Technical Team/Use Cases/2.0/Build System Yocto
THis is still a draft and not quite finiliazed but its close.
(quick bkurb in how Yocto works)
Person executing the build: To get SPDX documents for each package
Package Maintainer: To generate licensign information using SPDX
Yocto Project: To provide SPDX documents that describe the licensing of the artifacts provided by the build system.
Build System Provider: They provide a particular build system, for example for their product. They may also provide patches to Packages that the recipes pull.
Goal in Context: To generate a kernel/file syste image fo a hardware device or simulator using Yocto and to have SPDX documents that ddescribe te licensing for all copyrigthable artifacts,
Stakeholders and Interests:
Reference Implementation Provider:
- To communicate the licensing information for their copyrightable artifacts and the type of artifacts.
- To have their licenses respected
- To help consumers understand what they are getting.
Consumers of Reference Implementation artifacts:
- To receive accurate and clear information of licensing of artifacts
- To be able to comply easily with licenses for artifacts
- To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
- Upstream has selected licenses for the copyrightable artifacts originating with the project (package, files, etc)
- Upstream has indentified license data for other copyrightable artifacts they consume
Main Success Scenario: Reference Implementation Provider communicates accurate complete licensing information for their copyrightable artifacts in an SPDX data format.
Failed End Condition: Reference Implementation Provider communicates inaccurate incomplete licensing information for their copyrightable artifacts, or does not describe the type of artifact ..
- Reference implementation release (ship)
- Commit time?
- Checkout from a repository?
- Inclusion of external artifacts into the reference platform
- Posting of updated software for a reference implementation