Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) SPDX™ a Year Later - What's New in Data Exchange LinuxCon North America, August 18, 2011.

Published byBrenda Webster Modified over 9 years ago

Similar presentations

Presentation on theme: "1 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) SPDX™ a Year Later - What's New in Data Exchange LinuxCon North America, August 18, 2011."— Presentation transcript:

1 1 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) SPDX™ a Year Later - What's New in Data Exchange LinuxCon North America, August 18, 2011 Phil Odence, Black Duck Software Esteban Rockett, Motorola Mobility

2 2 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Software Package Data Exchange® (SPDX™)  A standard format for communicating the components, licenses and copyrights associated with a software package.  Key pillar in Linux Foundation’s Open Compliance Program which comprises:  Tools, Self-Assessment, SPDX, Rapid Alert System, Training, Community

3 3 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Kudos!  SPDX is a crucial building block in an industry-wide system of automated license compliance administration…will ultimately help to realize large cost savings for all parties.- Eben Moglen, Software Freedom Law Center Executive Director  SPDX will help shine a light on Free and Open Source Software licensing.- Tom “spot” Callaway, Fedora Engineering Manager.  This represents the next step of industry-wide due diligence.- Phil Robb, HP Dir. OSPO  SPDX…helping to simplify and standardize references to software licenses.- Michael Tiemann, OSI President  SPDX is a great resource.- Jack Manbeck, TI Mgr OSRB

4 4 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Software Today YOUR COMPANY – TOOLS, PROCESSES Your Application Open Source Software Internally Developed Code Outsourced Code Development Code Obligations Commercial 3 rd - Party Code Diagram Source: Black Duck Software

5 5 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] The Need software in Our suppliers aren’t giving us complete licensing information for open source packages. Every customer wants a bill of materials in a different form. I don’t mind vetting our code, but I’m sure this imported package has been analyzed a dozen times before. We need a standardized, adopted format for a software Bill of Materials software out

6 6 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] SPDX™ Group  A working group of Linux Foundation  Goal  To create a defined format for a file of license fact information describing a software package  History  A grass roots effort started by corporate counsels, business leads, and release managers responsible for ensuring release compliance with applicable licenses of FOSS included in the release  Operation  Open participation through www.spdx.org

7 7 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Participants Systems OS Distributions Applications Integration & Services Device OEMs End-Users Semiconductor Vendors Open Source Organizations …and others Participation is from a range of organizations and across various roles

8 8 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Primordial Soup History & Status Q1 10 “SPDX” group constituted Q3 10 Introduced to LF along with OCP Q2 11 Beta release of spec and tools Q3 11 Version 1.0 release Q4 11 V 1.1 target

9 9 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0]  Pairs of supply chain partners  Exchanging docs  Testing Tools  Support Teams  Group feedback Beta Translate View SPDX doc

10 10 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] The SPDX™ File Package identification, copyright and licensing Text of licenses that are not in SPDX™ standard list SPDX Version and Licensing Log of 3 rd party reviews File is in RDF/XML or Tag Value form; can be converted to spreadsheet and other formats. Document Information Creation Information Package Information File Information Licensing Information Review Information How and when created File by file identification, copyright and licensing

11 11 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Package Information  Identification  Formal Name of Package ( Full name given by originator and version information)  Package File Name ( Name package obtained under (.tar,.rpm, etc.))  Unique ID (to unambiguously map file to a package)  Package Download Location (download URL)  Package Supplier and Originator  Licensing for Package  Declared License- License that has been asserted for the package  Concluded License- License that Creator has concluded  List of file licenses  Copyright Text  Description of Package (optional)

12 12 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] File Information  File Name  File Type (source, binary, archive)  File CheckSum  Concluded License (license determined by SPDX file creator)  License Text in File  Copyright Text  Artifact of Project Name (from which project it came)

13 13 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Other Licensing Information  NOTES:  This section is for licenses not on the standard list.  Aim for ~90% coverage with standard short forms NOT exhaustive  Background:  Black Duck identifies >2000 licenses in use  ~20 licenses responsible for nearly all licensed open source projects  http://www.blackducksoftware.com/oss/licenses#top20 http://www.blackducksoftware.com/oss/licenses#top20  OSI currently recognizes 67 licenses as “open source”  http://www.opensource.org/licenses http://www.opensource.org/licenses  Identifier Assigned (short form)  Extracted Text

14 14 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Review  Reviewer  Review Date  Review Comment  Multiple Reviews

15 15 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] The SPDX™ List of “Standard Licenses” SPDX™ license repo List of most common licenses (100+) Include common exceptions Guidelines for matching Standardized license names (OSI adopted) Exact text of licenses Available on SPDX™ website – URLs won’t change

16 16 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Tools for SPDX™  Open Source Tools (hosted on SPDX Git Repo)  Viewer  Spreadsheet to RDF xlator  RDF to Spreadsheet  License file generator (from Spreadsheet)  Spreadsheet template  Commercial Tools  Scanning tools output SPDX™

17 17 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Working Group Structure  Teleconferences  Website Wikis  Mailing Lists General Meeting Tech Team Tech Team Business Team Legal Team Legal Team

18 18 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Working Group Operation  The working group runs similarly to an open source project without centralized constitution or bylaws  Intellectual property contributed by participants members is covered under the Creative Commons license (CC-BY-3.0)  Very inclusive process  Self-subscription  Those willing to “do” can influence  http://spdx.org

19 19 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Getting involved…  See:  http://www.spdx.org http://www.spdx.org  #spdx on Freenode IRC  Contact:  Phil Odence (co-chair) - podence@blackducksoftware.com podence@blackducksoftware.com  Esteban Rockett (co-chair) – rockett@motorola.comrockett@motorola.com

20 20 Copyright Linux Foundation 2011 (CC-BY-3.0)V2.4 [spec v1.0] Where Next?  Technical  1.1 Clean Up  Hierarchy/Nested SPDX Docs  Business  Drive Adoption  Supporting Materials  License List Process  Legal  License Templates  Protection of Data  Proprietary Licenses

21 21 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) QUESTIONS? Thank you!

Download ppt "1 V2.4 [spec v1.0]Copyright Linux Foundation 2011 (CC-BY-3.0) SPDX™ a Year Later - What's New in Data Exchange LinuxCon North America, August 18, 2011."

Similar presentations

WDL Technical Architecture Working Group (TAWG) June 2010 Achievements and Recommendations Co-chaired by Noha Adly, Bibliotheca Alexandrina Babak Hamidzadeh,

WDL Technical Architecture Working Group (TAWG) June 2010 Achievements and Recommendations Co-chaired by Noha Adly, Bibliotheca Alexandrina Babak Hamidzadeh,
Configuration management

Configuration management
Configuration management

Configuration management
The Engine Driving Business Management in Project Centric Environments MAGSOFT INTERNATIONAL LLC.

The Engine Driving Business Management in Project Centric Environments MAGSOFT INTERNATIONAL LLC.
Open Source Applications Mikko Mustalampi DAP02S.

Open Source Applications Mikko Mustalampi DAP02S.
Requirements Specification

Requirements Specification
Metadata: An Introduction By Wendy Duff October 13, 2001 ECURE.

Metadata: An Introduction By Wendy Duff October 13, 2001 ECURE.
CWG2 on Tools, guidelines and procedures Licensing Adriana Telesca on behalf of the CWG2 December, 5 th 2014.

CWG2 on Tools, guidelines and procedures Licensing Adriana Telesca on behalf of the CWG2 December, 5 th 2014.
How Is Open Source Affecting Software Development? Je-Loon Yang.

How Is Open Source Affecting Software Development? Je-Loon Yang.
Black Duck Offer for Open Health Tools Members Black Duck Software.

Black Duck Offer for Open Health Tools Members Black Duck Software.
HOMEWORK PAGE 72 - 73. 1.STAND ALONE PROGRAMS FUNCTION ON THEIR OWN AND SOMETIMES CANNOT SHARE DATA WITH OTHER PROGRAMS. INTEGRATED SOFTWARE COMBINES.

HOMEWORK PAGE STAND ALONE PROGRAMS FUNCTION ON THEIR OWN AND SOMETIMES CANNOT SHARE DATA WITH OTHER PROGRAMS. INTEGRATED SOFTWARE COMBINES.
Software Documentation Written By: Ian Sommerville Presentation By: Stephen Lopez-Couto.

Software Documentation Written By: Ian Sommerville Presentation By: Stephen Lopez-Couto.
Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.

Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.
WDK Driver Test Manager. Outline HCT and the history of driver testing Problems to solve Goals of the WDK Driver Test Manager (DTM) Automated Deployment.

WDK Driver Test Manager. Outline HCT and the history of driver testing Problems to solve Goals of the WDK Driver Test Manager (DTM) Automated Deployment.
Assuming Software Maintenance of a Large, Embedded Legacy System from the Original Developer by William L. Miller Lawerence B. Compton Bruce L. Woodmansee.

Assuming Software Maintenance of a Large, Embedded Legacy System from the Original Developer by William L. Miller Lawerence B. Compton Bruce L. Woodmansee.
COMP 6005 An Introduction To Computing Session Two: Computer Software Acquiring Software.

COMP 6005 An Introduction To Computing Session Two: Computer Software Acquiring Software.
#PhUSE Standard Scripts Project 2 2014 - Proposal for Qualification of Standard Scripts.

#PhUSE Standard Scripts Project Proposal for Qualification of Standard Scripts.
COPYRIGHT © 2013 ALCATEL-LUCENT – ALL RIGHT RESERVED. October 2013 STANDARDIZING THE FOSS GOVERNANCE PROCESSES Michel Ruffin.

COPYRIGHT © 2013 ALCATEL-LUCENT – ALL RIGHT RESERVED. October 2013 STANDARDIZING THE FOSS GOVERNANCE PROCESSES Michel Ruffin.
1 Effectively Managing Global Engineering Licenses Kimberley A. Dillman IT Solution Architect – Engineering Delphi Corporation

1 Effectively Managing Global Engineering Licenses Kimberley A. Dillman IT Solution Architect – Engineering Delphi Corporation
E-Invoicing & Legal Aspects RA42 Presentation Michael Uebber, LH SIS – Simplified Interline Settlement.

E-Invoicing & Legal Aspects RA42 Presentation Michael Uebber, LH SIS – Simplified Interline Settlement.

Similar presentations

Ads by Google