THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Proposals/Rough proposal for provenance, hierarchy and aggregation, and supply chain friendliness in SPDX 2.0

From SPDX Wiki

< Technical Team‎ | Proposals

Revision as of 18:38, 5 December 2011 by Eaw (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

A desire has been expressed to be able to have SPDX be capable of expressing

Hiearchy ( package A contains packages B, C, etc)
Authentication ( we can know precisely who said what and when about a package)
How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer)

A rough example of this thought is shown in the diagram below, showing how the coreutils package might be represented:

<img src="http://spdx.org/system/files/spdxdoodle.jpg" alt="" width="586" height="372" />

Retrieved from "https://wiki.spdx.org/index.php?title=Technical_Team/Proposals/Rough_proposal_for_provenance,_hierarchy_and_aggregation,_and_supply_chain_friendliness_in_SPDX_2.0&oldid=1236"