We'd like to change that, ensure that licensing terms are not a burden to explain. Some developers use a web page, others Maven and mature projects include source code headers. Yet, we need a consistency, we need a way to check and revise if the licensing attributions are correct or not. The SPDX document from the Linux Foundation helps to make this possible. Anyone with a text editor can double-check which licensing terms are applicable, where the third party resources come from and solve the exposed issues.

The Linux Foundation promotes a document format for exchanging open source licensing information. It is called SPDX. The basic principle is that you should be able of describing the applicable license terms for your software, for the libraries that you are using and give the licensing details that are needed for sharing your work. In return, people receiving your software can either read for themselves what licenses are applicable or use tools that help get this sorted across thousands of files.

It is not a complicated document to understand, it is a plain text file. On our talk we discuss the specific cases where SPDX documents make a difference to bring transparency and the techniques/tools that are used for creating them. We cover cases of mixing multiple libraries and what you should take into attention when placing these libraries inside your own software.

This is an intense lecture, bring a camera to take quick pics of the slides that you find interesting and a laptop to test your licensing investigation skills right there in the class room.