ITAMChannel is a hub of coverage for all the latest news and views within the IT Asset Management Industry

SPDX Updates Open Source License Compliance Standards

SHARE
,

Software licenses aren’t very useful if no one adheres to them—and adhering to licenses gets tough quickly when you’re dealing with complex supply chains of software whose numerous, ever-moving parts are licensed differently. That’s why the Linux Foundation‘s Software Package Data Exchange (SPDX) working group has rolled out an updated specification designed to make open source licensing simpler.

SPDX provides a standard format for “communicating the components, licenses and copyrights associated with a software package,” and helps “facilitate compliance with free and open source software licenses by providing a uniform way license information is shared across the software supply chain,” according to the Linux Foundation.

Toward that end, version 2.0 of the specification, which the SPDX working group (which is hosted by the Linux Foundation and includes a number of major open source companies and organizations) released May 12 and which the Linux Foundation is calling “represents a major milestone for open source license compliance,” introduces several new features, including:

SOURCE: thevarguy.com