THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Communicate data beyond what is described in spec"
From SPDX Wiki
Bschineller (Talk | contribs) |
(Convert to MediaWiki syntax) |
||
Line 1: | Line 1: | ||
− | + | A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes). | |
+ | |||
+ | ==Stakeholders and interests== | ||
+ | |||
+ | * '''SPDX producer'''The person or organization that is producing the SPDX and wish to extend it with non-standard information. | ||
+ | * '''standard SPDX consumer'''A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer". | ||
+ | * '''extended SPDX consumer'''A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data. | ||
+ | |||
+ | ==Main scenario== | ||
+ | |||
+ | # SPDX producer analyzes the package for all the standard SPDX data | ||
+ | # SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package | ||
+ | # SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist | ||
+ | # SPDX producer publishes this file on their website as a "SPDX file for package X" | ||
+ | # An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations | ||
+ | |||
+ | ==Alternate scenario A== | ||
+ | |||
+ | # SPDX producer analyzes the package for all the standard SPDX data | ||
+ | # SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package | ||
+ | # SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist | ||
+ | # SPDX producer publishes this file on their website as a "SPDX file for package X" | ||
+ | # A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes | ||
+ | |||
+ | == Failed scenario == | ||
+ | |||
+ | # '''Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.''' | ||
+ | |||
+ | [[Category:Technical]] |
Latest revision as of 13:17, 7 March 2013
A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes).
Stakeholders and interests
- SPDX producerThe person or organization that is producing the SPDX and wish to extend it with non-standard information.
- standard SPDX consumerA person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".
- extended SPDX consumerA person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.
Main scenario
- SPDX producer analyzes the package for all the standard SPDX data
- SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
- SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
- SPDX producer publishes this file on their website as a "SPDX file for package X"
- An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations
Alternate scenario A
- SPDX producer analyzes the package for all the standard SPDX data
- SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
- SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
- SPDX producer publishes this file on their website as a "SPDX file for package X"
- A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes
Failed scenario
- Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.