Technical Team/Use Cases/2.0/Build System Yocto

From SPDX Wiki
Jump to: navigation, search

THis is still a draft and not quite finiliazed but its close.

Title:  Yocto

Background: 

(quick bkurb in how Yocto works)

Also see <a href="http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html">http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html</a> 

Primary Actor:

Person executing the build: To get SPDX documents for each package
Package Maintainer: To generate licensign information using SPDX
Yocto Project: To provide SPDX documents that describe the licensing of the artifacts provided by the build system.
Build System Provider: They provide a particular build system, for example for their product. They may also provide patches to Packages that the recipes pull.

Goal in Context:  To generate a kernel/file syste  image fo a hardware device or simulator using Yocto and to have SPDX documents that ddescribe te licensing for all copyrigthable artifacts,

Stakeholders and Interests: 

Reference Implementation Provider: 

  1. To communicate the licensing information for their copyrightable artifacts and the type of artifacts.
  2. To have their licenses respected
  3. To help consumers understand what they are getting.

Consumers of Reference Implementation artifacts:

  1. To receive accurate and clear information of licensing of artifacts
  2. To be able to comply easily with licenses for artifacts
  3. To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.

Preconditions: 

  1. Upstream has selected licenses for the copyrightable artifacts originating with the project (package, files, etc)
  2. Upstream has indentified license data for other copyrightable artifacts they consume

Main Success Scenario: Reference Implementation Provider communicates accurate complete licensing information for their copyrightable artifacts in an SPDX data format.

Failed End Condition: Reference Implementation Provider communicates inaccurate incomplete licensing information for their copyrightable artifacts, or does not describe the type of artifact ..

Trigger:

  1. Reference implementation release (ship)
  2. Commit time?
  3. Checkout from a repository?
  4. Inclusion of external artifacts into the reference platform
  5. Posting of updated software for a reference implementation

Notes: