THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Use Cases/2.0/Upstream maintainer preparing release artifacts (including SPDX data)

From SPDX Wiki
Jump to: navigation, search
  1. Title: Upstream maintainer preparing release artifacts (including SPDX data).
  2. Primary Actor: Member of upstream maintainer team
  3. Goal in Context: To provide a SPDX data for a particular release of the copyrightable artifacts in their project packaged together with those release artifacts (for example, inside a source tarball, inside a jar, inside a binary tarball, etc).
  4. Stakeholders and Interests:
    1. Upstream maintainers:
      1. To communicate the licensing information for their copyrightable artifacts.
      2. To have their licenses respected
    2. Consumers of upstreams copyrightable artifacts:
      1. To receive accurate and clear information of licensing of artifacts (without having to hunt around for it. You download the release, and the licensing data is right there within it)
      2. To be able to comply easily with licenses for artifacts
      3. To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.
  5. Preconditions:
    1. Upstream has selected licenses for the copyrightable artifacts originating with the project (package, files, etc)
    2. Upstream has indentified license data for other copyrightable artifacts they consume
  6. Main Success Scenario: Upstream communicates accurate complete licensing information for their copyrightable artifacts in an SPDX data format together with their release artifacts (in their tarball, jar, etc).
  7. Failed End Condition: Upstream communicates inaccurate incomplete licensing information for their copyrightable artifacts.
  8. Trigger:
    1. Project release
  9. Notes: