The Linux Foundation's SPDX Workgroup Releases New Version of Software Package Data Exchange Standard

The Linux Foundation's SPDX Workgroup Releases New Version of Software Package 
Data Exchange Standard 
Version 1.2 Improves Interoperability and Is Being Adopted by U-Boot
EDINBURGH, SCOTLAND -- (Marketwired) -- 10/22/13 --  LinuxCon and
CloudOpen -- The SPDX(R) workgroup, hosted by The Linux Foundation,
today announced the release of version 1.2 of its Software Package
Data Exchange (SPDX(R)) standard, which includes new features and is
being adopted by U-Boot, a popular open source boot loader for
embedded devices. 
The new release addresses issues identified during interoperability
testing. The SPDX workgroup held a "bake off," or interoperability
testing session, during the 2013 Linux Foundation Collaboration
Summit in April, comparing the output of several tools as well as
some manually generated SPDX documents. The extensive analysis
uncovered opportunities for further clarity in the spec. SPDX Version
1.2 and its updated guidelines address these opportunities and ensure
more consistency in SPDX documents. 
"The interoperability testing we did at the Collaboration Summit was
very valuable in checking the spec in use by a diverse group of
users," said SPDX Technical Team Lead, Kate Stewart, one of the
founders of SPDX. "Version 1.2 is a great step forward in achieving
consistency across SPDX tools, which is key to adoption."  
The SPDX workgroup is also announcing that U-Boot, a popular open
source boot loader for embedded devices, is using SPDX license names
as its standard for specifying licensing in files. This kind of
adoption by open source projects greatly simplifies the creation of
SPDX documents and reduces cost of compliance across the software
supply chain.  
"SPDX license identifiers enable us to unambiguously capture all
license information in a single line," says U-Boot creator Wolfgang
Denk. "This avoids a variety of problems for us including bloated
source code, breakdown of automated processing due to variations in
the way licenses are specified, and difficulty in generating License
Clearing Reports. At the same time this makes U-Boot easier to
maintain and for organizations using SPDX to adopt." 
New features in SPDX 1.2 include: 

--  A field to specify license list version and one to describe file
--  More flexibility in locally naming non-standard licenses
--  Clarity with respect to case sensitivity for existing fields
--  Fields to document notices, project homepage and author credits
--  The ability to identify and map standard license headers

SPDX version 2.0 is expected in 2014 and will support hierarchy. 
"With its latest release, the SPDX workgroup continues to improve the
process for license compliance across multiple industries where Linux
and open source software are dominant," said Jim Zemlin, executive
director at The Linux Foundation. "Investments in this area are
important for increasing Linux and open source adoption, and we are
happy to see these community contributions to SPDX."  
SPDX is developed with participation by a wide range of industry and
open source community heavyweights, including: Alcatel-Lucent,
Antelink, Black Duck Software, Cisco, HP, Linaro, Micro Focus, nexB,
OpenLogic, Palamida, Protecode, Source Auditor, Texas Instruments,
University of Nebraska Omaha, University of Victoria, and Wind River. 
Currently the workgroup maintains a set of tools that complement
community tools from University of Nebraska Omaha and commercial
tools from Black Duck and Wind River. See: To
learn more about SPDX and participate, please visit: 
About The Linux Foundation
 The Linux Foundation is a nonprofit
consortium dedicated to fostering the growth of Linux and
collaborative software development. Founded in 2000, the organization
sponsors the work of Linux creator Linus Torvalds and promotes,
protects and advances the Linux operating system and collaborative
software development by marshaling the resources of its members and
the open source community. The Linux Foundation provides a neutral
forum for collaboration and education by hosting Collaborative
Projects, Linux conferences, including LinuxCon, and generating
original research and content that advances the understanding of
Linux and collaborative software development. More information can be
found at  
Trademarks: The Linux Foundation, Linux Standard Base, MeeGo,
OpenDaylight, Tizen and Yocto Project are trademarks of The Linux
Foundation. OpenBEL is a trademark of OpenBEL Consortium. Linux is a
trademark of Linus Torvalds.  
Media Contact
Jennifer Cloer
The Linux Foundation
Press spacebar to pause and continue. Press esc to stop.