This talk was given at the Open Source Leadership Summit on March 7th, 2018 by Kate Stewart (SPDX Technical Team Lead), Greg Kroah-Hartman (Linux Kernel Developer), and Philippe Ombredanne (Aboutcode.org Maintainer). It discusses efforts to help automate license identification, where open source tools are out and some of the challenges around this using the Linux Kernel as an example.
Announcements
"A Smart Way to Manage OSS Compliance with Yocto+SPDX "by Lei Maohui, Fujitsu, given at LinuxCon Japan 2016.
http://events.linuxfoundation.org/sites/events/files/slides/ALS_2016_SPDX_0.pdfThe site now:
- Displays links to license texts on spdx.org, including for dual-license and other non-trivial SPDX expressions
- Displays a tiny green OSI logo (and obligatory registered-trademark symbol) for packages that offer at least one OSI-approved choice
- Displays license information only for packages in the registry that set `license` in `package.json` to a valid SPDX expression
To see it in action:
The NPM project uses the License List short identifier to describe the licensing of a Package.