THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Difference between revisions of "Technical Team/Use Cases/2.0/Communicate data beyond what is described in spec"
From SPDX Wiki
Bschineller (Talk | contribs) |
|||
Line 1: | Line 1: | ||
− | <p>A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes). </p> | + | <p>A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes).</p><h3>Stakeholders and interests</h3><ul><li><strong>SPDX producer</strong><p>The person or organization that is producing the SPDX and wish to extend it with non-standard information.</p></li><li><strong>standard SPDX consumer</strong><p>A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".</p></li><li><strong>extended SPDX consumer</strong><p>A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.</p></li></ul><h3>Main scenario</h3><ol><li>SPDX producer analyzes the package for all the standard SPDX data</li><li>SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package</li><li>SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist</li><li>SPDX producer publishes this file on their website as a "SPDX file for package X"</li><li>An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations</li></ol><h3>Alternate scenario A</h3><ol><li>SPDX producer analyzes the package for all the standard SPDX data</li><li>SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package</li><li>SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist</li><li>SPDX producer publishes this file on their website as a "SPDX file for package X"</li><li>A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes</li></ol><p><strong>Failed scenario</strong></p><ol><li><strong>Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.</strong></li></ol> |
− | + | ||
− | <h3>Stakeholders and interests</h3> | + | |
− | + | ||
− | <ul> | + | |
− | <li><strong>SPDX producer</strong> | + | |
− | <p>The person or organization that is producing the SPDX and wish to extend it with non-standard information.</p></li> | + | |
− | + | ||
− | <li><strong>standard SPDX consumer</strong> | + | |
− | <p>A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".</p></li> | + | |
− | + | ||
− | <li><strong>extended SPDX consumer</strong> | + | |
− | <p>A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.</p></li> | + | |
− | </ul> | + | |
− | + | ||
− | <h3>Main scenario</h3> | + | |
− | + | ||
− | <ol> | + | |
− | <li>SPDX producer analyzes the package for all the standard SPDX data</li> | + | |
− | <li>SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package</li> | + | |
− | <li>SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist</li> | + | |
− | <li>SPDX producer publishes this file on their website as a "SPDX file for package X"</li> | + | |
− | <li>An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations</li> | + | |
− | </ol> | + | |
− | + | ||
− | <h3>Alternate scenario A</h3> | + | |
− | + | ||
− | <ol> | + | |
− | <li>SPDX producer analyzes the package for all the standard SPDX data</li> | + | |
− | <li>SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package</li> | + | |
− | <li>SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist</li> | + | |
− | <li>SPDX producer publishes this file on their website as a "SPDX file for package X"</li> | + | |
− | <li>A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes</li> | + | |
− | </ol> | + |
Revision as of 18:43, 2 October 2012
A vendor wants to embed information about a package in its SPDX file that is not representable using standard SPDX fields (and/or classes).
Stakeholders and interests
- SPDX producer
The person or organization that is producing the SPDX and wish to extend it with non-standard information.
- standard SPDX consumer
A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".
- extended SPDX consumer
A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.
Main scenario
- SPDX producer analyzes the package for all the standard SPDX data
- SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
- SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
- SPDX producer publishes this file on their website as a "SPDX file for package X"
- An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations
Alternate scenario A
- SPDX producer analyzes the package for all the standard SPDX data
- SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
- SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
- SPDX producer publishes this file on their website as a "SPDX file for package X"
- A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes
Failed scenario
- Fails if the extensions "break" 'standard consumer/tools' such that they can't even process the standard stuff.