THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Third party produces bill of materials for software package"
From SPDX Wiki
Line 1: | Line 1: | ||
− | <p>An organization desires to understand the legal obligations associated with their intended use of a software | + | <p>An organization desires to understand the legal obligations associated with their intended use of a software package. To gain insight the organization requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the codebase.</p> |
<h3>Stackholders and Interests</h3> | <h3>Stackholders and Interests</h3> |
Revision as of 22:58, 10 May 2012
An organization desires to understand the legal obligations associated with their intended use of a software package. To gain insight the organization requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the codebase.
Stackholders and Interests
- Auditee
- The organization in possession of the code that wants to understand the licensing and rights holders of that code.
- Auditor
- Third party that need to analyze the codebase and inform the auditee of what the licensing is and who the rights holders are.
Main Success Scenario
- Auditee delivers code to auditor
- Auditor extracts licensing and copyright information from files
- Auditor determines the following for every file in code base:
- Rights holders
- Licensing terms
- membership in a package/component which is included in the codebase
- Auditor provides above data to auditee
- Legal staff at auditee looks at concluded licensing and right holder and take any necessary actions to comply with the licenses