THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Proposals/Rough proposal for provenance, hierarchy and aggregation, and supply chain friendliness in SPDX 2.0"
From SPDX Wiki
< Technical Team | Proposals
Line 1: | Line 1: | ||
− | <p>A desire has been expressed to be able to have SPDX be capable of expressing</p><p> </p><ol><li>Hiearchy ( package A contains packages B, C, etc)</li><li>Authentication ( we can know precisely who said what and when about a package)</li><li>How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer)</li></ol><p>A rough example of this thought is shown in the diagram below, showing how the coreutils package might be represented:</p><p> </p><p> </p><p><br /><br /></p> | + | <p>A desire has been expressed to be able to have SPDX be capable of expressing</p><p> </p><ol><li>Hiearchy ( package A contains packages B, C, etc)</li><li>Authentication ( we can know precisely who said what and when about a package)</li><li>How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer)</li></ol><p>A rough example of this thought is shown in the diagram below, showing how the coreutils package might be represented:</p><p> <img src="http://spdx.org/system/files/spdxdoodle.jpg" alt="" width="586" height="372" /></p><p> </p><p><br /><br /></p> |
Revision as of 18:38, 5 December 2011
A desire has been expressed to be able to have SPDX be capable of expressing
- Hiearchy ( package A contains packages B, C, etc)
- Authentication ( we can know precisely who said what and when about a package)
- How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer)
A rough example of this thought is shown in the diagram below, showing how the coreutils package might be represented:
<img src="http://spdx.org/system/files/spdxdoodle.jpg" alt="" width="586" height="372" />