPDX Wiki
Jump to: navigation, search

Linux Collaboration Summit F2F Meeting March 30, 2016

Attendees

  • Kate Stewart
  • Gary O'Neall
  • Jack Manbeck
  • Bill Schineller
  • Robin Gandhi
  • Tom Vidal
  • Matt Germonprez
  • David Wheeler

Review of the 2.1 Spec

  • See updated Google Doc for results of the review: https://docs.google.com/document/d/112x3s3g1Qg2tj8bjvIPsqIBlWUp3Sob37cvAx2eiS6U
  • Update section 1.8 to reflect that NONE and NOASSERTION have been clarified
  • In the context of external packages, have a couple examples of scenerios 3.5, 3.6, and 3.7 filled in
  • Section 3.8 - add a Project example for the case when the SPDX document represent a meta level project
  • Discussion on the requirement to have a package in every SPDX document
    • Has been an assumption in the past
    • Correction use case - just refer to another SPDX document that has the package and make a correction
      • Will discuss in the next meeting
  • Should we expand the purpose to include more than just the binary file case? Agree it should be expanded - Rob to propose
  • Discussion on the cardinality of the packageVerificationCode being dependent on the has files field
    • Can not use the OWL constraint
    • Discussed possibly requiring the verification code but changing the algorithm
      • Could not arrive at a satisfactory algorithm for all the use cases discussed
  • External reference ID
    • Rule to add a new pre-defined reference
      • Must have a valid regular expression for the reference