THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Use Cases/2.0/Upstream maintainer preparing release artifacts (including SPDX data)
From SPDX Wiki
- Title: Upstream maintainer preparing release artifacts (including SPDX data).
- Primary Actor: Member of upstream maintainer team
- Goal in Context: To provide a SPDX data for a particular release of the copyrightable artifacts in their project packaged together with those release artifacts (for example, inside a source tarball, inside a jar, inside a binary tarball, etc).
- Stakeholders and Interests:
- Upstream maintainers:
- To communicate the licensing information for their copyrightable artifacts.
- To have their licenses respected
- Consumers of upstreams copyrightable artifacts:
- To receive accurate and clear information of licensing of artifacts (without having to hunt around for it. You download the release, and the licensing data is right there within it)
- To be able to comply easily with licenses for artifacts
- To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
- Upstream maintainers:
- Preconditions:
- Upstream has selected licenses for the copyrightable artifacts originating with the project (package, files, etc)
- Upstream has indentified license data for other copyrightable artifacts they consume
- Main Success Scenario: Upstream communicates accurate complete licensing information for their copyrightable artifacts in an SPDX data format together with their release artifacts (in their tarball, jar, etc).
- Failed End Condition: Upstream communicates inaccurate incomplete licensing information for their copyrightable artifacts.
- Trigger:
- Project release
- Notes:
