THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Use Cases/2.0/Communicate data beyond what is described in spec"

From SPDX Wiki
Jump to: navigation, search
(Convert to MediaWiki syntax)
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<p>A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes). </p>
+
A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes).
  
<h3>Stakeholders and interests</h3>
+
==Stakeholders and interests==
  
<h4>SPDX producer</h4>
+
* '''SPDX producer'''The person or organization that is producing the SPDX and wish to extend it with non-standard information.
 +
* '''standard SPDX consumer'''A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".
 +
* '''extended SPDX consumer'''A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.
  
<p>The person or organization that is producing the SPDX and wish to extend it with non-standard information.</p>
+
==Main scenario==
  
<h4>standard SPDX consumer</h4>
+
# SPDX producer analyzes the package for all the standard SPDX data
 +
# SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
 +
# SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
 +
# SPDX producer publishes this file on their website as a "SPDX file for package X"
 +
# An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations
  
<p>A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".</p>
+
==Alternate scenario A==
  
<h4>extended SPDX consumer</h4>
+
# SPDX producer analyzes the package for all the standard SPDX data
 +
# SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
 +
# SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
 +
# SPDX producer publishes this file on their website as a "SPDX file for package X"
 +
# A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes
  
<p>A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.</p>
+
== Failed scenario ==
  
 +
# '''Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.'''
  
<h3>Main success scenario</h3>
+
[[Category:Technical]]
 
+
<ol>
+
<li>SPDX producer analyzes the package for all the standard SPDX data</li>
+
<li>SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package</li>
+
<li>SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist</li>
+
<li>SPDX producer publishes this file on their website as a "SPDX file for package X"</li>
+
<li>
+
<ol style="list-style-type: lower-latin;">
+
<li>An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations</li>
+
<li>A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes</li>
+
</ol>
+
</ol>
+

Latest revision as of 13:17, 7 March 2013

A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes).

Stakeholders and interests

  • SPDX producerThe person or organization that is producing the SPDX and wish to extend it with non-standard information.
  • standard SPDX consumerA person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".
  • extended SPDX consumerA person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.

Main scenario

  1. SPDX producer analyzes the package for all the standard SPDX data
  2. SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
  3. SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
  4. SPDX producer publishes this file on their website as a "SPDX file for package X"
  5. An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations

Alternate scenario A

  1. SPDX producer analyzes the package for all the standard SPDX data
  2. SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
  3. SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
  4. SPDX producer publishes this file on their website as a "SPDX file for package X"
  5. A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes

Failed scenario

  1. Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.