Raw chat trace from 2019-02-20

[David Keaton <dmk@dmk.com>]

anonymous morphed into Larry Golding
Please change your name from 'anonymous1' using the Settings button
anonymous morphed into Michael C. Fanning
anonymous1 morphed into [Co-Chair] David Keaton
[Co-Chair] David Keaton: Having difficulties with MS Teams, and calling 
in yields "we couldn't complete the call"
Michael C. Fanning: Agenda link
Michael C. Fanning: 
https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/64729/agenda_20190220.html
Michael C. Fanning: david you can't use the call-in by phone option?
Michael C. Fanning: is what you're saying?
[Co-Chair] David Keaton: Right
[Co-Chair] David Keaton: 
https://www.oasis-open.org/committees/document.php?document_id=64729&wg_abbrev=sarif
Michael C. Fanning: David, can you try the teams web client?
[Co-Chair] David Keaton: Tried that, but no audio
anonymous morphed into Luke Cartey
[Co-Chair] David Keaton: I'm downloading the full app now in hopes that 
it will solve things
Luke Cartey: I've created a calendar event on oasis-open.org, as we 
didn't appear to have one already:
https://www.oasis-open.org/apps/org/workgroup/sarif/event.php?event_id=48747
[Co-Chair] David Keaton: Thanks, Luke.
Michael C. Fanning: david does it make sense for luke to convene the group?
[Co-Chair] David Keaton: Yes, Luke, if you could get things started, I 
will join in as soon as I can.
Luke Cartey: Ok, no problem
Larry Golding: Convened by Luke.
Larry Golding: 7 members present => quorum
Larry Golding: Approval of agenda: Moved by MF, seconded.
Larry Golding: Discussion: MF moves to amend by removing 4.2.1, 
seconded, approved.
Larry Golding: Agenda approved as amended without objectction.
Larry Golding: Approval of previous minutes as raw chat trace: moved by 
MF, seconded, approved without objection.
Larry Golding: Luke: No changes to voting membership.
Larry Golding: DMK: Timeline: Still working on CSD.2. We will not take 
technical changes after CSD.2.
Larry Golding: DMK: Future meetings: Motion to have meetings on 3/6 and 
3/20 (note DST change between those two meeting).
Larry Golding: DMK/MF: We want to close on CSD.2 draft at 3/20 meeting.
Larry Golding: KO: 3/6 is RSA week.
Larry Golding: KO: Moves to amend to 3/13, 3/27, seconded
Larry Golding: Amendment approved without objection.
Larry Golding: Amended proposal (3/13, 3/27, 9:30 AM PDT) approved 
without objection.
Larry Golding: #312: "updated" baseline state
Larry Golding: #312: No changes requested.
Larry Golding: #146: Hierarchical rule id
Larry Golding: Intent is to support granular suppression of results.
Larry Golding: #146: change example to suppress md5 by warn about sha-1.
Larry Golding: JK: Can you have different rules for md5 and sha-1?
Larry Golding: LJG: Yes, a tool can do that, but this feature helps you 
out when you _don't_ have granular enough rules.
Larry Golding: LC: Can you no longer have hierarchical ids produced by a 
tool?
Larry Golding: Changes: Note that it allows more granular result matching.
Larry Golding: Changes: Note the change in constraint between 
result.ruleId and rule.ruleId: latter has to be component-wise prefix of 
former.
Larry Golding: JK: Request: Consider making sub-rule-ids a formal part 
of rule metadata, to allow component-wise enable/disable or filtering.
Larry Golding: MF files #329
Larry Golding: Discussion about how necessary #329 is in v2.0. Mark it P2.
Larry Golding: JK: Wants to encourage vendors to list all their rule ids.
Larry Golding: MF: Tool vendor might not want to allow configurability 
on a sub-rule basis.
Larry Golding: JK: It's not just enable/disable/configure, it's about 
filtering.
Larry Golding: #322: "directory" role
Larry Golding: No changes requested.
Larry Golding: #317: result.level/result.kind
Larry Golding: Change: If "kind" is not "fail", "level" defaults to 
"none" rather than being absent.
Larry Golding: Change: Add text for "kind.debug". Used for debugging, 
automation systems should ignore.
Larry Golding: Needs to be fixed in the schema.
Larry Golding: Change: Clarify "open" and "review" per email thread.
Larry Golding: LJG: Move to approve #146/312/#317/#322 with changes as 
noted above in chat window. Seconded, approved without objection.
Larry Golding: brb
Larry Golding: MF: Motion to approve #325 in principle, subject to 
GrammaTech's approval, seconded.
Larry Golding: MF: We will send out a schema change.
Larry Golding: Approved without objection.
Larry Golding: MF: Motion to approve #323 in principle: 
invocations:invocation[] => invocation.invocation
Larry Golding: MF: Jim's scenario: Create a run object for each element, 
with a common run identifier.
Larry Golding: JK: A run is a coherent operation of a tool and its 
extensions; all invocations are associated with the same set of extensions.
Larry Golding: JK: C tools often work by monitoring a build to create a 
list of files, then analyzing the resulting files, then filtering to 
produce output.
Larry Golding: JK: Another mode: A tool could record the command line 
that produced an error in a certain file: various flags (-D, -U, etc.) 
might vary from directory to directory or file to file.
Larry Golding: JK: Different plugins => different runs. Same plugins but 
different compiler command lines => same run
Larry Golding: Clarify spec that all invocations use the same set of 
plugins.
Larry Golding: (within a single run)
Larry Golding: invocationIndex should always point to the driver tool, 
not to one of these "auxilliary" tools.
Larry Golding: But how do these auxilliary tools produce notifications?
Larry Golding: Answer: Anything that produces notifications needs to be 
described in its own run, as its own driver.
Larry Golding: MF: Move as follows:
Michael C. Fanning: Disposition on this is a spec clarification that all 
invocations refer to the common configuration specified by the tool. 
Disparate tools require organization per run. Invocations must refer to 
a common tool configuration (qualified by command line only, not tool 
distribution).
Larry Golding: seconded
Larry Golding: Approved without objection.
Larry Golding: #327: Removing invocation.attachments.
Larry Golding: We have invocation.responseFiles:fileLocation[]
Larry Golding: config files are now in configuration.extensions.
Larry Golding: MF: Move to accept #327
Larry Golding: seconded
Larry Golding: Approved without objection.
Larry Golding: { "ruleId": "CA2001", "ruleLocator": { "index": 1, 
"extensionIndex": 0 } ... }
Larry Golding: Move to accept #324 --without-- the id property.
Larry Golding: seconded, approved without objection.
Larry Golding: MF: Move to accept #314, second
Larry Golding: approved without objection
Larry Golding: MF: #321: Move externalFiles to the log file
Larry Golding: { "externalFiles": { "taxonomies": {...}, 
"runs[0].invocations": {...} } }
Larry Golding: Did not have time to close this.
Larry Golding: DMK: Please discuss this in email.
Larry Golding: We approved #314 but didn't agree on how to externalize 
it (#321)
Larry Golding: Next meeting: 3 weeks, 3/13, 9:30 AM PDT
Larry Golding: MF: Move to adjourn, seconded, approved without objection.
Larry Golding: Adjourned at 11:28 AM