THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Use Cases/2.0/Third party produces bill of materials for software package"

From SPDX Wiki
Jump to: navigation, search
Line 1: Line 1:
<p>A customer requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the code base</p>
+
<p>An organization desires to understand the legal obligations associated with their intended use of a software packages. To gain insight the organization requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the codebase.</p>
  
 
<h3>Stackholders and Interests</h3>
 
<h3>Stackholders and Interests</h3>
Line 17: Line 17:
 
<li>Auditee delivers code to auditor</li>
 
<li>Auditee delivers code to auditor</li>
 
<li>Auditor extracts licensing and copyright information from files</li>
 
<li>Auditor extracts licensing and copyright information from files</li>
<li>Auditor evaluates evidence and identifies most likely licensing and rights holders</li>
+
<li>Auditor determines the following for every file in code base:
<li>Auditor provides SPDX data to auditee</li>
+
  <ul>
<li>Legal staff at auditee look at concluded licensing and right holder and take any necessary actions to comply with the licenses</li>
+
    <li>Rights holders</li>
 +
    <li>Licensing terms</li>
 +
    <li>membership in a package/component which is included in the codebase</li>
 +
  </ul>
 +
</li>
 +
<li>Auditor provides above data to auditee</li>
 +
<li>Legal staff at auditee looks at concluded licensing and right holder and take any necessary actions to comply with the licenses</li>
 
</ol>
 
</ol>

Revision as of 22:53, 10 May 2012

An organization desires to understand the legal obligations associated with their intended use of a software packages. To gain insight the organization requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the codebase.

Stackholders and Interests

Auditee
The organization in possession of the code that wants to understand the licensing and rights holders of that code.
Auditor
Third party that need to analyze the codebase and inform the auditee of what the licensing is and who the rights holders are.

Main Success Scenario

  1. Auditee delivers code to auditor
  2. Auditor extracts licensing and copyright information from files
  3. Auditor determines the following for every file in code base:
    • Rights holders
    • Licensing terms
    • membership in a package/component which is included in the codebase
  4. Auditor provides above data to auditee
  5. Legal staff at auditee looks at concluded licensing and right holder and take any necessary actions to comply with the licenses
Retrieved from "https://wiki.spdx.org/index.php?title=Technical_Team/Use_Cases/2.0/Third_party_produces_bill_of_materials_for_software_package&oldid=1751"