From f8083b581cff327b738c1cb2f98c2a131f3f5462 Mon Sep 17 00:00:00 2001 From: Rob Craig Date: Tue, 6 Aug 2024 14:36:19 -0400 Subject: [PATCH] Create 2024-08-06.md Adds meeting minutes/agenda SPDX Tech Team Meeting 2024-08-06 --- tech/2024/2024-08-06.md | 75 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 tech/2024/2024-08-06.md diff --git a/tech/2024/2024-08-06.md b/tech/2024/2024-08-06.md new file mode 100644 index 00000000..cb6534d0 --- /dev/null +++ b/tech/2024/2024-08-06.md @@ -0,0 +1,75 @@ +# SPDX Tech Team Meeting 2024-08-06 + +## Attendees + +- Alfred Strauch +- Arthit Suriyawongkul +- Dick Brooks +- ilans +- Jeff Licquia +- Joshua Watt +- Karsten Klein +- Kate Stewart +- Maximillian Huber +- Peter Monks +- Rose Judge +- Sean Barnum +- Steven Carbno +- Victor Lu + +## Agenda + +- Approve minutes +- Branch strategy on spec repo - reminder, plan + - Alexios and Gary need to be present. + +### Model 3.0.1 + +- licenseXml: Link license-list-XML to a specific version (v3.24.0) + https://github.com/spdx/spdx-3-model/pull/819 + - Swinslow: "Are we planning to keep updating it to the latest License List release repeatedly? E.g., I'm likely going to be pushing 3.25.0 in a few days, so this would be out of date soon. Does it make sense to just keep it pointing to the main branch?" + - Since the main branch is going to be changing over time, and we have been including a static list in the past, let's just go with a fixed point in time now (which matches what we historically did on our first submission to ISO). +- Decide about the inclusion of Legacy Text Template + (cited in standardLicenseTemplate and in standardAdditionTemplate) + https://github.com/spdx/spdx-3-model/issues/747 + - Discussed in call, and closed. +- [Security] Add text labels to bare URLs + https://github.com/spdx/spdx-3-model/pull/812 + - Rose looking at it, +- [Software] Update gitoid and Package URL refs + https://github.com/spdx/spdx-3-model/pull/813 + - Art did additional research, and provided additional data. review afterwards. + - For Package URL, + - do we like to ref https://github.com/package-url/purl-spec/ (with a specific commit) + - or do we like to ref Annex E https://spdx.github.io/spdx-spec/v3.0.1/annexes/pkg-url-specification/ ? + - We should just refer to annex. Art to make changes. +- How JSON-LD context file of 3.0.1 should be named? + `https://spdx.org/rdf/3.0.0/spdx-context.jsonld` OR `https://spdx.org/rdf/3.0.1/spdx-context.jsonld` + See https://github.com/spdx/spdx-3-model/pull/802#discussion_r1698638134 + - everthing should have separately named JSONLD context file. Every object is unique between version. + - Need to use the context that matches the version of the document. + - Concern over RDF way of consolidating. Needs extra steps for resolving. + - Key is changing the IRI's in 3.0.1. Need to convert every IRIs. Possibly consider a lifting utility (older version to newer one) in future to make this less complicated. It is a mechanical conversion. + - Max asks that we just change to 3.0.1 - where there is a change, and leave the rest as 3.0.0. Spec parser would need to change. + - Mixed version numbers; keep all same vs. tracking in what changes. Challenge no volunteer to update spec parser, so we'll go with 3.0.1 + +## Spec 3.0.1 + +- Update relationshipType translation table (Annex A) + https://github.com/spdx/spdx-spec/pull/1019 + - Joshua will help review, also Rose on security-related +- Spec website: How do we like the URL aliases to work? (should v3.0 redirects to v3.0.1 ?) + https://github.com/spdx/spdx-spec/issues/1018 + - Delay until after 3.0.1 is published, and then get input from Gary & others. + +- Volunteers from China & Japan to start translating from 3.0.1 - looking for a .pdf + +## Notes + +- #819 merged +- https://github.com/spdx/spdx-3-model/issues/747 - The meeting decided to go with Option 2 (Keep Legacy Text Template) + +These two need to be considered together: https://github.com/spdx/spdx-3-model/pull/796 & https://github.com/spdx/spdx-spec/pull/1016 + +## Decision +- 3.0.1 for IRIs.