Technical Team/Minutes/2018-05-22

From SPDX Wiki
Jump to: navigation, search

May 22, 2018

Attendees

  • Gary O’Neall
  • Yev Bronshteyn
  • Kate Stewart
  • Krys Nuvadga
  • Thomas Steenbergen

2.1.1

Thomas still working on the .pdf printing for 2.1.1, getting images inserted is problematic.

2.2

Discussed proposal that Annotations apply to licenses as well as SPDX elements (documents, packages, files, snippets)

  • seem to be some desire to keep License references same way treating the other SPDX elements.
  • Thomas would find it useful to comment on license-refs, possibly all in license list as well.
  • Discussion on how model should change… initial thoughts to keep it restricted to document scope
  • However, Thomas brought up example is a license acceptable or not by policies in supply chain.
  • Like to move this in spec, that agreement is embedded in SPDX document.
  • Yev pointed out that the Scope the license annotation applies to is important here
  • Discussed different use cases for licenses
    • review (ie. here’s the rest of the license information that wasn’t shown)
    • annotations in licenses as it applies to policy

.* Thomas’ use case, not specific to license, policy could be specific to snippets, packages, etc. additional context. Want to make sure we handle when aggregate multiple SPDX documents into database.

  • Scope may indicate how a document license as applies to a specific package. Based on how we’re distributing, which of a dual license applies.
  • Scope attribute - is common to both use cases? Likely yes.
  • What about modeling licensing policies?
  • Maybe introduce LicenseAnnotation? not conflate the two. Semantically distinct.
  • Two types of annotation, is document annotation (current annotation) and license annotation.
  • In spec, possibly use header titles, but leave fields as is for annotation to clarify Document annotations vs. License annotations
  • License annotations should have licenceId and scope.
  • Licencse ID can be either license identifier from license list or LicenseRef.
  • Scope identifier is SPDX element (document, package, file, snippet).
  • AI: Kate create - new issue to be created: 2.2 - targeted issue for license annotation type , connecting, create new section. Work up proposal.
  • AI: Gary start an updated model for 2.2

Other Items of Interest

Kate is working on pulling together evidence to get SPDX to qualify as NIST standard. Anyone wanting to help, please let her know.

GSoC

  • Krys: concern about getting students more active in community
  • Possibly exams still happening is cause of quiet.
  • Gary: Propose allocate first 20 minutes for reports from students. Krys Agreed.
  • Krys: would like to know that 1:1s are occurring with other mentors/mentees. Other mentors adopt?