The Linux Foundation-sponsored SPDX workgroup has this week announced the release of version 1.0 of its Software Package Data Exchange (SPDX) standard.
The SPDX standard has been laid down to help facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain.
The foundation has said that SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance.
SPDX was developed with participation by a wide range of industry and open source community participants, including Black Duck Software, Canonical, HP, Micro Focus, Protecode, and Texas Instruments.
"The SPDX 1.0 standard is an example of how open compliance and collaboration can enable the advancement of Linux and open source software," said Jim Zemlin, executive director of The Linux Foundation.
"We applaud the SPDX workgroup for its important work on providing a consistent way to report and view license information for software technology components, making it even easier for companies to maximize their investments in free and open source software," he added.
Going to some lengths to justify the reason for this announcement, the foundation explained that most technology products today are assembled from multiple components that contain free and open source software, as well as commercial software; these components are created, delivered, and received by companies throughout the supply chain.
Because of the distributed nature and complexity of this "global software supply chain", the foundation asserts that it has become cumbersome and time consuming for each organization to prepare the license information for these components in the multiple distinct formats prescribed by others in their supply chain.
By enabling communities and companies to provide license information in a common format that can be easily analyzed and shared, the SPDX standard is hoped to accelerate the adoption of Linux and other free and open source software across industries, including the consumer electronics marketplace, by easing the burden of compliance through transparent sharing of license information.
The SPDX standard defines a standard file format that lists detailed license and copyright information for a software package and each file it comprises. The SPDX community has also provided open source tools to convert SPDX files to and from spreadsheet formats.
