THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Use Cases/2.0/Intermediate packager adds someone elses patches to upstream source that does not provide SPDX data"

From SPDX Wiki
Jump to: navigation, search
 
(Convert to MediaWiki syntax)
 
Line 1: Line 1:
<ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li><strong>Title:</strong>&nbsp;Intermediate packager adds someone else's patches to upstream source that does not provide SPDX data</li><li><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package when the upstream source does not provide SPDX data and also to include SPDX data describing the additions (patches) to the upstream source that came from a 3rd party.</li><li><strong>Stakeholders and Interests:</strong>&nbsp;<ol><li><strong>Upstream maintainers:&nbsp;</strong><ol><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><strong>Third party patch provider:</strong></li><ol><li><strong><span style="font-weight: normal;">To have their licenses respected</span></strong></li></ol><li><strong>Intermediate Packager:</strong><br /><ol><li>To communicate the licensing information for their package</li><li>To communicate the licensing information for the additions (patches) to the upstream source that came from a 3rd party.</li><li>To communicate the licensing information provided by the upstream maintainer.</li><li>To respect the licenses of the upstream maintainer</li></ol></li><li><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To receive accurate and clear information of the licensing of the additions (patches) to the upstream source that came from a 3rd party.</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li><strong>Preconditions:</strong>&nbsp;<ol><li>Packager has some understanding of upstreams licensing.</li><li>Package maintainer knows the license for the 3rd party additions (patches) to the upstream source</li></ol></li><li><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format in the package archive.</li><li><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li><strong>Notes:</strong>&nbsp;&nbsp;</li></ol>
+
# '''Title:''' Intermediate packager adds someone else's patches to upstream source that does not provide SPDX data
 +
# '''Primary Actor:''' Intermediate packager (someone building a rpm, deb, etc from upstream source)
 +
# '''Goal in Context:''' To include in the package SPDX data describing the packages licensing information for the package when the upstream source does not provide SPDX data and also to include SPDX data describing the additions (patches) to the upstream source that came from a 3rd party.
 +
# '''Stakeholders and Interests:'''
 +
## '''Upstream maintainers: '''
 +
### To communicate the licensing information for their copyrightable artifacts.
 +
### To have their licenses respected
 +
## '''Third party patch provider:'''
 +
### '''To have their licenses respected'''
 +
## '''Intermediate Packager:'''
 +
### To communicate the licensing information for their package
 +
### To communicate the licensing information for the additions (patches) to the upstream source that came from a 3rd party.
 +
### To communicate the licensing information provided by the upstream maintainer.
 +
### To respect the licenses of the upstream maintainer
 +
## '''Consumers of packages:'''
 +
### To receive accurate and clear information of licensing of packages
 +
### To receive accurate and clear information of the licensing of the additions (patches) to the upstream source that came from a 3rd party.
 +
### To be able to comply easily with licenses for packages
 +
### To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.
 +
### To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
 +
# '''Preconditions:'''
 +
## Packager has some understanding of upstreams licensing.
 +
## Package maintainer knows the license for the 3rd party additions (patches) to the upstream source
 +
# '''Main Success Senario:''' Packager communicates accurate complete licensing information for their package in an SPDX data format in the package archive.
 +
# '''Failed End Condition:''' Package maintainer communicates inaccurate incomplete licensing information for their package.
 +
# '''Trigger:'''
 +
## Release of a new package
 +
# '''Notes:'''
 +
 
 +
[[Category:Technical]]

Latest revision as of 13:19, 7 March 2013

  1. Title: Intermediate packager adds someone else's patches to upstream source that does not provide SPDX data
  2. Primary Actor: Intermediate packager (someone building a rpm, deb, etc from upstream source)
  3. Goal in Context: To include in the package SPDX data describing the packages licensing information for the package when the upstream source does not provide SPDX data and also to include SPDX data describing the additions (patches) to the upstream source that came from a 3rd party.
  4. Stakeholders and Interests:
    1. Upstream maintainers:
      1. To communicate the licensing information for their copyrightable artifacts.
      2. To have their licenses respected
    2. Third party patch provider:
      1. To have their licenses respected
    3. Intermediate Packager:
      1. To communicate the licensing information for their package
      2. To communicate the licensing information for the additions (patches) to the upstream source that came from a 3rd party.
      3. To communicate the licensing information provided by the upstream maintainer.
      4. To respect the licenses of the upstream maintainer
    4. Consumers of packages:
      1. To receive accurate and clear information of licensing of packages
      2. To receive accurate and clear information of the licensing of the additions (patches) to the upstream source that came from a 3rd party.
      3. To be able to comply easily with licenses for packages
      4. To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.
      5. To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
  5. Preconditions:
    1. Packager has some understanding of upstreams licensing.
    2. Package maintainer knows the license for the 3rd party additions (patches) to the upstream source
  6. Main Success Senario: Packager communicates accurate complete licensing information for their package in an SPDX data format in the package archive.
  7. Failed End Condition: Package maintainer communicates inaccurate incomplete licensing information for their package.
  8. Trigger:
    1. Release of a new package
  9. Notes: