The Linux Foundation has a truly altruistic stance and openly states that its remit is to serve as a neutral spokesperson for Linux and to “generate original research and content” that advances the understanding of the Linux platform.
As such, the foundation sponsors a number of working groups who are each tasked with specific goals and directives.
One of these groups is SPDX, which this week announced the release of version 1.0 of its Software Package Data Exchange (SPDX) standard.
The SPDX standard has been laid down to help facilitate compliance with free and open source software licenses by standardising the way license information is shared across the software supply chain.
The foundation has said that SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance.
“The SPDX 1.0 standard is an example of how open compliance and collaboration can enable the advancement of Linux and open source software,” said Jim Zemlin, executive director of The Linux Foundation.
“We applaud the SPDX workgroup for its important work on providing a consistent way to report and view license information for software technology components, making it even easier for companies to maximise their investments in free and open source software,” he added.
The foundation explains that most technology products today are assembled from multiple components that contain free and open source software – so this licensing initiative is hoped to ease the pressures brought on by the complexity of the “global software supply chain”.