We’re happy you would like to learn more about SPDX! You can do so by going to our Use Section to get more details and examples of how SPDX is being used. The General Meeting is for all SPDX participants and is held once a month. You are invited to join the call as frequently we have a guest speaker from business or the community who presents on their use of SPDX. It’s a great way to see what others are doing and to share and ask questions.
What is SPDX?
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing compliance. The SPDX workgroup consists of individuals, company representatives, foundations, and organizations who use or are considering using the SPDX standard. The workgroup operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals many of who have been involved with License Compliance and identification for years.
The SPDX community has developed a set of collateral that can be used to more clearly convey complete license information in a standard/reusable fashion and to facilitate compliance. The advantages of this are:
- Establishing a common data format (SPDX Documents) allows more effort be expended on license compliance. After all, license compliance can only begin once all software and associated licenses have been identified in a particular code base.
- The content of an SPDX document comprises information definitively identifying the software package, package level, and file level licensing and copyright information. It also provides metadata about the analysis itself: who created the file, when, and how.
- Standard formats allow for tooling to be created to make the process more efficient and to allow more complex compliance operations to take place.
Key Facts About SPDX
It's a Standard
We have developed several pieces of collateral over the years to help solve the problem:
- The SPDX License List
- The SPDX Specification
- Source Identifiers for code
- A standard format for communicating the components, licenses, and copyrights associated with a software package
- Key pillar in Linux Foundation’s Open Compliance Program
Our Guiding Principles
- Human and machine readable formats
- Focus on capturing facts; avoid interpretations
- To help reduce redundant work in determining software license information and to facilitate compliance
As a company you are often faced with:
- Surprises with licensing of the software and binaries given to you by Suppliers.
- The need to develop your own Bill of Materials for suppliers to fill out (as there was not a standard for now).
As a Supplier, you are often faced with:
- Every customer wants a bill of materials in a different form.
- Surely this open source package has been analyzed before.
These are unsustainable models on both ends.
That Bill of Materials is SPDX which is part of the solution.