SPDX Updates Open Source License Compliance Standards

News | 0 comments

by | May 18, 2015

Software licenses aren’t very useful if no one adheres to them—and adhering to licenses gets tough quickly when you’re dealing with complex supply chains of software whose numerous, ever-moving parts are licensed differently. That’s why the Linux Foundation‘s Software Package Data Exchange (SPDX) working group has rolled out an updated specification designed to make open source licensing simpler.

SPDX provides a standard format for “communicating the components, licenses and copyrights associated with a software package,” and helps “facilitate compliance with free and open source software licenses by providing a uniform way license information is shared across the software supply chain,” according to the Linux Foundation.

Toward that end, version 2.0 of the specification, which the SPDX working group (which is hosted by the Linux Foundation and includes a number of major open source companies and organizations) released May 12 and which the Linux Foundation is calling “represents a major milestone for open source license compliance,” introduces several new features, including:

SOURCE: thevarguy.com


Submit a Comment

Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!