LinuxCon North America opens this week in Vancouver, with a centerpiece celebration of the 20th anniversary of Linux. The Linux Foundation’s Open Compliance Program celebrates a milestone, too: its one-year anniversary. To commemorate its accomplishments, the Linux Foundation is publishing a series of white papers focusing on SPDXTM, FOSSology, and the Open Compliance Program itself.
SPDX is a workgroup of The Linux Foundation and is associated with the FOSSBazaar community. The SPDX project has worked to develop a standard format for communicating a software bill of materials that conveys information identifying software packages, their licensing, and associated compliance information. The standard format will aid communication among partners in a supply chain, accurately describing what’s inside a software package at both the package and file levels. The new white paper, “A Common Software Package Data Exchange Format: 1.0 Release Update and Discussion,” is written by two leaders of the SPDX workgroup, Phil Odence of Black Duck Software, and Kate Stewart of Canonical, and describes progress in readying Version 1.0 of the SPDX spec for production use.
The FOSSology project is an open source compliance toolset that includes license and copyright scanning. Every file submitted to the system is saved in a file repository, scanned for licenses, copyrights and other data, with the results saved in a database. The database and file repository build a storehouse of information for future scans and data mining. Results are viewable with a web browser. Bob Gobeille of Hewlett Packard, the originator of the FOSSology project, has now written “The FOSSology Project: Update and Discussion” to review updates to FOSSology culminating in the current Version 1.4.1 of the toolset. Additions over the last year include file tagging, multiple file uploads from an ftp site, improved contributor scans (copyrights, emails, URLs), and a file comparison tool. Version 1.4.1 includes a simplified user interface, copyright report improvements, and much more.
Open Compliance Program
Finally, I’ve written a white paper reviewing the OCP’s accomplishments in the last year, “Open Compliance Program Marks Its One -Year Anniversary.” The OCP was established with the goal of boosting adoption of Linux and other FOSS by making license compliance ever-easier to achieve. Over the last year, we’ve set up four training classes on implementing compliance programs, published a compliance self-assessment checklist, authored many tutorial white papers, developed complementary compliance tools, and worked to extend resources to the compliance community. Check out the white paper for more details and access to the resources of the Open Compliance Program.
If you’re attending LinuxCon North America, LinuxCon Europe, or one of our other great LF conferences, be sure to say hello!
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 12/17/2020
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 12/17/2020
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 12/08/2020