THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Communicate data beyond what is described in spec"
From SPDX Wiki
(Convert to MediaWiki syntax) |
|||
(15 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes). | |
− | + | ==Stakeholders and interests== | |
− | + | * '''SPDX producer'''The person or organization that is producing the SPDX and wish to extend it with non-standard information. | |
+ | * '''standard SPDX consumer'''A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer". | ||
+ | * '''extended SPDX consumer'''A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data. | ||
− | + | ==Main scenario== | |
− | + | # SPDX producer analyzes the package for all the standard SPDX data | |
+ | # SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package | ||
+ | # SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist | ||
+ | # SPDX producer publishes this file on their website as a "SPDX file for package X" | ||
+ | # An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations | ||
− | + | ==Alternate scenario A== | |
− | + | # SPDX producer analyzes the package for all the standard SPDX data | |
+ | # SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package | ||
+ | # SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist | ||
+ | # SPDX producer publishes this file on their website as a "SPDX file for package X" | ||
+ | # A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes | ||
− | + | == Failed scenario == | |
+ | # '''Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.''' | ||
− | + | [[Category:Technical]] | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + |
Latest revision as of 13:17, 7 March 2013
A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes).
Stakeholders and interests
- SPDX producerThe person or organization that is producing the SPDX and wish to extend it with non-standard information.
- standard SPDX consumerA person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".
- extended SPDX consumerA person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.
Main scenario
- SPDX producer analyzes the package for all the standard SPDX data
- SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
- SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
- SPDX producer publishes this file on their website as a "SPDX file for package X"
- An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations
Alternate scenario A
- SPDX producer analyzes the package for all the standard SPDX data
- SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
- SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
- SPDX producer publishes this file on their website as a "SPDX file for package X"
- A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes
Failed scenario
- Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.