THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Third party produces bill of materials for software package"
From SPDX Wiki
Line 1: | Line 1: | ||
− | <p> | + | <p>An organization desires to understand the legal obligations associated with their intended use of a software packages. To gain insight the organization requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the codebase.</p> |
<h3>Stackholders and Interests</h3> | <h3>Stackholders and Interests</h3> | ||
Line 17: | Line 17: | ||
<li>Auditee delivers code to auditor</li> | <li>Auditee delivers code to auditor</li> | ||
<li>Auditor extracts licensing and copyright information from files</li> | <li>Auditor extracts licensing and copyright information from files</li> | ||
− | <li>Auditor | + | <li>Auditor determines the following for every file in code base: |
− | <li>Auditor provides | + | <ul> |
− | <li>Legal staff at auditee | + | <li>Rights holders</li> |
+ | <li>Licensing terms</li> | ||
+ | <li>membership in a package/component which is included in the codebase</li> | ||
+ | </ul> | ||
+ | </li> | ||
+ | <li>Auditor provides above data to auditee</li> | ||
+ | <li>Legal staff at auditee looks at concluded licensing and right holder and take any necessary actions to comply with the licenses</li> | ||
</ol> | </ol> |
Revision as of 22:53, 10 May 2012
An organization desires to understand the legal obligations associated with their intended use of a software packages. To gain insight the organization requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the codebase.
Stackholders and Interests
- Auditee
- The organization in possession of the code that wants to understand the licensing and rights holders of that code.
- Auditor
- Third party that need to analyze the codebase and inform the auditee of what the licensing is and who the rights holders are.
Main Success Scenario
- Auditee delivers code to auditor
- Auditor extracts licensing and copyright information from files
- Auditor determines the following for every file in code base:
- Rights holders
- Licensing terms
- membership in a package/component which is included in the codebase
- Auditor provides above data to auditee
- Legal staff at auditee looks at concluded licensing and right holder and take any necessary actions to comply with the licenses