THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Proposals/SPDX 2.0 Model Proposals

From SPDX Wiki
< Technical Team‎ | Proposals
Revision as of 19:10, 21 August 2012 by JackM (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

 

3. This page brings together various modelling proposals for 2.0 under a common page.

 

The models currently under discusson are:

 

1. <a title="Rough Conceptual Model" href="http://spdx.org/wiki/yet-another-rough-proposal-conceptual-model-spdx-2%20">Rough Conceptual Model</a>

"This conceptual model is an attempt to incrementally add hierarchy and provenance capabilities to the existing SPDX model. Many of the <a href="http://spdx.org/wiki/spdx-20-use-cases">use cases</a> have been considered but further analysis is necessary to ensure that this model covers all scenarios. ..."

 

2. <a title="Supply Chain Model" href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">Provenance and Supply Chain Model </a>

" A desire has been expressed to be able to have SPDX be capable of expressing

 

 

  1. <a href="http://spdx.org/wiki/sdpx-20-provenance">Provenance</a> (we can know precisely who said what and when about a package)
  2. Hiearchy and Aggregation ( package A contains packages B, C, etc)
  3. How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer) ..."

 

3. <a title="Merged Model Proposal" href="http://www.spdx.org/wiki/2012-feb-1-merged-model-proposal">Merged Model Proposal</a>

"Below is a class diagram merging Ed Warnicke's proposed SPDX Element model with the 1.0 model.  Definately a work in progress.  Most of the class definitions can be found in the 1.0 spec in the RDF appendix (model) or in Ed's proposal (<a href="http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20">http://spdx.org/wiki/rough-proposal-hierarchy-signing-and-supply-chain-friendliness-spdx-20</a>).

The goals of this proposal are to:

- Support the use cases for the 1.0 spec

- Support the supply chain use cases

- Support the "hierarchical" or embedded package use cases

- Provide a more abstract model which can simplify the application of SPDX to some of the more complex use cases ... "