THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Use Cases/2.0/Communicate data beyond what is described in spec

From SPDX Wiki
< Technical Team‎ | Use Cases/2.0
Revision as of 21:35, 15 May 2012 by Pezra (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A vendor might want to convey information about a package that is not representable using standard SPDX inside the SDPX file. Currently this would require the purveyors of that file to not use the SPDX name or logo regarding the file, even if all compliant SPDX consumers would be able to consume it without error.

Stakeholders and interests

SPDX producer

The person or organization that is producing the SPDX and wish to extend it with non-standard information.

standard SPDX consumer

A person, organization or tool that can read and process standard SPDX data but is not aware of the non-standard extensions being used by "SPDX producer".

extended SPDX consumer

A person, organization or tool that can read and process the non-standard extensions used by "SPDX producer" as well as standard SPDX data.


Main success scenario

  1. SPDX producer analyzes the package for all the standard SPDX data
  2. SPDX producer analyzes the package for the list actions they believe are required to comply with the licensing of the package
  3. SPDX producer generates an SPDX file which included both the standard SPDX data and the compliance checklist
  4. SPDX producer publishes this file on their website as a "SPDX file for package X"
    1. An extended SPDX consumer downloads the SPDX file and uses the checklist to ensure they are meeting their licensing obligations
    2. A standard SPDX consumer downloads the SPDX file and uses the standard data as input into their compliance processes