SPDX and LF's Open Compliance Program

The SPDX Group is incredibly pleased to have the specification adopted as one of the key elements of the Linux Foundation’s Open Compliance Program. The Foundation has been supportive from the outset, but this is a huge step beyond. It was at LinuxCon in the fall of 2009 that I first met Kate Stewart chirping about for other birds of her feather, folks who shared the pain and were up for tackling the industry problem of exchanging package data. A number of us expressed interest, but it was Jim Zemlin and the Linux Foundation that gave the effort the home it needed as part of FOSSBazaar.

This week the Linux Foundation announces the Open Compliance Program. The inclusion of SPDX is an incredible vote of support for our work. At the same time we are proud to know that the program too benefits greatly from incorporating a standard for which there is so clearly a need. I’ve always been a trusting soul believing that by and large companies want to follow the rules. But it’s hard to do the right thing when the right thing is so hard to do. The Open Compliance Program makes it easier for everyone to do follow the rules and SPDX in particular deals with some of the gnarliest issues around license compliance.

Our original goal was to have a spec ready for public consumption in Q4 of this year. The adoption of SPDX into the compliance program put the pressure on to have something in place by this week. The team did an incredible job shifting into high gear to produce a very solid beta release of the specification. There remains plenty of work to do before V1.0 is ready for prime time in the fall. We are eager for feedback and encourage anyone involved with managing open source licensing information to look it over and give it a try. If you want to roll up your sleeves up and participate, just create and account and start exploring the Participation section. “Given enough eyeballs…” as they say.