Brussels / 1 & 2 February 2014


Licensing and Packaging FOSS with SPDX

Learning to combine and distribute software with open source licenses

As developers of open source and free software, we share our code freely, we make a positive change on this world. However, too often great pieces of open source software are declined for integration inside amazing projects. Aren't they good enough? From a technical perspective, yes. But when you don't express clearly which licenses and third-party resources were used (images, libraries, code) then these "unknown libraries" become too much a risk to bear.

Are we doing the right things in regards to licensing? Come and join our talk to find out.

We'd like to change that, ensure that licensing terms are not a burden to explain. Some developers use a web page, others Maven and mature projects include source code headers. Yet, we need a consistency, we need a way to check and revise if the licensing attributions are correct or not. The SPDX document from the Linux Foundation helps to make this possible. Anyone with a text editor can double-check which licensing terms are applicable, where the third party resources come from and solve the exposed issues.

The Linux Foundation promotes a document format for exchanging open source licensing information. It is called SPDX. The basic principle is that you should be able of describing the applicable license terms for your software, for the libraries that you are using and give the licensing details that are needed for sharing your work. In return, people receiving your software can either read for themselves what licenses are applicable or use tools that help get this sorted across thousands of files.

It is not a complicated document to understand, it is a plain text file. On our talk we discuss the specific cases where SPDX documents make a difference to bring transparency and the techniques/tools that are used for creating them. We cover cases of mixing multiple libraries and what you should take into attention when placing these libraries inside your own software.

This is an intense lecture, bring a camera to take quick pics of the slides that you find interesting and a laptop to test your licensing investigation skills right there in the class room.


Nuno Brito