unplugged-system/external/spdx-tools/examples/sample-docs/yaml/SPDXYAMLExample-2.2.spdx.yaml

---
SPDXID: "SPDXRef-DOCUMENT"
spdxVersion: "SPDX-2.2"
creationInfo:
  comment: "This package has been shipped in source and binary form.\nThe binaries\
    \ were created with gcc 4.5.1 and expect to link to\ncompatible system run time\
    \ libraries."
  created: "2010-01-29T18:30:22Z"
  creators:
  - "Tool: LicenseFind-1.0"
  - "Organization: ExampleCodeInspect ()"
  - "Person: Jane Doe ()"
  licenseListVersion: "3.9"
name: "SPDX-Tools-v2.0"
dataLicense: "CC0-1.0"
comment: "This document was created using SPDX 2.0 using licenses from the web site."
externalDocumentRefs:
- externalDocumentId: "DocumentRef-spdx-tool-1.2"
  checksum:
    algorithm: "SHA1"
    checksumValue: "d6a770ba38583ed4bb4525bd96e50461655d2759"
  spdxDocument: "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301"
hasExtractedLicensingInfos:
- licenseId: "LicenseRef-1"
  extractedText: "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,\
    \ 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n\
    \ *\n * Redistribution and use in source and binary forms, with or without\n *\
    \ modification, are permitted provided that the following conditions\n * are met:\n\
    \ * 1. Redistributions of source code must retain the above copyright\n *    notice,\
    \ this list of conditions and the following disclaimer.\n * 2. Redistributions\
    \ in binary form must reproduce the above copyright\n *    notice, this list of\
    \ conditions and the following disclaimer in the\n *    documentation and/or other\
    \ materials provided with the distribution.\n * 3. The name of the author may\
    \ not be used to endorse or promote products\n *    derived from this software\
    \ without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED\
    \ BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING,\
    \ BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS\
    \ FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE\
    \ LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\
    \ DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\
    \ OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\
    \ CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\
    \ OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE\
    \ USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\
    */"
- licenseId: "LicenseRef-2"
  extractedText: "This package includes the GRDDL parser developed by Hewlett Packard\
    \ under the following license:\n<> Copyright 2007 Hewlett-Packard Development Company,\
    \ LP\n\nRedistribution and use in source and binary forms, with or without modification,\
    \ are permitted provided that the following conditions are met: \n\nRedistributions\
    \ of source code must retain the above copyright notice, this list of conditions\
    \ and the following disclaimer. \nRedistributions in binary form must reproduce\
    \ the above copyright notice, this list of conditions and the following disclaimer\
    \ in the documentation and/or other materials provided with the distribution.\
    \ \nThe name of the author may not be used to endorse or promote products derived\
    \ from this software without specific prior written permission. \nTHIS SOFTWARE\
    \ IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,\
    \ BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\
    \ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE\
    \ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\
    \ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\
    \ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\
    \ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\
    \ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,\
    \ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
- licenseId: "LicenseRef-4"
  extractedText: "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n\
    \ *\n * Redistribution and use in source and binary forms, with or without\n *\
    \ modification, are permitted provided that the following conditions\n * are met:\n\
    \ * 1. Redistributions of source code must retain the above copyright\n *    notice,\
    \ this list of conditions and the following disclaimer.\n * 2. Redistributions\
    \ in binary form must reproduce the above copyright\n *    notice, this list of\
    \ conditions and the following disclaimer in the\n *    documentation and/or other\
    \ materials provided with the distribution.\n * 3. The name of the author may\
    \ not be used to endorse or promote products\n *    derived from this software\
    \ without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED\
    \ BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING,\
    \ BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS\
    \ FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE\
    \ LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\
    \ DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\
    \ OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\
    \ CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\
    \ OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE\
    \ USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\
    */"
- licenseId: "LicenseRef-Beerware-4.2"
  comment: "The beerware license has a couple of other standard variants."
  extractedText: "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote\
    \ this file. As long as you retain this notice you\ncan do whatever you want with\
    \ this stuff. If we meet some day, and you think this stuff is worth it, you can\
    \ buy me a beer in return Poul-Henning Kamp"
  name: "Beer-Ware License (Version 42)"
  seeAlsos:
  - "http://people.freebsd.org/~phk/"
- licenseId: "LicenseRef-3"
  comment: "This is tye CyperNeko License"
  extractedText: "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright\
    \ 2002-2005, Andy Clark.  All rights reserved.\n \nRedistribution and use in source\
    \ and binary forms, with or without\nmodification, are permitted provided that\
    \ the following conditions\nare met:\n\n1. Redistributions of source code must\
    \ retain the above copyright\n   notice, this list of conditions and the following\
    \ disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n\
    \   notice, this list of conditions and the following disclaimer in\n   the documentation\
    \ and/or other materials provided with the\n   distribution.\n\n3. The end-user\
    \ documentation included with the redistribution,\n   if any, must include the\
    \ following acknowledgment:  \n     \"This product includes software developed\
    \ by Andy Clark.\"\n   Alternately, this acknowledgment may appear in the software\
    \ itself,\n   if and wherever such third-party acknowledgments normally appear.\n\
    \n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n  \
    \ or promote products derived from this software without prior \n   written permission.\
    \ For written permission, please contact \n   andyc@cyberneko.net.\n\n5. Products\
    \ derived from this software may not be called \"CyberNeko\",\n   nor may \"CyberNeko\"\
    \ appear in their name, without prior written\n   permission of the author.\n\n\
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES,\
    \ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND\
    \ FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED.  IN NO EVENT SHALL THE AUTHOR\
    \ OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\
    \ EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\
    \ \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS\
    \ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT,\
    \ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY\
    \ WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF\
    \ SUCH DAMAGE."
  name: "CyberNeko License"
  seeAlsos:
  - "http://people.apache.org/~andyc/neko/LICENSE"
  - "http://justasample.url.com"
annotations:
- annotationDate: "2010-01-29T18:30:22Z"
  annotationType: "OTHER"
  annotator: "Person: Jane Doe ()"
  comment: "Document level annotation"
- annotationDate: "2010-02-10T00:00:00Z"
  annotationType: "REVIEW"
  annotator: "Person: Joe Reviewer"
  comment: "This is just an example.  Some of the non-standard licenses look like\
    \ they are actually BSD 3 clause licenses"
- annotationDate: "2011-03-13T00:00:00Z"
  annotationType: "REVIEW"
  annotator: "Person: Suzanne Reviewer"
  comment: "Another example reviewer."
documentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301"
documentDescribes:
- "SPDXRef-File"
- "SPDXRef-Package"
packages:
- SPDXID: "SPDXRef-Package"
  annotations:
  - annotationDate: "2011-01-29T18:30:22Z"
    annotationType: "OTHER"
    annotator: "Person: Package Commenter"
    comment: "Package level annotation"
  attributionTexts:
  - "The GNU C Library is free software.  See the file COPYING.LIB for copying conditions,\
    \ and LICENSES for notices about a few contributions that require these additional\
    \ notices to be distributed.  License copyright years may be listed using range\
    \ notation, e.g., 1996-2015, indicating that every year in the range, inclusive,\
    \ is a copyrightable year that would otherwise be listed individually."
  checksums:
  - algorithm: "MD5"
    checksumValue: "624c1abb3664f4b35547e7c73864ad24"
  - algorithm: "SHA1"
    checksumValue: "85ed0817af83a24ad8da68c2b5094de69833983c"
  - algorithm: "SHA256"
    checksumValue: "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd"
  copyrightText: "Copyright 2008-2010 John Smith"
  description: "The GNU C Library defines functions that are specified by the ISO\
    \ C standard, as well as additional features specific to POSIX and other derivatives\
    \ of the Unix operating system, and extensions specific to GNU systems."
  downloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz"
  externalRefs:
  - referenceCategory: "SECURITY"
    referenceLocator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*"
    referenceType: "cpe23Type"
  - comment: "This is the external ref for Acme"
    referenceCategory: "OTHER"
    referenceLocator: "acmecorp/acmenator/4.1.3-alpha"
    referenceType: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge"
  filesAnalyzed: true
  hasFiles:
  - "SPDXRef-CommonsLangSrc"
  - "SPDXRef-JenaLib"
  - "SPDXRef-DoapSource"
  homepage: "http://ftp.gnu.org/gnu/glibc"
  licenseComments: "The license for this project changed with the release of version\
    \ x.y.  The version of the project included here post-dates the license change."
  licenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)"
  licenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)"
  licenseInfoFromFiles:
  - "GPL-2.0-only"
  - "LicenseRef-2"
  - "LicenseRef-1"
  name: "glibc"
  originator: "Organization: ExampleCodeInspect (contact@example.com)"
  packageFileName: "glibc-2.11.1.tar.gz"
  packageVerificationCode:
    packageVerificationCodeExcludedFiles:
    - "./package.spdx"
    packageVerificationCodeValue: "d6a770ba38583ed4bb4525bd96e50461655d2758"
  sourceInfo: "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git."
  summary: "GNU C library."
  supplier: "Person: Jane Doe (jane.doe@example.com)"
  versionInfo: "2.11.1"
- SPDXID: "SPDXRef-fromDoap-1"
  copyrightText: "NOASSERTION"
  downloadLocation: "NOASSERTION"
  filesAnalyzed: false
  homepage: "http://commons.apache.org/proper/commons-lang/"
  licenseConcluded: "NOASSERTION"
  licenseDeclared: "NOASSERTION"
  name: "Apache Commons Lang"
- SPDXID: "SPDXRef-fromDoap-0"
  copyrightText: "NOASSERTION"
  downloadLocation: "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz"
  externalRefs:
  - referenceCategory: "PACKAGE_MANAGER"
    referenceLocator: "pkg:maven/org.apache.jena/apache-jena@3.12.0"
    referenceType: "purl"
  filesAnalyzed: false
  homepage: "http://www.openjena.org/"
  licenseConcluded: "NOASSERTION"
  licenseDeclared: "NOASSERTION"
  name: "Jena"
  versionInfo: "3.12.0"
- SPDXID: "SPDXRef-Saxon"
  checksums:
  - algorithm: "SHA1"
    checksumValue: "85ed0817af83a24ad8da68c2b5094de69833983c"
  copyrightText: "Copyright Saxonica Ltd"
  description: "The Saxon package is a collection of tools for processing XML documents."
  downloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download"
  filesAnalyzed: false
  homepage: "http://saxon.sourceforge.net/"
  licenseComments: "Other versions available for a commercial license"
  licenseConcluded: "MPL-1.0"
  licenseDeclared: "MPL-1.0"
  name: "Saxon"
  packageFileName: "saxonB-8.8.zip"
  versionInfo: "8.8"
files:
- SPDXID: "SPDXRef-DoapSource"
  checksums:
  - algorithm: "SHA1"
    checksumValue: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
  copyrightText: "Copyright 2010, 2011 Source Auditor Inc."
  fileContributors:
  - "Protecode Inc."
  - "SPDX Technical Team Members"
  - "Open Logic Inc."
  - "Source Auditor Inc."
  - "Black Duck Software In.c"
  fileName: "./src/org/spdx/parser/DOAPProject.java"
  fileTypes:
  - "SOURCE"
  licenseConcluded: "Apache-2.0"
  licenseInfoInFiles:
  - "Apache-2.0"
- SPDXID: "SPDXRef-CommonsLangSrc"
  checksums:
  - algorithm: "SHA1"
    checksumValue: "c2b4e1c67a2d28fced849ee1bb76e7391b93f125"
  comment: "This file is used by Jena"
  copyrightText: "Copyright 2001-2011 The Apache Software Foundation"
  fileContributors:
  - "Apache Software Foundation"
  fileName: "./lib-source/commons-lang3-3.1-sources.jar"
  fileTypes:
  - "ARCHIVE"
  licenseConcluded: "Apache-2.0"
  licenseInfoInFiles:
  - "Apache-2.0"
  noticeText: "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\
    \nThis product includes software developed by\nThe Apache Software Foundation\
    \ (http://www.apache.org/).\n\nThis product includes software from the Spring\
    \ Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())"
- SPDXID: "SPDXRef-JenaLib"
  checksums:
  - algorithm: "SHA1"
    checksumValue: "3ab4e1c67a2d28fced849ee1bb76e7391b93f125"
  comment: "This file belongs to Jena"
  copyrightText: "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,\
    \ 2009 Hewlett-Packard Development Company, LP"
  fileContributors:
  - "Apache Software Foundation"
  - "Hewlett Packard Inc."
  fileName: "./lib-source/jena-2.6.3-sources.jar"
  fileTypes:
  - "ARCHIVE"
  licenseComments: "This license is used by Jena"
  licenseConcluded: "LicenseRef-1"
  licenseInfoInFiles:
  - "LicenseRef-1"
- SPDXID: "SPDXRef-File"
  annotations:
  - annotationDate: "2011-01-29T18:30:22Z"
    annotationType: "OTHER"
    annotator: "Person: File Commenter"
    comment: "File level annotation"
  checksums:
  - algorithm: "SHA1"
    checksumValue: "d6a770ba38583ed4bb4525bd96e50461655d2758"
  - algorithm: "MD5"
    checksumValue: "624c1abb3664f4b35547e7c73864ad24"
  comment: "The concluded license was taken from the package level that the file was\
    \ included in.\nThis information was found in the COPYING.txt file in the xyz\
    \ directory."
  copyrightText: "Copyright 2008-2010 John Smith"
  fileContributors:
  - "The Regents of the University of California"
  - "Modified by Paul Mundt lethal@linux-sh.org"
  - "IBM Corporation"
  fileName: "./package/foo.c"
  fileTypes:
  - "SOURCE"
  licenseComments: "The concluded license was taken from the package level that the\
    \ file was included in."
  licenseConcluded: "(LGPL-2.0-only OR LicenseRef-2)"
  licenseInfoInFiles:
  - "GPL-2.0-only"
  - "LicenseRef-2"
  noticeText: "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is\
    \ hereby granted, free of charge, to any person obtaining a copy of this software\
    \ and associated documentation files (the <20>Software<72>), to deal in the Software\
    \ without restriction, including without limitation the rights to use, copy, modify,\
    \ merge, publish, distribute, sublicense, and/or sell copies of the Software,\
    \ and to permit persons to whom the Software is furnished to do so, subject to\
    \ the following conditions: \nThe above copyright notice and this permission notice\
    \ shall be included in all copies or substantial portions of the Software.\n\n\
    THE SOFTWARE IS PROVIDED <20>AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,\
    \ INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR\
    \ A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR\
    \ COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER\
    \ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\
    \ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
snippets:
- SPDXID: "SPDXRef-Snippet"
  comment: "This snippet was identified as significant and highlighted in this Apache-2.0\
    \ file, when a commercial scanner identified it as being derived from file foo.c\
    \ in package xyz which is licensed under GPL-2.0."
  copyrightText: "Copyright 2008-2010 John Smith"
  licenseComments: "The concluded license was taken from package xyz, from which the\
    \ snippet was copied into the current file. The concluded license information\
    \ was found in the COPYING.txt file in package xyz."
  licenseConcluded: "GPL-2.0-only"
  licenseInfoInSnippets:
  - "GPL-2.0-only"
  name: "from linux kernel"
  ranges:
  - endPointer:
      offset: 420
      reference: "SPDXRef-DoapSource"
    startPointer:
      offset: 310
      reference: "SPDXRef-DoapSource"
  - endPointer:
      lineNumber: 23
      reference: "SPDXRef-DoapSource"
    startPointer:
      lineNumber: 5
      reference: "SPDXRef-DoapSource"
  snippetFromFile: "SPDXRef-DoapSource"
relationships:
- spdxElementId: "SPDXRef-DOCUMENT"
  relatedSpdxElement: "SPDXRef-Package"
  relationshipType: "CONTAINS"
- spdxElementId: "SPDXRef-DOCUMENT"
  relatedSpdxElement: "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement"
  relationshipType: "COPY_OF"
- spdxElementId: "SPDXRef-DOCUMENT"
  relatedSpdxElement: "SPDXRef-File"
  relationshipType: "DESCRIBES"
- spdxElementId: "SPDXRef-DOCUMENT"
  relatedSpdxElement: "SPDXRef-Package"
  relationshipType: "DESCRIBES"
- spdxElementId: "SPDXRef-Package"
  relatedSpdxElement: "SPDXRef-JenaLib"
  relationshipType: "CONTAINS"
- spdxElementId: "SPDXRef-Package"
  relatedSpdxElement: "SPDXRef-Saxon"
  relationshipType: "DYNAMIC_LINK"
- spdxElementId: "SPDXRef-CommonsLangSrc"
  relatedSpdxElement: "NOASSERTION"
  relationshipType: "GENERATED_FROM"
- spdxElementId: "SPDXRef-JenaLib"
  relatedSpdxElement: "SPDXRef-Package"
  relationshipType: "CONTAINS"
- spdxElementId: "SPDXRef-File"
  relatedSpdxElement: "SPDXRef-fromDoap-0"
  relationshipType: "GENERATED_FROM"