The Linux Foundation’s SPDX™ Workgroup Releases New Version of Software Package Data Exchange™ Standard

Latest version integrates feedback from early adopters to facilitate even easier compliance with FOSS licenses

SAN DIEGO, Calif., (LinuxCon and CloudOpen} August 30, 2012 – The SPDX workgroup, hosted by The Linux Foundation, today announced the release of version 1.1 of its Software Package Data Exchange (SPDX™) standard, which includes new features and an expanded list of licenses that is being adopted by the Open Source Initiative (OSI) and other organizations.

These updates further reduce redundant work by providing a common format for companies and communities to share important data about software license and copyrights, thereby streamlining and improving compliance.  

The workgroup today is also announcing new open source tools that automate the standard, as well as the workgroup’s adoption of the CCO Universal Public Domain Dedication license. This license was chosen based on feedback from users of the SPDX standard and encourages the creation and sharing of SPDX data worldwide by ensuring that data compiled in an SPDX file is freely licensed under intellectual property rights regardless of jurisdiction and that the data is provided without any warranties or other liabilities.   

Based on the feedback from early adopters of SPDX, the following enhancements have been made for SPDX 1.1:

  • Optional fields for including license names and cross references to license sites
  • New comment fields added to capture important facts in the document, license, and file sections
  • Web access to license data, allowing other websites and tools real-time access to the most current information

SPDX 1.1 also includes an expanded list of licenses, new short form identifiers for all licenses, and an easier process for accommodating additional license requests: http://www.spdx.org/content/spdx-license-list-process-requesting-new-licenses-be-added

In an important expression of support, the Open Source Initiative (OSI) has adopted the short identifiers for all OSI-approved licenses.

"License information is often fragmented and hard to organize. SPDX tackles this problem by helping standardize license information that can be shared across the open source community," said Luis Villa, Board of Directors, Open Source Initiative. "OSI will do its part to help by standardizing on the SPDX short names for all OSI-approved licenses. We expect this will contribute to our longstanding goal of reducing friction and increasing uptake of free and open source licenses and software by both community and industry."

SPDX 1.1 also includes the support of the following open source tools that assist users with the production, viewing, and validation of SPDX data files:

  • SPDX Viewer: command line driven Java application that formats a valid SPDX RDF document into a text file for easier viewing.
  • SpreadsheetToRDF: Converts a spreadsheet containing SPDX information into a valid SPDX/RDF file
  • RDFToSpreadsheet: Converts a valid SPDX/RDF file into a spreadsheet
  • LicenseRDFaGenerator: Converts a valid License spreadsheet file into a directory of HTML files to be used on the SPDX website

For more information on these tools, please visit: http://spdx.org/tools. For more comments from companies and organizations supporting SPDX with commercial tools, please visit: https://www.linuxfoundation.org/news-media/announcements/2012/08/supporting-comments-spdx-11

The SPDX workgroup today is hosting a panel at LinuxCon North America at 10:25 a.m. local time. Details on the new release will be shared on the panel titled “SPDX Celebrates Its First Birthday: Where Have We Been and Where are We Going?” For more information, please visit: http://lcna2012.sched.org/event/d6abd8bb5f87585c538181d3dce0825f?iframe=no#.UDJ34kSCg_U

“The SPDX workgroup is drastically improving the process for license compliance across multiple industries where Linux and open source software are dominant,” said Jim Zemlin, executive director at The Linux Foundation. “With the increasing adoption of SPDX and its latest release, companies can move even more quickly with product development and innovation based on open source software.”

SPDX is developed with participation by a wide range of industry and open source community heavyweights, including: Alcatel-Lucent, Antelink, Black Duck Software, Canonical, HP, Micro Focus, Motorola Mobility, nexB Inc, OpenLogic, Palamida, Protecode, Source Auditor, Texas Instruments and Wind River.

To learn more about SPDX and participate, please visit: http://spdx.org

About The Linux Foundation

The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system by marshaling the resources of its members and the open source development community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Linux conferences, including LinuxCon, and generating original Linux research, Linux videos and content that advances the understanding of the Linux platform. Its web properties, including Linux.com, reach approximately two million people per month. The organization also provides extensive Linux training opportunities that feature the Linux kernel community’s leading experts as instructors. Follow The Linux Foundation on Twitter.

###

Trademarks: The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. Linux is a trademark of Linus Torvalds.