Promoting open source compliance through standard communication of SW licenses.

Our Mission

Develop and promote adoption of a specification to enable any party in a software supply chain, from the original author to the final end user, to accurately communicate the licensing information for any piece of copyrightable material that such party may create, alter, combine, pass on, or receive, and to make such information available in a consistent, understandable, and re-usable fashion, with the aim of facilitating license and other policy compliance.

Our Vision

The vision of SPDX is achieve license compliance with minimal cost across the supply chain. Ideally, upstream component developers begin the process by supplying SPDX flies as part of their downloads. Users of those components therefore have a starting point for the SPDX files they create for their "customers," and so on. If everything is working properly, the provenance of each piece of code is researched and documented only once during its journey through a supply chain, and that information is passed on in parallel with the code in the SPDX format.

Execution

Development of SPDX is run somewhat like an open source project: Those that participate influence. Decisions tend to be made by consensus. The spec itself is writen by a technical team with input and support from business and legal teams. Although much of the the initial focus was on Linux and the project is under the auspices of the Linux Foundation, the strategy from the outset has been much broader to be applicable to anything open source. To accommodate a range of needs, SPDX can be implemented in XML or tag-value formats.

The SPDX "IP" is all housed on this site. Most of that is embodied in the spec itself, but we have developed a number of separate assets that complement the specification, including a standard license list, implementation guidelines and the SPDX compatible tools.

lightbulb_outline View ideas list

Technologies

  • rdf
  • python
  • java
  • github
  • c

Topics

email Mailing list
mail_outline Contact email

Software Product Data Exchange (SPDX) 2017 Projects

  • Anna Buhman
    GitHub Integration Proposal
    Design, develop, and implement an application that, when provided with a GitHub repository's URL, generates SPDX (https://spdx.org/) documents based...
  • Nuvadga Christian Tete
    License Coverage Grader
    There have been several talks about the need for a package level License Coverage Grade. This project will come up with an initial set of heuristics...
  • Rohit Lodha
    Online SPDX Tool
    Building an easy all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search SPDX license list by...
  • Aleksandr Lisianoi
    Online Validation Tools
    Software Package Data Exchange (SPDX) is “a set of standards for communicating the components, licenses, and copyrights associated with software”....
close

2017