The Linux Foundation hosts a Legal Community to provide a neutral place for legal professionals to collaborate and protect the Linux platform and the broader open source ecosystem. The Legal Community is made up of lawyers who work on open source matters within their organizations, and enables them to collaborate with their peers. Members of the community focus on best practices, approaches to common issues, and intersections with standards development organizations, anticipating issues arising in open source projects and coordinating with other legal communities (e.g., the FSFE Legal Network and SFLC). The Legal Community is often involved with, or has helped create, other Projects hosted at The Linux Foundation, including SPDX and OpenChain. This community is only for The Linux Foundation's members, who can send an email to email@example.com in order to get introduced and participate in this community.
TODO Group (Talk Openly, Develop Openly) is made up of companies that want to collaborate on practices, tools, and other ways to run successful and effective open source projects and programs. Open source program offices face many challenges, such as ensuring high-quality and frequent releases, engaging with developer communities, and contributing back to other projects effectively. Members of this group are committed to working together to overcome these challenges andto adopt best open source practices for external and internal projects. They are sharing experiences, developing best practices, and working on common tooling. Read more about the TODO Group and how to join.
The OpenChain Project is an initiative born out of the Legal Community, focused on developing an open source license compliance standard to which companies can hold their suppliers accountable, and thereby reduce the potential for mistakes. The issue faced by many large enterprises is that their company sources software from hundreds or thousands of suppliers, and it’s difficult or impossible to know if their suppliers are following the same best practices they’ve implemented internally for code they distribute. The OpenChain community focuses on developing this standard, and the training materials to support it, and is an open community of professionals focused on open source software license compliance in supply chains. Learn more about the OpenChain Project and how to get involved.
The SPDX Project is working towards easing the burden of open source compliance by developing machine-readable standards for open source software license compliance. The project started by building a standard for easily exchanging the license data for the code in a particular software package. With SPDX 2.0, it evolved to support the exchange of license data for dependencies of particular software packages and products those packages may be included in. The SPDX Project also maintains a list of short identifiers for licenses commonly found in open source and community projects; that list has, in itself, become a de facto standard used by projects, companies, and communities on its own. Most recently, the project has developed a meta tag system for noting the license for a file within the code of the file itself to enable very fast and accurate license scanning. The SPDX Project is, at its core, a professional community of open source software users, developers, legal professionals, and compliance auditors focused on building a world-class standard that eases their own challenges in companies distributing open source software. By working together, this community has built both standards and tools to ease the operational challenges of managing complex software development in companies that leverage open source software. Learn how to participate in this initiative.