Version 1.2 improves interoperability and is being adopted by U-Boot project
EDINBURGH – LinuxCon and CloudOpen – October 22, 2013 – The SPDX® workgroup, hosted by The Linux Foundation, today announced the release of version 1.2 of its Software Package Data Exchange (SPDX®) standard, which includes new features and is being adopted by U-Boot, a popular open source boot loader for embedded devices.
The new release addresses issues identified during interoperability testing. The SPDX workgroup held a “bake off,” or interoperability testing session, during the 2013 Linux Foundation Collaboration Summit in April, comparing the output of several tools as well as some manually generated SPDX documents. The extensive analysis uncovered opportunities for further clarity in the spec. SPDX Version 1.2 and its updated guidelines address these opportunities and ensure more consistency in SPDX documents.
“The interoperability testing we did at the Collaboration Summit was very valuable in checking the spec in use by a diverse group of users,” said SPDX Technical Team Lead, Kate Stewart, one of the founders of SPDX. “Version 1.2 is a great step forward in achieving consistency across SPDX tools, which is key to adoption.”
The SPDX workgroup is also announcing that U-Boot, a popular open source boot loader for embedded devices, is using SPDX license names as its standard for specifying licensing in files. This kind of adoption by open source projects greatly simplifies the creation of SPDX documents and reduces cost of compliance across the software supply chain.
“SPDX license identifiers enable us to unambiguously capture all license information in a single line,” says U-Boot creator Wolfgang Denk. “This avoids a variety of problems for us including bloated source code, breakdown of automated processing due to variations in the way licenses are specified, and difficulty in generating License Clearing Reports. At the same time this makes U-Boot easier to maintain and for organizations using SPDX to adopt.”
New features in SPDX 1.2 include:
- A field to specify license list version and one to describe file dependencies
- More flexibility in locally naming non-standard licenses
- Clarity with respect to case sensitivity for existing fields
- Fields to document notices, project homepage and author credits
- The ability to identify and map standard license headers
SPDX version 2.0 is expected in 2014 and will support hierarchy.
“With its latest release, the SPDX workgroup continues to improve the process for license compliance across multiple industries where Linux and open source software are dominant,” said Jim Zemlin, executive director at The Linux Foundation. “Investments in this area are important for increasing Linux and open source adoption, and we are happy to see these community contributions to SPDX.”
SPDX is developed with participation by a wide range of industry and open source community heavyweights, including: Alcatel-Lucent, Antelink, Black Duck Software, Cisco, HP, Linaro, Micro Focus, nexB, OpenLogic, Palamida, Protecode, Source Auditor, Texas Instruments, University of Nebraska Omaha, University of Victoria, and Wind River.
Currently the workgroup maintains a set of tools that complement community tools from University of Nebraska Omaha and commercial tools from Black Duck and Wind River. See: http://spdx.org/tools. To learn more about SPDX and participate, please visit: http://spdx.org
About The Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system and collaborative software development by marshaling the resources of its members and the open source community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Collaborative Projects, Linux conferences, including LinuxCon, and generating original research and content that advances the understanding of Linux and collaborative software development. More information can be found at www.linuxfoundation.org.
Trademarks: The Linux Foundation, Linux Standard Base, MeeGo, OpenDaylight, Tizen and Yocto Project are trademarks of The Linux Foundation. OpenBEL is a trademark of OpenBEL Consortium. Linux is a trademark of Linus Torvalds.
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 12/17/2020
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 12/17/2020
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 12/08/2020