Blogs

The SPDX Group is incredibly pleased to have the specification adopted as one of the key elements of the Linux Foundation’s Open Compliance Program. The Foundation has been supportive from the outset, but this is a huge step beyond. It was at LinuxCon in the fall of 2009 that I first met Kate Stewart chirping about for other birds of her feather, folks who shared the pain and were up for tackling the industry problem of exchanging package data. A number of us expressed interest, but it was Jim Zemlin and the Linux Foundation that gave the effort the home it needed as part of FOSSBazaar.

Contributor Agreements, also known as Contributor License Agreements (CLA), are increasingly being adopted by open source projects. This article explains the purpose of these Contributor Agreements.

When a contribution is made to an open source project, there is an implicit assumption (and sometimes explicit consent) that the contribution (code, translation, artwork, etc) may be incorporated into the project and distributed under the license the project is using. However, many conditions of the contribution are not explicitly called out. The purpose of Contributor Agreements is to make the terms under which contributions are made explicit, thereby protecting the project, the users of the software and often also the contributors.

I still find it inspirational that meeting each other at conferences and watering holes can spark off whole new lines of thought.
The Transfer Summit was a great example of this - professional but relaxed in an evocative setting that allowed hackers/developers, journalists, business and acadaemia to interact with a real level of informality. Getting together not only to exchange information but to challenge orthodoxy and generate ideas - and was well attended by luminaries from Red Hat (Phil Andrews) Simon Phipps and our own Stormy Peters, Andrew Back and Martin Michlmayr (and no, he doesn't always wear that baseball shirt with the blue sleeves.)

These days I am receiving quite a number of mails that ask the same question: If a FOSS project is sponsored by only one company or entity, do you think it's a healthy project?

In order to answer this question, we need to define some terms first. Let's start by the term "sponsor". By sponsor we mean an entity (company, NGO, Government) that provides certain types of resources. We can think of resources as roughly falling into three categories: infrastructure (website, tools, etc.), contributors (developers, engineers) and funding. Of course by providing infrastructure and contributors, the sponsor provides funding indirectly as well. But if we break the notion of sponsoring into these three different kinds of resources investment and sharing, we can already see that the answer is not as straightforward as it may have seem at first sight.

Open source is everywhere today and there is growing awareness that companies have to meet certain obligations when distributing open source software. Here are some useful resources to learn more about open source compliance.