On Wednesday Linux Foundation also FOSSBazaar issued the new specification for simplification of accomplishment of licensing terms of the open source software.
The data exchange software package (Software Package Data Exchange - SPDX) is the specification of exchange which traces information on the license in the standardized form and allows its movements on software supply chain.
From the moment of the emergence to software open source by the nature it is intended for joint work and any new project often comprises fragments of other projects open source, each of which corresponds to other license. At the right time, when the project is implemented in the enterprise, IT specialists can even not know all provisions of the license attached to the code.
Before beginning an implementation project, the companies want to know about the existing license restrictions. By means of more than 2000 licenses for free software on the Internet it is hard to make it. It is possible to face licenses where the programmer asks to send not money, and beer, and with family of the platformno-dependent licenses GPL for such products as Apache and Eclipse.
In each license there are determinations of how software can be used and extend. Today several companies offer tools and services for audit of the used code: Black Duck Software, OpenLogic, FOSSology and Pathology. But even if the company underwent such audit, and then each project participant made in it the contribution and thoughtfully documented licenses and information on copyright of each part of the changed software, there is no commonly accepted method of exchange of these data so, they can be transferred to other users without restrictions.
Dave McLoughlin, the auditor of open code systems of OpenLogic company considers that SPDX solves this problem. The SPDX file will be transferred with the program project as the file which is its part. He uses a special format of collecting of specific data on each project, including the license and the version. Sooner or later the tools allowing to generate the SPDX files from files of other formats will be created. For example, if the development team used the spreadsheet for tracking of information on licensing, it will be such tools which will allow to convert tabular data into the SPDX file.
The working group of SPDX hopes that finally all suppliers of the commercial software will support this specification. Today it is available at number 1.0 and the enterprises need to learn from the software suppliers open source about support of SPDX and as they implement it.
The group among which there are industrial heavyweights takes part in the project and gives it support: Alcatel-Lucent, Antelink, Black Duck Software, Canonical, HP, Micro Focus, Motorola Mobility, nexB Inc, OpenLogic, Palamida, Protecode, Source Auditor, Texas Instruments and Wind River.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |