OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Raw chat trace from 2019-02-20

anonymous morphed into Larry Golding
Please change your name from 'anonymous1' using the Settings button
anonymous morphed into Michael C. Fanning
anonymous1 morphed into [Co-Chair] David Keaton
[Co-Chair] David Keaton: Having difficulties with MS Teams, and calling in yields "we couldn't complete the call"
Michael C. Fanning: Agenda link
Michael C. Fanning: https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/64729/agenda_20190220.html
Michael C. Fanning: david you can't use the call-in by phone option?
Michael C. Fanning: is what you're saying?
[Co-Chair] David Keaton: Right
[Co-Chair] David Keaton: https://www.oasis-open.org/committees/document.php?document_id=64729&wg_abbrev=sarif
Michael C. Fanning: David, can you try the teams web client?
[Co-Chair] David Keaton: Tried that, but no audio
anonymous morphed into Luke Cartey
[Co-Chair] David Keaton: I'm downloading the full app now in hopes that it will solve things Luke Cartey: I've created a calendar event on oasis-open.org, as we didn't appear to have one already:
[Co-Chair] David Keaton: Thanks, Luke.
Michael C. Fanning: david does it make sense for luke to convene the group?
[Co-Chair] David Keaton: Yes, Luke, if you could get things started, I will join in as soon as I can.
Luke Cartey: Ok, no problem
Larry Golding: Convened by Luke.
Larry Golding: 7 members present => quorum
Larry Golding: Approval of agenda: Moved by MF, seconded.
Larry Golding: Discussion: MF moves to amend by removing 4.2.1, seconded, approved.
Larry Golding: Agenda approved as amended without objectction.
Larry Golding: Approval of previous minutes as raw chat trace: moved by MF, seconded, approved without objection.
Larry Golding: Luke: No changes to voting membership.
Larry Golding: DMK: Timeline: Still working on CSD.2. We will not take technical changes after CSD.2. Larry Golding: DMK: Future meetings: Motion to have meetings on 3/6 and 3/20 (note DST change between those two meeting).
Larry Golding: DMK/MF: We want to close on CSD.2 draft at 3/20 meeting.
Larry Golding: KO: 3/6 is RSA week.
Larry Golding: KO: Moves to amend to 3/13, 3/27, seconded
Larry Golding: Amendment approved without objection.
Larry Golding: Amended proposal (3/13, 3/27, 9:30 AM PDT) approved without objection.
Larry Golding: #312: "updated" baseline state
Larry Golding: #312: No changes requested.
Larry Golding: #146: Hierarchical rule id
Larry Golding: Intent is to support granular suppression of results.
Larry Golding: #146: change example to suppress md5 by warn about sha-1.
Larry Golding: JK: Can you have different rules for md5 and sha-1?
Larry Golding: LJG: Yes, a tool can do that, but this feature helps you out when you _don't_ have granular enough rules. Larry Golding: LC: Can you no longer have hierarchical ids produced by a tool?
Larry Golding: Changes: Note that it allows more granular result matching.
Larry Golding: Changes: Note the change in constraint between result.ruleId and rule.ruleId: latter has to be component-wise prefix of former. Larry Golding: JK: Request: Consider making sub-rule-ids a formal part of rule metadata, to allow component-wise enable/disable or filtering.
Larry Golding: MF files #329
Larry Golding: Discussion about how necessary #329 is in v2.0. Mark it P2.
Larry Golding: JK: Wants to encourage vendors to list all their rule ids.
Larry Golding: MF: Tool vendor might not want to allow configurability on a sub-rule basis. Larry Golding: JK: It's not just enable/disable/configure, it's about filtering.
Larry Golding: #322: "directory" role
Larry Golding: No changes requested.
Larry Golding: #317: result.level/result.kind
Larry Golding: Change: If "kind" is not "fail", "level" defaults to "none" rather than being absent. Larry Golding: Change: Add text for "kind.debug". Used for debugging, automation systems should ignore.
Larry Golding: Needs to be fixed in the schema.
Larry Golding: Change: Clarify "open" and "review" per email thread.
Larry Golding: LJG: Move to approve #146/312/#317/#322 with changes as noted above in chat window. Seconded, approved without objection.
Larry Golding: brb
Larry Golding: MF: Motion to approve #325 in principle, subject to GrammaTech's approval, seconded.
Larry Golding: MF: We will send out a schema change.
Larry Golding: Approved without objection.
Larry Golding: MF: Motion to approve #323 in principle: invocations:invocation[] => invocation.invocation Larry Golding: MF: Jim's scenario: Create a run object for each element, with a common run identifier. Larry Golding: JK: A run is a coherent operation of a tool and its extensions; all invocations are associated with the same set of extensions. Larry Golding: JK: C tools often work by monitoring a build to create a list of files, then analyzing the resulting files, then filtering to produce output. Larry Golding: JK: Another mode: A tool could record the command line that produced an error in a certain file: various flags (-D, -U, etc.) might vary from directory to directory or file to file. Larry Golding: JK: Different plugins => different runs. Same plugins but different compiler command lines => same run Larry Golding: Clarify spec that all invocations use the same set of plugins.
Larry Golding: (within a single run)
Larry Golding: invocationIndex should always point to the driver tool, not to one of these "auxilliary" tools.
Larry Golding: But how do these auxilliary tools produce notifications?
Larry Golding: Answer: Anything that produces notifications needs to be described in its own run, as its own driver.
Larry Golding: MF: Move as follows:
Michael C. Fanning: Disposition on this is a spec clarification that all invocations refer to the common configuration specified by the tool. Disparate tools require organization per run. Invocations must refer to a common tool configuration (qualified by command line only, not tool distribution).
Larry Golding: seconded
Larry Golding: Approved without objection.
Larry Golding: #327: Removing invocation.attachments.
Larry Golding: We have invocation.responseFiles:fileLocation[]
Larry Golding: config files are now in configuration.extensions.
Larry Golding: MF: Move to accept #327
Larry Golding: seconded
Larry Golding: Approved without objection.
Larry Golding: { "ruleId": "CA2001", "ruleLocator": { "index": 1, "extensionIndex": 0 } ... }
Larry Golding: Move to accept #324 --without-- the id property.
Larry Golding: seconded, approved without objection.
Larry Golding: MF: Move to accept #314, second
Larry Golding: approved without objection
Larry Golding: MF: #321: Move externalFiles to the log file
Larry Golding: { "externalFiles": { "taxonomies": {...}, "runs[0].invocations": {...} } }
Larry Golding: Did not have time to close this.
Larry Golding: DMK: Please discuss this in email.
Larry Golding: We approved #314 but didn't agree on how to externalize it (#321)
Larry Golding: Next meeting: 3 weeks, 3/13, 9:30 AM PDT
Larry Golding: MF: Move to adjourn, seconded, approved without objection.
Larry Golding: Adjourned at 11:28 AM

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]