Difference between revisions of "Technical Team/Proposals/Rough proposal for provenance, hierarchy and aggregation, and supply chain friendliness in SPDX 2.0"

Revision as of 18:38, 5 December 2011

A desire has been expressed to be able to have SPDX be capable of expressing

Hiearchy ( package A contains packages B, C, etc)
Authentication ( we can know precisely who said what and when about a package)
How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer)

A rough example of this thought is shown in the diagram below, showing how the coreutils package might be represented:

Revision as of 18:09, 5 December 2011 (view source) Eaw (Talk \| contribs)		Revision as of 18:38, 5 December 2011 (view source) Eaw (Talk \| contribs) Newer edit →
Line 1:		Line 1:
−	<p>A desire has been expressed to be able to have SPDX be capable of expressing</p><p> </p><ol><li>Hiearchy ( package A contains packages B, C, etc)</li><li>Authentication ( we can know precisely who said what and when about a package)</li><li>How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer)</li></ol><p>A rough example of this thought is shown in the diagram below, showing how the coreutils package might be represented:</p><p> </p><p> </p><p><br /><br /></p>	+	<p>A desire has been expressed to be able to have SPDX be capable of expressing</p><p> </p><ol><li>Hiearchy ( package A contains packages B, C, etc)</li><li>Authentication ( we can know precisely who said what and when about a package)</li><li>How software flows through a supply chain (upstream to packager, through several intermediate vendors to consumer)</li></ol><p>A rough example of this thought is shown in the diagram below, showing how the coreutils package might be represented:</p><p> <img src="http://spdx.org/system/files/spdxdoodle.jpg" alt="" width="586" height="372" /></p><p> </p><p><br /><br /></p>