-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usage profile #191
base: usage-profile
Are you sure you want to change the base?
Usage profile #191
Conversation
Signed-off-by: Yoshiyuki Ito <yoshiyuki.ito.ub@renesas.com>
Signed-off-by: Yoshiyuki Ito <yoshiyuki.ito.ub@renesas.com>
Signed-off-by: Yoshiyuki Ito <yoshiyuki.ito.ub@renesas.com>
Signed-off-by: Yoshiyuki Ito <yoshiyuki.ito.ub@renesas.com>
doc/UsageProfile.svg
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@maxhbr -san, It was overwritten by my operation mistake. I've committed correct one.
doc/UsageProfile.drawio
Outdated
|
||
|
||
|
||
<!DOCTYPE html> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not able to open this drawio file, as it seems to be a html github page
Hello, It doesn't look like there is a way to comment inline in the PDF itself, so I'm replying with a couple of thoughts here. For slide 6 "Terms of Use for these deliverables": if this is about a contractual limitation on use, wouldn't that be more appropriate to include a licensing profile section with a For slide 7 "Expiration date and time OR Expiration event": similarly, it would be helpful to have more explanation to understand what is "expiring" in this situation. I assume that it wouldn't be either the SBOM itself, or the license to use the software. Is there something else that is "expiring"? |
Signed-off-by: Yoshiyuki Ito <yoshiyuki.ito.ub@renesas.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just saw @maxhbr comment - indeed the draw.io file is HTML rather than the draw.io data which can be downloaded.
Sorry, I've re-committed at #38f3040 for that drawio file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - Thanks @yoshi-i
@maxhbr - pls review and if OK, we can merge |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not understand the USAGE OPERATOR
, are there some examples?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This uses the DESCRIBES relation, but that is (at least in 2.3) defined as "Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A." with the example "An SPDX document WildFly.spdx describes package ‘WildFly’. Note this is a logical relationship to help organize related items within an SPDX document that is mandatory if more than one package or set of files (not in a package) is present.". Not sure if it is valid in this usecase.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shows a specific way of how licensing information is expressed, which might not align with the actual future of the licensing profile. Maybe this could be made transparent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we always use singular:
Deliverables
->Deliverable
comments
->comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The AND
and OR
looks very similar to license expressions and might cause confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This uses the DESCRIBES relation, but that is (at least in 2.3) defined as "Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A." with the example "An SPDX document WildFly.spdx describes package ‘WildFly’. Note this is a logical relationship to help organize related items within an SPDX document that is mandatory if more than one package or set of files (not in a package) is present.". Not sure if it is valid in this usecase.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shows a specific way of how licensing information is expressed, which might not align with the actual future of the licensing profile. Maybe this could be made transparent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we always use singular:
Deliverables
->Deliverable
comments
->comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The AND
and OR
looks very similar to license expressions and might cause confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you maybe instead provide some file that can be edited and further improved instead of a PDF?
Model descriptions with drawio and supplemental pdf document of Usage Profile
Signed-off-by: Yoshiyuki Ito yoshiyuki.ito.ub@renesas.com