THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Intermediate packager builds binary package from upstream source that provides SPDX data"
From SPDX Wiki
(Convert to MediaWiki syntax) |
|||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | # '''Title:''' Intermediate packager builds binary package from upstream source that provides SPDX data | |
+ | # '''Primary Actor:''' Intermediate packager (someone building a binary rpm, deb, etc from upstream source) | ||
+ | # '''Goal in Context:''' To include in the package SPDX data describing the packages licensing information for the binary package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data. | ||
+ | # '''Stakeholders and Interests:''' | ||
+ | ## '''Upstream maintainers: ''' | ||
+ | ### To communicate the licensing information for their copyrightable artifacts. | ||
+ | ### To have their licenses respected | ||
+ | ## '''Intermediate Packager:''' | ||
+ | ### To communicate the licensing information for their package | ||
+ | ### To communicate the licensing information provided by the upstream maintainer. | ||
+ | ### To respect the licenses of the upstream maintainer | ||
+ | ## '''Consumers of packages:''' | ||
+ | ### To receive accurate and clear information of licensing of packages | ||
+ | ### To be able to comply easily with licenses for packages | ||
+ | ### To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions. | ||
+ | ### To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts. | ||
+ | # '''Preconditions:''' | ||
+ | ## Upstream maintainer has provided SPDX data | ||
+ | # '''Main Success Senario:''' Packager communicates accurate complete licensing information for their package in an SPDX data format via all of the applicable SPDX delivery mechanisms. | ||
+ | # '''Failed End Condition:''' Package maintainer communicates inaccurate incomplete licensing information for their package. | ||
+ | # '''Trigger:''' | ||
+ | ## Release of a new package | ||
+ | # '''Notes:''' Upstream may be the root provider of the code, a source package, or some other intermediate party. At the end of the day it's who you got the code from. | ||
+ | |||
+ | [[Category:Technical]] |
Latest revision as of 13:15, 7 March 2013
- Title: Intermediate packager builds binary package from upstream source that provides SPDX data
- Primary Actor: Intermediate packager (someone building a binary rpm, deb, etc from upstream source)
- Goal in Context: To include in the package SPDX data describing the packages licensing information for the binary package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data.
- Stakeholders and Interests:
- Upstream maintainers:
- To communicate the licensing information for their copyrightable artifacts.
- To have their licenses respected
- Intermediate Packager:
- To communicate the licensing information for their package
- To communicate the licensing information provided by the upstream maintainer.
- To respect the licenses of the upstream maintainer
- Consumers of packages:
- To receive accurate and clear information of licensing of packages
- To be able to comply easily with licenses for packages
- To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.
- To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
- Upstream maintainers:
- Preconditions:
- Upstream maintainer has provided SPDX data
- Main Success Senario: Packager communicates accurate complete licensing information for their package in an SPDX data format via all of the applicable SPDX delivery mechanisms.
- Failed End Condition: Package maintainer communicates inaccurate incomplete licensing information for their package.
- Trigger:
- Release of a new package
- Notes: Upstream may be the root provider of the code, a source package, or some other intermediate party. At the end of the day it's who you got the code from.