Difference between revisions of "Technical Team/Use Cases/2.0/Intermediate packager builds source package from upstream source that provides SPDX data"

From SPDX Wiki
Jump to: navigation, search
Line 1: Line 1:
<ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Title:</strong>&nbsp;Intermediate packager builds source package from upstream source that provides SPDX data</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data.</li><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Stakeholders and Interests:</strong><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">&nbsp;</span><ol><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Upstream maintainers:&nbsp;</strong><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;"><strong>Intermediate Packager:</strong><br /></span></li><ol><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information for their package</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information provided by the upstream maintainer.</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To respect the licenses of the upstream maintainer</span></li></ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Preconditions:</strong>&nbsp;<ol><li>Upstream maintainer has provided SPDX data</li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format in the package archive.</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Notes:</strong>&nbsp; This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol>
+
<ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Title:</strong>&nbsp;Intermediate packager builds source package from upstream source that provides SPDX data</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Primary Actor:</strong>&nbsp;Intermediate packager (someone building a rpm, deb, etc from upstream source)</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Goal in Context:</strong>&nbsp;To include in the package SPDX data describing the packages licensing information for the package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data.</li><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Stakeholders and Interests:</strong><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">&nbsp;</span><ol><li><strong style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Upstream maintainers:&nbsp;</strong><ol style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><li>To communicate the licensing information for their copyrightable artifacts. &nbsp;</li><li>To have their licenses respected</li></ol></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;"><strong>Intermediate Packager:</strong><br /></span></li><ol><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information for their package</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To communicate the licensing information provided by the upstream maintainer.</span></li><li><span style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: small;">To respect the licenses of the upstream maintainer</span></li></ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Consumers of packages:</strong><ol><li>To receive accurate and clear information of licensing of packages</li><li>To be able to comply easily with licenses for packages</li><li>To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.</li><li>To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol></li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Preconditions:</strong>&nbsp;<ol><li>Upstream maintainer has provided SPDX data</li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Main Success Senario:</strong>&nbsp;Packager communicates accurate complete licensing information for their package in an SPDX data format in </li><ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">the package archive</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">or as a sidecar (file URL)</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">or in the SCM</li></ol><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Failed End Condition:</strong>&nbsp;Package maintainer communicates inaccurate incomplete licensing information for their package.</li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Trigger:</strong><ol><li>Release of a new package</li></ol></li><li style="color: #4d4d4d; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><strong>Notes:</strong>&nbsp; This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.</li></ol>

Revision as of 18:21, 7 August 2012

  1. Title: Intermediate packager builds source package from upstream source that provides SPDX data
  2. Primary Actor: Intermediate packager (someone building a rpm, deb, etc from upstream source)
  3. Goal in Context: To include in the package SPDX data describing the packages licensing information for the package base upon the SPDX data provided by the upstream source in a way that allows the packager to verifiably reference the upstream packagers SPDX data.
  4. Stakeholders and Interests: 
    1. Upstream maintainers: 
      1. To communicate the licensing information for their copyrightable artifacts.  
      2. To have their licenses respected
    2. Intermediate Packager:
      1. To communicate the licensing information for their package
      2. To communicate the licensing information provided by the upstream maintainer.
      3. To respect the licenses of the upstream maintainer
    3. Consumers of packages:
      1. To receive accurate and clear information of licensing of packages
      2. To be able to comply easily with licenses for packages
      3. To be able to trust that the package SPDX data is in alignment with the upstream maintainers license assertions.
      4. To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
  5. Preconditions: 
    1. Upstream maintainer has provided SPDX data
  6. Main Success Senario: Packager communicates accurate complete licensing information for their package in an SPDX data format in
    1. the package archive
    2. or as a sidecar (file URL)
    3. or in the SCM
  7. Failed End Condition: Package maintainer communicates inaccurate incomplete licensing information for their package.
  8. Trigger:
    1. Release of a new package
  9. Notes:  This is a base case, it is well understood that packagers both add to the upstream source, but also subset it.