Ȩ > Ç¥ÁØÈ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ
| Ç¥ÁعøÈ£ | TTAK.KO-11.0182/R1 | ±¸Ç¥ÁعøÈ£ | |
|---|---|---|---|
| Á¦°³Á¤ÀÏ | 2015-12-16 | ÃÑÆäÀÌÁö | 19 |
| ÇѱÛÇ¥Áظí | °ø°³¼ÒÇÁÆ®¿þ¾î Á¤º¸±³È¯¸í¼¼ | ||
| ¿µ¹®Ç¥Áظí | Open source software package data exchange specification | ||
| Çѱ۳»¿ë¿ä¾à | ±â¾÷°ú Á¶Á÷µéÀº °ø°³ ¼ÒÇÁÆ®¿þ¾î¿Í ±âŸ ¼ÒÇÁÆ®¿þ¾î ÆÐÅ°ÁöµéÀ» ±¤¹üÀ§ÇÏ°Ô »ç¿ëÇÏ°í ÀÖ°í Àç»ç¿ëÇÏ°í ÀÖ´Ù. ¶óÀ̼±½º¿Í °ü·ÃµÈ Áعý¼ºÀº °¢°¢ÀÇ Á¶Á÷µéÀÌ µ¶ÀÚÀûÀ¸·Î ¼öµ¿ ȤÀº ÀÚµ¿ ºÐ¼® ¹æ¹ý¿¡ ÀÇÇØ ÇØ´çµÇ´Â ¶óÀ̼±½º¸¦ È®ÀÎÇÏ°í Àǹ« »çÇ×À» ¼öÇàÇÏ´Â ÀÏ·ÃÀÇ È°µ¿À» ÇÊ¿ä·Î ÇÑ´Ù. ¼ÒÇÁÆ®¿þ¾î°³¹ßÆÀµéÀº Àü ¼¼°è¿¡ °ÉÃÄ µ¿ÀÏÇÑ °ø°³ ¼ÒÇÁÆ®¿þ¾î ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´õ¶óµµ ºÐ¼® È°µ¿ÀÇ °á°ú¸¦ °øÀ¯Çϰųª ºÐ¼®¿¡ ÀÖ¾î¼ Çù¾÷Çϱâ À§ÇÑ ÀÎÇÁ¶ó°¡ ºÎÁ·ÇÏ´Ù. ±× °á°ú ¸¹Àº ±â¾÷µéÀÌ Áߺ¹ Á¤º¸¿Í ÀÌÁß ³ë·ÂÀ» ÃÊ·¡ÇÏ´Â µ¿ÀÏ ÀÛ¾÷À» ¼öÇàÇÏ°í ÀÖ´Ù. ÀÌ¿¡ ¸®´ª½º ÆÄ¿îµ¥À̼±¿¡ ¼ÓÇØ ÀÖ´Â SPDX ¿öÅ·±×·ìÀº ¼ÒÇÁÆ®¿þ¾î ÆÐÅ°ÁöÀÇ Á¤º¸ Àü´Þ ¹æ½ÄÀ» °³¼±ÇÏ°í ½Ã°£ Àý¾àÀ» ¸ñÀûÀ¸·Î ¼ÒÇÁÆ®¿þ¾î ÆÐÅ°Áö¿¡ ´ëÇÑ Á¤º¸¿Í °ü·Ã ³»¿ëµéÀÌ ¼öÁýµÇ°í °øÅëÀÇ ¼½ÄÀ¸·Î °øÀ¯µÇµµ·Ï Á¤º¸ ±³È¯ ¼½ÄÀ» ¸¸µé°Ô µÇ¾ú´Ù. SPDX ¹®¼´Â »ç¿ëÀ» À§ÇÑ ¶óÀ̼±½º¿Í SPDXÆÄÀÏÀÇ Æ¯Á¤ ¹öÀüÀ» °¡Áø ºÐ¼®°á°ú¿¡ °ü·ÃµÈ SPDX ¹®¼ÀÇ »ý¼º Á¤º¸, ÆÐÅ°Áö Á¤º¸, ÆÄÀÏ Á¤º¸, ¶óÀ̼±½º Á¤º¸, °ü°è(Relations) Á¤º¸, ÁÖ¼® (Annotations) Á¤º¸ µîÀ¸·Î ±¸¼ºµÈ ¸ÞŸ µ¥ÀÌÅÍÀÌ´Ù. º» Ç¥ÁؾÈÀº ÃÖ½ÅÀÇ SPDX »ç¾çÀ» ¹Ý¿µÇÏ°í ÀÖÀ» »Ó¸¸ ¾Æ´Ï¶ó ±¹³» ½ÇÁ¤¿¡ ¸Â°Ô Àû¿ëÇÒ ¼ö ÀÖµµ·Ï °³¼± »çÇ×°ú ¼öÁ¤ »çÇ×À» Æ÷ÇÔÇÏ°í ÀÖ´Ù. | ||
| ¿µ¹®³»¿ë¿ä¾à | Companies and organizations are widely using and reusing OSS and other software packages. Compliance with the associated licenses requires a set of analysis activities and due diligence that each Organization performs independently including identification of associated licenses followed by manual or automated verification. Software development teams across the globe use the same open source packages, but little infrastructure exists to facilitate collaboration on the analysis or share the results of these analysis activities. As a result, many groups are performing the same work leading to duplicated efforts and redundant information. The SPDX working group seeks to create a data exchange format so that information about software packages and related content may be collected and shared in a common format with the goal of saving time and improving data accuracy of software package.
SPDX¡¡Document Information is meta data that consists of creation information, package information, license information, file information and reviewer information to associate analysis results with a specific version of the SPDX file and license for use. |
||
| ±¹Á¦Ç¥ÁØ | |||
| °ü·ÃÆÄÀÏ |
 TTAK.KO-11.0182_R1.pdf
| ||
