From 722bd2031980c4396757bec9664c19b9159bdd82 Mon Sep 17 00:00:00 2001
From: Nisha K <nishak@vmware.com>
Date: Mon, 7 Feb 2022 16:02:32 -0800
Subject: [PATCH] Add Package Purpose field

- Add information about "package" in the information section
- Add metadata about Package Purpose

Fixes #621

Signed-off-by: Nisha K <nishak@vmware.com>
---
 chapters/package-information.md | 70 +++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/chapters/package-information.md b/chapters/package-information.md
index b4769aa0e9..1f2b437dcb 100644
--- a/chapters/package-information.md
+++ b/chapters/package-information.md
@@ -1,4 +1,25 @@
 # 7 Package information section
+In SPDX information is used to describe packages, representing the versioned components of an object that are part of a software distribution. Packages are an abstract concept that can be used to describe any object within a software distribution.
+
+A Package describes any unit of content that can be associated with a distribution of software. Typically, a Package is composed of one or more files. An SPDX document should provide details about the individual files comprising a software distribution, using a Package object to represent each versioned object within a distribution. Each package is identified with a classification type to aid with processing of the object described by a package element. Packages are used for objects that contain versioning information, where File is used to represent objects without versioning information, i.e. underconstruction.html.
+
+Any of the following non-limiting examples may be (but are not required to be) represented in SPDX as a Package:
+
+```
+a tarball, zip file or other archive
+a directory or sub-directory
+a separately distributed piece of software which another Package or File uses or depends upon (e.g., a Python package, a Go module, ...)
+a container image, and/or each image layer within a container image
+a collection of one or more sub-packages
+a Git repository snapshot from a particular point in time
+a open-source library, i.e. OpenSSL
+a javascript file
+a customer script file
+a index,html file
+a LICENSE file
+a CHANGE log 
+a properties file
+```
 
 ## 7.1 Package name field <a name="7.1"></a>
 
@@ -1417,6 +1438,55 @@ EXAMPLE 2 RDF: Property `spdx:attributionText` in class `spdx:Package`
 </Package>
 ```
 
+## 7.24 Package Purpose field <a name="7.24"></a>
+
+### 7.24.1 Description
+
+This field provides information about the purpose of the identified package. Package Purpose is intrinsic to how the package is being used rather than the content of the package. The options to populated this field are limited to:
+
+`APPLICATION` if the package is a software application;
+`FRAMEWORK` if the package is a software framework;
+`LIBRARY` if the package is a software library;
+`CONTAINER` if the package refers to a container image which can be used by a container runtime application;
+`OPERATING-SYSTEM` if the package refers to an operating system;
+`DEVICE` if the package refers to a chipset, processor, or electronic board;
+`FIRMWARE` if the package provides low level control over a device's hardware;
+`SOURCE` if the package is a collection of source files;
+`ARCHIVE` if the package refers to an archived collection of files (.tar, .zip, etc);
+`FILE` if the package is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc);
+`INSTALL` if the package is used to install software on disk;
+`OTHER` if the package doesn't fit into the above categories.
+
+The metadata for the Package Purpose field is shown in Table 36.
+
+**Table 36 — Metadata for the package purpose field**
+
+| Attribute | Value |
+| --------- | ----- |
+| Required | No |
+| Cardinality | 0..* |
+| Format | `APPLICATION` \| `FRAMEWORK` \| `LIBRARY` \| `CONTAINER` \| `OPERATING-SYSTEM` \| `DEVICE` \| `FIRMWARE` \| `SOURCE` \| `ARCHIVE` \| `FILE` \| `INSTALL \| `OTHER` \|
+
+### 7.24.2 Intent
+
+This field is a reasonable estimate of the package usage from the producer and consumer perspective from which both parties can draw conclusions about the context in which the package exists.
+
+### 7.24.3 Examples
+
+EXAMPLE 1 Tag: `PackagePurpose:`
+
+```text
+PackagePurpose: FRAMEWORK
+```
+
+EXAMPLE 2 RDF: Property `spdx:purpose` in class `spdx:Package`
+
+```text
+<Package rdf:about="cluster-api">
+    <packagePurpose rdf:resource="packagePurpose_container" />
+</Package>
+```
+
 [Bazaar]: http://bazaar.canonical.com/
 [FSF]: http://www.fsf.org/
 [Git]: https://git-scm.com/