THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Third party produces bill of materials for software package"
From SPDX Wiki
Line 19: | Line 19: | ||
<li>Auditor evaluates evidence and identifies most likely licensing and rights holders</li> | <li>Auditor evaluates evidence and identifies most likely licensing and rights holders</li> | ||
<li>Auditor provides SPDX data to auditee</li> | <li>Auditor provides SPDX data to auditee</li> | ||
− | <li> | + | <li>Legal staff at auditee look at concluded licensing and right holder and take any necessary actions to comply with the licenses</li> |
</ol> | </ol> |
Revision as of 22:43, 10 May 2012
A customer requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the code base
Stackholders and Interests
- Auditee
- The organization in possession of the code that wants to understand the licensing and rights holders of that code.
- Auditor
- Third party that need to analyze the codebase and inform the auditee of what the licensing is and who the rights holders are.
Main Success Scenario
- Auditee delivers code to auditor
- Auditor extracts licensing and copyright information from files
- Auditor evaluates evidence and identifies most likely licensing and rights holders
- Auditor provides SPDX data to auditee
- Legal staff at auditee look at concluded licensing and right holder and take any necessary actions to comply with the licenses