Technical Team/Minutes/2017-05-15

From SPDX Wiki
Jump to: navigation, search

May 15, 2017

Attendees

  • Gary O’Neall
  • Sai Uday Shankar
  • Thomas Steenberg
  • Kate Stewart
  • Anna Buhman
  • Yev Bronshteyn

SPDX specification to github

GSoC Coordination

  • Gary: online validation tools overlap concern, Kate clarified – only the titles are the same
  • Uday: how will someone use a resource to get started?
    • Gary - mirroring same AWS instance from OpenChain, and make it available for students to use. $35/month to host. Same account and create an instance. Work out accounting.
    • Approval from OpenChain group to use their instance for additional work. Set up right credentials and access. Elastic beanstalk. Push from development to production cleanly.
    • Need a redirect subdomain mapping for AWS. Do this during bonding period. Will start creating github repositories - github.com/spdx/
    • Gary will set up repositories in SPDX github account - just needs to know name of repository and github id. (Kate to send in for Krys).

Github cleanup

  • Some of the repos were contributed by other companies. (airs, osip) - would like their permission to rename/relocate
  • Some created by core team but should be removed. (gitolite admin, spdx-rdf-vocabulary)
  • Thomas & Gary to research best practice for dealing with older repositories, pinning them, deprecated, other solution

Next SPDX Spec

  • See https://docs.google.com/document/d/1vJqWGU02ynzrJ5CvmX1z2mBssOSpuBvuKene8jVJGNI/edit
  • relationships in license
    • Agree this is a good proposal
    • Gary will take to legal for discussion
    • Result an appendix
  • Dependency version range
    • A solution to the problem when licenses may not be determinable at build time due to version range rather than specific version
    • Agree this is a good problem to solve
  • Size of File optional
    • Some concern on additional fields being added to the spec, but it is optional
    • Agree this is OK to add
  • Discussion on Limited information for some file contents of package, but not requiring all the files of the license
    • Can we use filesAnalyzed=false?
      • Doesn’t solve all the use cases
    • Discussion on views as being a solution
      • Discussion on whether this is a standard, tool, or best practices
      • SPARQL can be provided for views
    • Is this reducing the minimum to allow smaller documents