1 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) SPDX™ a Year Later - What's New in Data Exchange LinuxCon North America, August 18, 2011.

Slides:



Advertisements
Similar presentations
WDL Technical Architecture Working Group (TAWG) June 2010 Achievements and Recommendations Co-chaired by Noha Adly, Bibliotheca Alexandrina Babak Hamidzadeh,
Advertisements

Configuration management
Configuration management
The Engine Driving Business Management in Project Centric Environments MAGSOFT INTERNATIONAL LLC.
Open Source Applications Mikko Mustalampi DAP02S.
Requirements Specification
Metadata: An Introduction By Wendy Duff October 13, 2001 ECURE.
CWG2 on Tools, guidelines and procedures Licensing Adriana Telesca on behalf of the CWG2 December, 5 th 2014.
How Is Open Source Affecting Software Development? Je-Loon Yang.
Black Duck Offer for Open Health Tools Members Black Duck Software.
HOMEWORK PAGE STAND ALONE PROGRAMS FUNCTION ON THEIR OWN AND SOMETIMES CANNOT SHARE DATA WITH OTHER PROGRAMS. INTEGRATED SOFTWARE COMBINES.
Software Documentation Written By: Ian Sommerville Presentation By: Stephen Lopez-Couto.
Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.
WDK Driver Test Manager. Outline HCT and the history of driver testing Problems to solve Goals of the WDK Driver Test Manager (DTM) Automated Deployment.
Assuming Software Maintenance of a Large, Embedded Legacy System from the Original Developer by William L. Miller Lawerence B. Compton Bruce L. Woodmansee.
COMP 6005 An Introduction To Computing Session Two: Computer Software Acquiring Software.
#PhUSE Standard Scripts Project Proposal for Qualification of Standard Scripts.
COPYRIGHT © 2013 ALCATEL-LUCENT – ALL RIGHT RESERVED. October 2013 STANDARDIZING THE FOSS GOVERNANCE PROCESSES Michel Ruffin.
1 Effectively Managing Global Engineering Licenses Kimberley A. Dillman IT Solution Architect – Engineering Delphi Corporation
E-Invoicing & Legal Aspects RA42 Presentation Michael Uebber, LH SIS – Simplified Interline Settlement.
Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.
ArcGIS Workflow Manager An Introduction
Update on The Open Compliance Program Phil Koltun, Ph.D. Director, Open Compliance Program
CompuBase Data for CRM / PRM Integration How compuBase fits to an existing CRM / PRM system? Last review 25/03/2007.
Yuki Manabe*, Daniel M. German†,‡ and Katsuro Inoue†
Programs of the Intel Education Initiative are funded by the Intel Foundation and Intel Corporation. Copyright © 2007 Intel Corporation. All rights reserved.
IGEM Project Technology Name Presenter’s Information and Title Title of Industry Contacts and University Contacts.
Rational Unified Process Fundamentals Module 4: Disciplines II.
The Engine Driving Purchasing Management in Complex Environments MAGSOFT INTERNATIONAL LLC.
Copyright © IBM Corp., All rights reserved; made available under the EPL v1.0 | March 20, 2008 | Short Talk Standards based systems management: An.
Conditions and Terms of Use
DIFFERENCE BETWEEN ORCAD AND LABVIEW
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
Accelerating Development Using Open Source Software Black Duck Software Company Presentation.
MANAGEMENT RICHARD L. DAFT.
Copyright © 2008 OMAC. All rights reserved Packaging Automation Survey Summary Dave Bauman OMAC Technical Director.
Configuration Management (CM)
Yii is “yes it is” from this we can know that surely it would be a highly needed technology for website developers for its high performance. It is suitable.
Meet and Confer Rule 26(f) of the Federal Rules of Civil Procedure states that “parties must confer as soon as practicable - and in any event at least.
AIA RFID Data Exchange Guideline Status AIA / Electronics Enterprise Integration Committee May 10, 2005.
How to Publish Your Code on COIN-OR Bob Fourer Industrial Engineering & Management Sciences Northwestern University COIN Strategic Leadership Board.
1 SPDX - Tools  Objectives:  Reduce the effort of creating, consuming and validating SPDX Documents  Provide a translation from the technical document.
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
© 2002 IBM Corporation Confidential | Date | Other Information, if necessary June, 2011 Made available under the Eclipse Public License v Mobile.
Standard Scripts - Project 2 Proposal for Qualification July 2014 Project 2 Update.
1 Lecture #1: PD - Ch 1. Introduction Ref: Product Design and Development by Karl T. Ulrich and Steven D. Eppinger, McGRAW-Hill
Software Licences HSF Recommendations John Harvey / CERN 24 June 2015
1 Developed by U.S. Environmental Protection Agency (U.S. EPA) January 2014 Setting up a Sustainable National GHG Inventory Management System.
DevelopersCommitters Users I’m getting the following exception…. Anybody have any clue why??? +1, I like that idea… Source & Binary Code Repository Bug.
 Programming - the process of creating computer programs.
Don’t Duck Metadata March 2005 Introducing Setting Up a Clearinghouse Node Topic: Introduction to Setting Up a Clearinghouse Node Objective: By.
The Obermeier Software OPC-SNMP Enterprise Agent 3.0 Obermeier Software SNMP OPC Gateway Features and The S4 Group, Inc. Services Presented by Steve Jones.
1 © 2014 Samsung Electronics Co. Open Source Group – Silicon Valley Ibrahim Haddad, Ph.D. Head of Open Source Innovation Group Samsung Research America.
03/01/12Centre For Development Of Advanced Computing Chennai 1 OPEN SOURCE COMPLIANCE PROGRAM.
Centre for Development of Advanced Computing Chennai 103/1/12 Open Source Compliance Program Vidhyalakshmi A CDAC chennai
Centre For Development Of Advanced Computing Chennai 1 OPEN SOURCE COMPLIANCE PROGRAM.
Agenda:- DevOps Tools Chef Jenkins Puppet Apache Ant Apache Maven Logstash Docker New Relic Gradle Git.
Proposal for ONAP Development Best Practices Gildas Lanilis – ONAP Release Manager June 23 , 2017.
SW360 Component Management
OpenChain Meeting 2/3/15.
Proposed IT Infrastructure for TOP OS project
Open-O Project Proposal Template
SPDX® SOFTWARE PACKAGE DATA EXCHANGE®
Software Documentation
Automation in an XML Authoring Environment
The Obermeier Software SNMP OPC Server 3.0
Standard Scripts Project 2
Standard Scripts Project 2
Standard Scripts Project 2
Presentation transcript:

1 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) SPDX™ a Year Later - What's New in Data Exchange LinuxCon North America, August 18, 2011 Phil Odence, Black Duck Software Esteban Rockett, Motorola Mobility

2 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Software Package Data Exchange® (SPDX™)  A standard format for communicating the components, licenses and copyrights associated with a software package.  Key pillar in Linux Foundation’s Open Compliance Program which comprises:  Tools, Self-Assessment, SPDX, Rapid Alert System, Training, Community

3 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Kudos!  SPDX is a crucial building block in an industry-wide system of automated license compliance administration…will ultimately help to realize large cost savings for all parties.- Eben Moglen, Software Freedom Law Center Executive Director  SPDX will help shine a light on Free and Open Source Software licensing.- Tom “spot” Callaway, Fedora Engineering Manager.  This represents the next step of industry-wide due diligence.- Phil Robb, HP Dir. OSPO  SPDX…helping to simplify and standardize references to software licenses.- Michael Tiemann, OSI President  SPDX is a great resource.- Jack Manbeck, TI Mgr OSRB

4 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Software Today YOUR COMPANY – TOOLS, PROCESSES Your Application Open Source Software Internally Developed Code Outsourced Code Development Code Obligations Commercial 3 rd - Party Code Diagram Source: Black Duck Software

5 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] The Need software in Our suppliers aren’t giving us complete licensing information for open source packages. Every customer wants a bill of materials in a different form. I don’t mind vetting our code, but I’m sure this imported package has been analyzed a dozen times before. We need a standardized, adopted format for a software Bill of Materials software out

6 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] SPDX™ Group  A working group of Linux Foundation  Goal  To create a defined format for a file of license fact information describing a software package  History  A grass roots effort started by corporate counsels, business leads, and release managers responsible for ensuring release compliance with applicable licenses of FOSS included in the release  Operation  Open participation through

7 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Participants Systems OS Distributions Applications Integration & Services Device OEMs End-Users Semiconductor Vendors Open Source Organizations …and others Participation is from a range of organizations and across various roles

8 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Primordial Soup History & Status Q1 10 “SPDX” group constituted Q3 10 Introduced to LF along with OCP Q2 11 Beta release of spec and tools Q3 11 Version 1.0 release Q4 11 V 1.1 target

9 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0]  Pairs of supply chain partners  Exchanging docs  Testing Tools  Support Teams  Group feedback Beta Translate View SPDX doc

10 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] The SPDX™ File Package identification, copyright and licensing Text of licenses that are not in SPDX™ standard list SPDX Version and Licensing Log of 3 rd party reviews File is in RDF/XML or Tag Value form; can be converted to spreadsheet and other formats. Document Information Creation Information Package Information File Information Licensing Information Review Information How and when created File by file identification, copyright and licensing

11 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Package Information  Identification  Formal Name of Package ( Full name given by originator and version information)  Package File Name ( Name package obtained under (.tar,.rpm, etc.))  Unique ID (to unambiguously map file to a package)  Package Download Location (download URL)  Package Supplier and Originator  Licensing for Package  Declared License- License that has been asserted for the package  Concluded License- License that Creator has concluded  List of file licenses  Copyright Text  Description of Package (optional)

12 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] File Information  File Name  File Type (source, binary, archive)  File CheckSum  Concluded License (license determined by SPDX file creator)  License Text in File  Copyright Text  Artifact of Project Name (from which project it came)

13 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Other Licensing Information  NOTES:  This section is for licenses not on the standard list.  Aim for ~90% coverage with standard short forms NOT exhaustive  Background:  Black Duck identifies >2000 licenses in use  ~20 licenses responsible for nearly all licensed open source projects   OSI currently recognizes 67 licenses as “open source”   Identifier Assigned (short form)  Extracted Text

14 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Review  Reviewer  Review Date  Review Comment  Multiple Reviews

15 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] The SPDX™ List of “Standard Licenses” SPDX™ license repo List of most common licenses (100+) Include common exceptions Guidelines for matching Standardized license names (OSI adopted) Exact text of licenses Available on SPDX™ website – URLs won’t change

16 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Tools for SPDX™  Open Source Tools (hosted on SPDX Git Repo)  Viewer  Spreadsheet to RDF xlator  RDF to Spreadsheet  License file generator (from Spreadsheet)  Spreadsheet template  Commercial Tools  Scanning tools output SPDX™

17 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Working Group Structure  Teleconferences  Website Wikis  Mailing Lists General Meeting Tech Team Tech Team Business Team Legal Team Legal Team

18 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Working Group Operation  The working group runs similarly to an open source project without centralized constitution or bylaws  Intellectual property contributed by participants members is covered under the Creative Commons license (CC-BY-3.0)  Very inclusive process  Self-subscription  Those willing to “do” can influence 

19 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Getting involved…  See:   #spdx on Freenode IRC  Contact:  Phil Odence (co-chair) -  Esteban Rockett (co-chair) –

20 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Where Next?  Technical  1.1 Clean Up  Hierarchy/Nested SPDX Docs  Business  Drive Adoption  Supporting Materials  License List Process  Legal  License Templates  Protection of Data  Proprietary Licenses

21 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) QUESTIONS? Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.