THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Intermediate packager builds source package from upstream source that provides SPDX data"
From SPDX Wiki
Line 1: | Line 1: | ||
− | <ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Title:</strong> Intermediate packager builds source package from upstream source that provides SPDX data</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Primary Actor:</strong> Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Goal in Context:</strong> To include in the package SPDX data describing the packages licensing information for the package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data.</li><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Stakeholders and Interests:</strong><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;"> </span><ol><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Upstream maintainers: </strong><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li>To communicate the licensing information for their copyrightable artifacts. </li><li>To have their licenses respected</li></ol></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;"><strong>Intermediate Packager:</strong><br /></span></li><ol><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information for their package</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information provided by the upstream maintainer.</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To respect the licenses of the upstream maintainer</span></li></ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Preconditions:</strong> <ol><li>Upstream maintainer has provided SPDX data</li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Main Success Senario:</strong> Packager communicates accurate complete licensing information for their package in an SPDX data format | + | <ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Title:</strong> Intermediate packager builds source package from upstream source that provides SPDX data</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Primary Actor:</strong> Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Goal in Context:</strong> To include in the package SPDX data describing the packages licensing information for the package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data.</li><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Stakeholders and Interests:</strong><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;"> </span><ol><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Upstream maintainers: </strong><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li>To communicate the licensing information for their copyrightable artifacts. </li><li>To have their licenses respected</li></ol></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;"><strong>Intermediate Packager:</strong><br /></span></li><ol><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information for their package</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information provided by the upstream maintainer.</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To respect the licenses of the upstream maintainer</span></li></ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Preconditions:</strong> <ol><li>Upstream maintainer has provided SPDX data</li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Main Success Senario:</strong> Packager communicates accurate complete licensing information for their package in an SPDX data format via all of the applicable SPDX delivery mechanisms.</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Failed End Condition:</strong> Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Notes:</strong> This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol> |
Revision as of 18:59, 7 August 2012
- Title: Intermediate packager builds source package from upstream source that provides SPDX data
- Primary Actor: Intermediate packager (someone building a rpm, deb, etc from upstream source)
- Goal in Context: To include in the package SPDX data describing the packages licensing information for the package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data.
- Stakeholders and Interests:
- Upstream maintainers:
- To communicate the licensing information for their copyrightable artifacts.
- To have their licenses respected
- Intermediate Packager:
- To communicate the licensing information for their package
- To communicate the licensing information provided by the upstream maintainer.
- To respect the licenses of the upstream maintainer
- Consumers of packages:
- To receive accurate and clear information of licensing of packages
- To be able to comply easily with licenses for packages
- To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.
- To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
- Upstream maintainers:
- Preconditions:
- Upstream maintainer has provided SPDX data
- Main Success Senario: Packager communicates accurate complete licensing information for their package in an SPDX data format via all of the applicable SPDX delivery mechanisms.
- Failed End Condition: Package maintainer communicates inaccurate incomplete licensing information for their package.
- Trigger:
- Release of a new package
- Notes: This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.