spdx-3-model icon indicating copy to clipboard operation
spdx-3-model copied to clipboard
verified publisher icon spdx

Usage profile

Open yoshi-i opened this issue 2 years ago • 3 comments

Model descriptions with drawio and supplemental pdf document of Usage Profile

Signed-off-by: Yoshiyuki Ito [email protected]

yoshi-i avatar Apr 11 '23 09:04 yoshi-i

Hello,

It doesn't look like there is a way to comment inline in the PDF itself, so I'm replying with a couple of thoughts here.

For slide 6 "Terms of Use for these deliverables": if this is about a contractual limitation on use, wouldn't that be more appropriate to include a licensing profile section with a LicenseRef- ID, pointing to the text of the contract? I don't think a separate field to refer to a contract that imposes different limitations on use of software would be helpful, since it would require an SBOM recipient to look in two separate places to understand the license limitations.

For slide 7 "Expiration date and time OR Expiration event": similarly, it would be helpful to have more explanation to understand what is "expiring" in this situation. I assume that it wouldn't be either the SBOM itself, or the license to use the software. Is there something else that is "expiring"?

swinslow avatar Apr 11 '23 19:04 swinslow

I just saw @maxhbr comment - indeed the draw.io file is HTML rather than the draw.io data which can be downloaded.

Sorry, I've re-committed at #38f3040 for that drawio file.

yoshi-i avatar Apr 19 '23 10:04 yoshi-i

@maxhbr - pls review and if OK, we can merge

goneall avatar Apr 24 '23 01:04 goneall