THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Minutes/2020-05-05
From SPDX Wiki
< Technical Team | Minutes
May 5, 2020
Contents
Attendees
- Alexios Zavras
- Nisha Kumar
- Steve Winslow
- Kate Stewart
- William Bartholomew
- Gary O’Neall
- Sean Goggins
- Jim Hutchison
- Karsten Klein
- Vicky Brasseur
- Rose Judge
- Thomas Steenbergen
- Takashi Ninjouji
- Santiago Torres
GSoC
- 4 projects selected
- Looking for mentoring possibility for one of the students who should have been selected but wasn’t
- Currently in community bonding
- Active coding about a month away, will start having the students join the call at that time
- Discussion on the approach for repos:
- Up to student and mentor – Gary can create a repo in SPDX, can use a branch in an existing SPDX repo, or can use the student’s repo and transfer to SPDX at the end of the project
- Question on Gitter
- We’ll use the public SPDX channel for most communications
SPDX 2.2
- Release done over the weekend
- development/v2.2.1 branch created and made the default branch
- Thanks to the many contributors and reviewers – especially Alexios, Steve, Thomas, William, Kate and Gary
- Rendering for the v2 draft has some problems – William is looking into
SPDX 2.2.1
- Focused on the ISO standard
- Conversion to the standard as first phase and move to word for submission as a second phase
Containers
- See slides for the overview presented by Nisha
- Issue with download URL not being a URL
- Issue with the size – 7MB for the example shown
- Issue with difference in representation in the layer descriptions and in the flattened image
- Name are based on the SHA checksum, not a natural filename
- Is it possible to define an SPDX document for each layer
- Yes – external document refs can be used
- Discussion on tooling support
- Discussion on different relationship types for the manifest.json and config.json
- How do we account for content addressable “Packages”?
- What does an external reference look like for deployments?
- Can we compose/decompose SPDX documents?
- Can we provide pipeline context?
- General agreement that the relationships between docs and pipeline is related to the linking proposal Santiago is working on