THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Use Cases/2.0/SPDX data indicating subset of the source that made it into a particular binary or binary package
From SPDX Wiki
- Title: SPDX data indicating subset of the source that made it into a particular binary or binary package
- Primary Actor: Builder of binary copyrightable artifact
- Goal in Context: To be able to indicate the SPDX data for the source code copyrightable artifacts that made their way into a particular copyrightable binary artifacts.
- Stakeholders and Interests:
- Binary Builder:
- To communicate the licensing information for their binary copyrightable artifact, including what source files where built into it and a reference to their SPDX data.
- To have their licenses respected
- To help consumers understand what they are getting.
- Consumers of application copyrightable artifacts:
- To receive accurate and clear information of licensing of artifacts
- To be able to comply easily with licenses for artifacts
- To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
- Binary Builder:
- Binary builder has some way to understand what source is built into their binary
- Binary builder has some understanding of the license informatino for the source built into their binary and an expression of it in SPDX form.
- Main Success Scenario: Binary builder builds a binary from a selection of source code files and can indicate exactly the SPDX data for that binary by referencing the source files SPDX data.
- Failed End Condition: Binary builder builds a binary from a selection of source code files and cannot indicate exactly the SPDX data for that binary by referencing the source files SPDX data.
- Binary build time
- Commit time?