THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Use Cases/2.0/License list extension

From SPDX Wiki
< Technical Team‎ | Use Cases/2.0
Revision as of 22:56, 15 May 2012 by Pezra (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

An organization that does a lot of compliance work is likely to have a license list already which is a superset of the SPDX license list. Such an organization probably will have policies for how to deal with at least some of these licenses. It is important that organizations be able identify the equivalency of these non-SPDX listed license texts/notices.

Stakeholders and interests

Analyzer<h3>

A person or organization which produced the SDPX file and maintains their own license list.

<h3>Consumer

A person, organization or tool which wants to consume SPDX files produced by one or more analyzer. This entity maintains its own license list and policies for those licenses. This license list partially overlaps with each of the Analyzers' license lists. The Consumer maintains mappings between its list and those of the analyzers from which it receives SPDX files.

Main success Scenario<h2>
  1. Analyzer analyzes a package and finds licenses it recognizes that are not listed on <http://spdx.org/licenses>
  2. Analyzer passes SPDX data to Consumer
  3. For each SPDX listed license Consumer performs appropriate action based on its policy for that license
  4. For each non-SPDX listed license Consumer maps from the globally unique id of the license in the Anaylzer's license list to the license in it's list and performs appropriate action based on its policy for that license

Retrieved from "https://wiki.spdx.org/index.php?title=Technical_Team/Use_Cases/2.0/License_list_extension&oldid=1857"