THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Proposals/SPDX 2.0 Model Proposals"

From SPDX Wiki
Jump to: navigation, search
(No difference)

Revision as of 17:59, 14 September 2012

 

This page brings together various modelling proposals for 2.0 under a common page. The models currently under discusson are shown below with a brief excerpt from the page:

 

1. <a title="Rough Conceptual Model" href="http://spdx.org/wiki/yet-another-rough-proposal-conceptual-model-spdx-2%20">Rough Conceptual Model</a>

"This conceptual model is an attempt to incrementally add hierarchy and provenance capabilities to the existing SPDX model. Many of the <a href="http://spdx.org/wiki/spdx-20-use-cases">use cases</a> have been considered but further analysis is necessary to ensure that this model covers all scenarios. ..."

 

2. <a title="Supply Chain Model" href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">Provenance and Supply Chain Model </a>

" A desire has been expressed to be able to have SPDX be capable of expressing

  1. <a href="http://spdx.org/wiki/sdpx-20-provenance">Provenance</a> (we can know precisely who said what and when about a package)
  2. Hiearchy and Aggregation ( package A contains packages B, C, etc)
  3. How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer) ..."

 

3. <a title="Merged Model Proposal" href="http://www.spdx.org/wiki/2012-feb-1-merged-model-proposal">Merged Model Proposal</a>

"Below is a class diagram merging Ed Warnicke's proposed SPDX Element model with the 1.0 model.  Definately a work in progress.  Most of the class definitions can be found in the 1.0 spec in the RDF appendix (model) or in Ed's proposal (<a href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20</a>).

The goals of this proposal are to:

- Support the use cases for the 1.0 spec

- Support the supply chain use cases

- Support the "hierarchical" or embedded package use cases

- Provide a more abstract model which can simplify the application of SPDX to some of the more complex use cases ... "

 

 

 

Retrieved from "https://wiki.spdx.org/index.php?title=Technical_Team/Proposals/SPDX_2.0_Model_Proposals&oldid=2136"