Create 2024-08-06.md

tech/2024/2024-08-06.md

@@ -0,0 +1,75 @@
+# SPDX Tech Team Meeting 2024-08-06
+
+## Attendees
+
+- Alfred Strauch
+- Arthit Suriyawongkul
+- Dick Brooks
+- ilans
+- Jeff Licquia
+- Joshua Watt
+- Karsten Klein
+- Kate Stewart
+- Maximillian Huber
+- Peter Monks
+- Rose Judge
+- Sean Barnum
+- Steven Carbno
+- Victor Lu
+
+## Agenda
+
+- Approve minutes
+- Branch strategy on spec repo - reminder, plan 
+   - Alexios and Gary need to be present.   
+
+### Model 3.0.1
+
+- licenseXml: Link license-list-XML to a specific version (v3.24.0)
+  https://github.com/spdx/spdx-3-model/pull/819
+  - Swinslow: "Are we planning to keep updating it to the latest License List release repeatedly? E.g., I'm likely going to be pushing 3.25.0 in a few days, so this would be out of date soon. Does it make sense to just keep it pointing to the main branch?"
+    - Since the main branch is going to be changing over time, and we have been including a static list in the past, let's just go with a fixed point in time now (which matches what we historically did on our first submission to ISO). 
+- Decide about the inclusion of Legacy Text Template
+  (cited in standardLicenseTemplate and in standardAdditionTemplate)
+  https://github.com/spdx/spdx-3-model/issues/747
+    - Discussed in call, and closed.   
+- [Security] Add text labels to bare URLs
+  https://github.com/spdx/spdx-3-model/pull/812
+    - Rose looking at it,  
+- [Software] Update gitoid and Package URL refs
+  https://github.com/spdx/spdx-3-model/pull/813
+  - Art did additional research, and provided additional data.   review afterwards. 
+  - For Package URL,
+    - do we like to ref https://github.com/package-url/purl-spec/ (with a specific commit)
+    - or do we like to ref Annex E https://spdx.github.io/spdx-spec/v3.0.1/annexes/pkg-url-specification/ ?
+    - We should just refer to annex.   Art to make changes. 
+- How JSON-LD context file of 3.0.1 should be named?
+  `https://spdx.org/rdf/3.0.0/spdx-context.jsonld` OR `https://spdx.org/rdf/3.0.1/spdx-context.jsonld`
+  See https://github.com/spdx/spdx-3-model/pull/802#discussion_r1698638134
+    - everthing should have separately named JSONLD context file.   Every object is unique between version.   
+    - Need to use the context that matches the version of the document.   
+    - Concern over RDF way of consolidating.   Needs extra steps for resolving.   
+    - Key is changing the IRI's in 3.0.1.    Need to convert every IRIs.    Possibly consider a lifting utility (older version to newer one) in future to make this less complicated.   It is a mechanical conversion. 
+    - Max asks that we just change to 3.0.1 - where there is a change, and leave the rest as 3.0.0.   Spec parser would need to change.   
+    - Mixed version numbers;  keep all same vs. tracking in what changes.    Challenge no volunteer to update spec parser, so we'll go with 3.0.1
+
+## Spec 3.0.1
+
+- Update relationshipType translation table (Annex A)
+  https://github.com/spdx/spdx-spec/pull/1019
+    - Joshua will help review, also Rose on security-related
+- Spec website: How do we like the URL aliases to work? (should v3.0 redirects to v3.0.1 ?)
+  https://github.com/spdx/spdx-spec/issues/1018
+    - Delay until after 3.0.1 is published, and then get input from Gary & others. 
+
+- Volunteers from China & Japan to start translating from 3.0.1 - looking for a .pdf
+
+## Notes
+
+- #819 merged
+- https://github.com/spdx/spdx-3-model/issues/747 - The meeting decided to go with Option 2 (Keep Legacy Text Template)
+
+These two need to be considered together:  https://github.com/spdx/spdx-3-model/pull/796 & https://github.com/spdx/spdx-spec/pull/1016
+
+## Decision
+- 3.0.1 for IRIs.