Software Package Data Exchange
SPDX (Software Package Data Exchange[1]) is a file format used to document information on the software licenses under which a given piece of computer software is distributed. SPDX is authored by the SPDX Working Group, which represents more than twenty different organizations, under the auspices of the Linux Foundation.[2]
SPDX attempts to standardize the way in which organizations publish their metadata on software licenses and components in bills of material.[3]
SPDX describes the exact terms under which a piece of software is licensed. It does not attempt to categorize licenses by type, for instance by describing licenses with similar terms to the BSD License as "BSD-like".[1]
The current version of the standard is 2.0. Version 2.1 is being developed.
Licence syntax
Each license is identified by a full name, such as "Mozilla Public License 2.0" and a short identifier, here "MPL-2.0". Licenses can be combined by operators AND and OR.
For example, (LGPL-2.1 OR MIT) means that you can choose between LGPL-2.1 (GNU Lesser General Public License v2.1 only ) or MIT (MIT license).
On the other hand, (LGPL-2.1 AND MIT) means that both licenses apply.
There is also a "+" operator, when applied to a license, means that future versions of the license apply. For example, GPL-2.0+ means that GPL-2.0 and GPL-3.0 may apply (and future versions if any).
See also
References
- 1 2 Odence, Phil (2010-06-23). "The Software Package Data Exchange (SPDX) Format". Dr Dobb's. Retrieved 2012-08-31.
- ↑ Stewart, Kate; Odence, Phil; Rockett, Esteban. "Software Package Data Exchange (SPDX™) Specification". International Free and Open Source Software Law Review. 2 (2). doi:10.5033/ifosslr.v2i2.45.
- ↑ Vaughan-Nichols, Steven (August 10, 2010). "Linux Foundation launches major open-source license compliance program". Computerworld. Retrieved 2012-08-31.
External links
- Official website
- Linux Foundation Open Compliance Program home page
- Nathan Willis: A SPDX case study LWN.net
- Free SPDX document generator cloud service