Dear members,
We are in the license information exchange sub group under OpenChain Japan WG,
and would like to propose usage profile for SPDX3.0 on this mailing list based
on Kate's suggestion as follows:
How can we describe "Reference to Local/Contract Documents" with External
Document Ref Tag?
(1) Proposal of usage profile: including OSS policy and/or contract information
on the SPDX (at chain basis)
As each company would have own OSS policy, OSS related inconsistency may be
arisen at each deal(each supply chain).
Generally, this kind of policy would be defined in the closed / local document
such as policy, agreement, contract, and/or SPEC under each chain, and as
such, it would not be applicable for SPDX2.2 for the moment.
However, for the purpose of clear data exchange at supply chain basis and of
whole data exchange management, we would like to include OSS policy and/or
contract information on the SPDX3.0 at chain basis.
(2)How can we do?
For example, restricted OSS license may be identified in the OSS policy. Also,
such OSS license may be approved only for prototype.
Accordingly, we are focused on "External Document References", "UsageInfo",
"ValidUntil" to describe such information exchange with the following (A)-(D):
(A)In order to refer to the machine readable "Agreement" in relation to product
development between company A and company B.:
ExternalDocumentRef: DocumentRef-Agreement_Btw_A_B
file://anyware_but_not_disclosed_to_open/Agreement_Btw_A_B.txt
Checksum_for_for_Agreement_Btw_A_B
Or
ExternalDocumentRef: DocumentRef-Agreement_Btw_A_B "Specific ID, Effective As
Of or any other common identifier between supplier A and consumer B"
Checksum_for_Agreement_Btw_A_B
(B)In order to describe UsageInfo for product defined in the Agreement between
A and B:
DocumentRef-ThisSPDXID: SPDXID PREREQUISITE_FOR TargetProductInfo-ThisSPDXID
TargetProductInfo: TargetProductinfo-ThisSPDXID "Product Name which worte in
Agreement_Btw_A_B"
(C)In order to pick up UsageInfo description about package "X" from the
Agreement between A and B:
Package Description about "X".....
UsageInfo:<text> "Only for Verification but not for Final Product" </text>
(Picked up from "Agreement_Btw_A_B").
(D)In order to define Expiration of This SPDX Document on Product Development:
ValidUntil: <text>"Next Scheduled Delivery of SPDX Doc"</text>
We are looking forward to receive any feedback from others on this matter.
Thank you in advance!
Best regards,
Kentaro Takahashi
Intellectual Property Div.
TOYOTA MOTOR CORPORATION
Attention: The information contained in this email may be attorney/client
privileged and confidential information intended only for the use of the
recipient(s) named above. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited.
If you have received this communication in error, please contact the sender by
reply e-mail and destroy all copies of this e-mail message. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3966): https://lists.spdx.org/g/Spdx-tech/message/3966
Mute This Topic: https://lists.spdx.org/mt/80009711/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
