https://wiki.spdx.org/index.php?title=Technical_Team/Use_Cases/2.0/Intermediate_packager_builds_source_package_from_upstream_source_that_does_not_provide_SPDX_data&feed=atom&action=historyTechnical Team/Use Cases/2.0/Intermediate packager builds source package from upstream source that does not provide SPDX data - Revision history2024-03-28T20:19:31ZRevision history for this page on the wikiMediaWiki 1.23.13https://wiki.spdx.org/index.php?title=Technical_Team/Use_Cases/2.0/Intermediate_packager_builds_source_package_from_upstream_source_that_does_not_provide_SPDX_data&diff=1907&oldid=prevMartinMichlmayr: Convert to MediaWiki syntax2013-03-07T13:19:24Z<p>Convert to MediaWiki syntax</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:19, 7 March 2013</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"><ol style="color: </del>#<del class="diffchange diffchange-inline">4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li><strong></del>Title:<del class="diffchange diffchange-inline"></strong>&nbsp;</del>Intermediate packager builds source package from upstream source that does not provide SPDX data<del class="diffchange diffchange-inline"></li><li><strong></del>Primary Actor:<del class="diffchange diffchange-inline"></strong>&nbsp;</del>Intermediate packager (someone building a rpm, deb, etc from upstream source)<del class="diffchange diffchange-inline"></li><li><strong></del>Goal in Context:<del class="diffchange diffchange-inline"></strong>&nbsp;</del>To include in the package SPDX data describing the packages licensing information for the package base even though the upstream project is not providing SPDX data.<del class="diffchange diffchange-inline"></li><li><strong></del>Stakeholders and Interests:<del class="diffchange diffchange-inline"></strong>&nbsp;<ol><li><strong></del>Upstream maintainers:<del class="diffchange diffchange-inline">&nbsp;</strong><ol><li></del>To communicate the licensing information for their copyrightable artifacts. <del class="diffchange diffchange-inline">&nbsp;</li><li></del>To have their licenses respected<del class="diffchange diffchange-inline"></li></ol></li><li><strong></del>Intermediate Packager:<del class="diffchange diffchange-inline"></strong><br /><ol><li></del>To communicate the licensing information for their package<del class="diffchange diffchange-inline"></li><li></del>To communicate the licensing information provided by the upstream maintainer.<del class="diffchange diffchange-inline"></li><li></del>To respect the licenses of the upstream maintainer<del class="diffchange diffchange-inline"></li></ol></li><li><strong></del>Consumers of packages:<del class="diffchange diffchange-inline"></strong><ol><li></del>To receive accurate and clear information of licensing of packages<del class="diffchange diffchange-inline"></li><li></del>To be able to comply easily with licenses for packages<del class="diffchange diffchange-inline"></li><li></del>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.<del class="diffchange diffchange-inline"></li><li></del>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.<del class="diffchange diffchange-inline"></li></ol></li></ol></li><li><strong></del>Preconditions:<del class="diffchange diffchange-inline"></strong>&nbsp;<ol><li></del>Packager has some means to understand the licensing information from the upstream source.<del class="diffchange diffchange-inline"></li></ol></li><li><strong></del>Main Success Senario:<del class="diffchange diffchange-inline"></strong>&nbsp;</del>Packager communicates accurate complete licensing information for their package in an SPDX data format via all of the applicable SPDX delivery mechanisms.<del class="diffchange diffchange-inline"></li><li><strong></del>Failed End Condition:<del class="diffchange diffchange-inline"></strong>&nbsp;</del>Package maintainer communicates inaccurate incomplete licensing information for their package.<del class="diffchange diffchange-inline"></li><li><strong></del>Trigger:<del class="diffchange diffchange-inline"></strong><ol><li></del>Release of a new package<del class="diffchange diffchange-inline"></li></ol></li><li><strong></del>Notes:<del class="diffchange diffchange-inline"></strong>&nbsp; </del>This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.<del class="diffchange diffchange-inline"></li></ol></del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div># <ins class="diffchange diffchange-inline">'''</ins>Title:<ins class="diffchange diffchange-inline">''' </ins>Intermediate packager builds source package from upstream source that does not provide SPDX data</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Primary Actor:<ins class="diffchange diffchange-inline">''' </ins>Intermediate packager (someone building a rpm, deb, etc from upstream source)</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Goal in Context:<ins class="diffchange diffchange-inline">''' </ins>To include in the package SPDX data describing the packages licensing information for the package base even though the upstream project is not providing SPDX data.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Stakeholders and Interests:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">## '''</ins>Upstream maintainers: <ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To communicate the licensing information for their copyrightable artifacts.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To have their licenses respected</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">## '''</ins>Intermediate Packager:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To communicate the licensing information for their package</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To communicate the licensing information provided by the upstream maintainer.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To respect the licenses of the upstream maintainer</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">## '''</ins>Consumers of packages:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To receive accurate and clear information of licensing of packages</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To be able to comply easily with licenses for packages</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">### </ins>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Preconditions:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">## </ins>Packager has some means to understand the licensing information from the upstream source.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Main Success Senario:<ins class="diffchange diffchange-inline">''' </ins>Packager communicates accurate complete licensing information for their package in an SPDX data format via all of the applicable SPDX delivery mechanisms.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Failed End Condition:<ins class="diffchange diffchange-inline">''' </ins>Package maintainer communicates inaccurate incomplete licensing information for their package.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Trigger:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">## </ins>Release of a new package</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"># '''</ins>Notes:<ins class="diffchange diffchange-inline">''' </ins>This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">[[Category:Technical]]</ins></div></td></tr>
</table>MartinMichlmayrhttps://wiki.spdx.org/index.php?title=Technical_Team/Use_Cases/2.0/Intermediate_packager_builds_source_package_from_upstream_source_that_does_not_provide_SPDX_data&diff=1906&oldid=prevKnewcomer at 19:00, 7 August 20122012-08-07T19:00:46Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 19:00, 7 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li><strong>Title:</strong>&nbsp;Intermediate packager builds source package from upstream source that does not provide SPDX data</li><li><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package base even though the upstream project is not providing SPDX data.</li><li><strong>Stakeholders and Interests:</strong>&nbsp;<ol><li><strong>Upstream maintainers:&nbsp;</strong><ol><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><strong>Intermediate Packager:</strong><br /><ol><li>To communicate the licensing information for their package</li><li>To communicate the licensing information provided by the upstream maintainer.</li><li>To respect the licenses of the upstream maintainer</li></ol></li><li><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li><strong>Preconditions:</strong>&nbsp;<ol><li>Packager has some means to understand the licensing information from the upstream source.</li></ol></li><li><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format <del class="diffchange diffchange-inline">in </li><ol><li></del>the <del class="diffchange diffchange-inline">package archive</del></li<del class="diffchange diffchange-inline">><li>or as a sidecar (URL)</li><li>or in the SCM</li></ol</del>><li><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li><strong>Notes:</strong>&nbsp; This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li><strong>Title:</strong>&nbsp;Intermediate packager builds source package from upstream source that does not provide SPDX data</li><li><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package base even though the upstream project is not providing SPDX data.</li><li><strong>Stakeholders and Interests:</strong>&nbsp;<ol><li><strong>Upstream maintainers:&nbsp;</strong><ol><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><strong>Intermediate Packager:</strong><br /><ol><li>To communicate the licensing information for their package</li><li>To communicate the licensing information provided by the upstream maintainer.</li><li>To respect the licenses of the upstream maintainer</li></ol></li><li><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li><strong>Preconditions:</strong>&nbsp;<ol><li>Packager has some means to understand the licensing information from the upstream source.</li></ol></li><li><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format <ins class="diffchange diffchange-inline">via all of </ins>the <ins class="diffchange diffchange-inline">applicable SPDX delivery mechanisms.</ins></li><li><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li><strong>Notes:</strong>&nbsp; This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol></div></td></tr>
</table>Knewcomerhttps://wiki.spdx.org/index.php?title=Technical_Team/Use_Cases/2.0/Intermediate_packager_builds_source_package_from_upstream_source_that_does_not_provide_SPDX_data&diff=1905&oldid=prevKnewcomer at 18:24, 7 August 20122012-08-07T18:24:06Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 18:24, 7 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li><strong>Title:</strong>&nbsp;Intermediate packager builds source package from upstream source that does not provide SPDX data</li><li><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package base even though the upstream project is not providing SPDX data.</li><li><strong>Stakeholders and Interests:</strong>&nbsp;<ol><li><strong>Upstream maintainers:&nbsp;</strong><ol><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><strong>Intermediate Packager:</strong><br /><ol><li>To communicate the licensing information for their package</li><li>To communicate the licensing information provided by the upstream maintainer.</li><li>To respect the licenses of the upstream maintainer</li></ol></li><li><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li><strong>Preconditions:</strong>&nbsp;<ol><li>Packager has some means to understand the licensing information from the upstream source.</li></ol></li><li><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format in the package archive<del class="diffchange diffchange-inline">.</del></li><li><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li><strong>Notes:</strong>&nbsp; This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li><strong>Title:</strong>&nbsp;Intermediate packager builds source package from upstream source that does not provide SPDX data</li><li><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package base even though the upstream project is not providing SPDX data.</li><li><strong>Stakeholders and Interests:</strong>&nbsp;<ol><li><strong>Upstream maintainers:&nbsp;</strong><ol><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><strong>Intermediate Packager:</strong><br /><ol><li>To communicate the licensing information for their package</li><li>To communicate the licensing information provided by the upstream maintainer.</li><li>To respect the licenses of the upstream maintainer</li></ol></li><li><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li><strong>Preconditions:</strong>&nbsp;<ol><li>Packager has some means to understand the licensing information from the upstream source.</li></ol></li><li><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format in <ins class="diffchange diffchange-inline"></li><ol><li></ins>the package archive</li<ins class="diffchange diffchange-inline">><li>or as a sidecar (URL)</li><li>or in the SCM</li></ol</ins>><li><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li><strong>Notes:</strong>&nbsp; This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol></div></td></tr>
</table>Knewcomerhttps://wiki.spdx.org/index.php?title=Technical_Team/Use_Cases/2.0/Intermediate_packager_builds_source_package_from_upstream_source_that_does_not_provide_SPDX_data&diff=1904&oldid=prevEaw at 14:57, 22 May 20122012-05-22T14:57:49Z<p></p>
<p><b>New page</b></p><div><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li><strong>Title:</strong>&nbsp;Intermediate packager builds source package from upstream source that does not provide SPDX data</li><li><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package base even though the upstream project is not providing SPDX data.</li><li><strong>Stakeholders and Interests:</strong>&nbsp;<ol><li><strong>Upstream maintainers:&nbsp;</strong><ol><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><strong>Intermediate Packager:</strong><br /><ol><li>To communicate the licensing information for their package</li><li>To communicate the licensing information provided by the upstream maintainer.</li><li>To respect the licenses of the upstream maintainer</li></ol></li><li><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li><strong>Preconditions:</strong>&nbsp;<ol><li>Packager has some means to understand the licensing information from the upstream source.</li></ol></li><li><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format in the package archive.</li><li><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li><strong>Notes:</strong>&nbsp; This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol></div>Eaw