workshop: Using SPDX to discover the licenses in your code
Learning to report open source licenses with SPDX
On this talk we'll explain what is SPDX from the Linux Foundation and how it can be used for discovering and indexing the open source licenses inside your code.
SPDX stands for "Standard Package Data Exchange". This is a format proposed by the Linux Foundation to ease the way different tools communicate licenses with each other.
In practice, it is a text (or XML) document that keeps a list of all files inside a directory and allows to specify properties such as:
- Licenses declared inside the file
- Copyright assignments
- SHA1 signature of the file
- Other relevant details
Despite its usefulness as licensing information format, it is not as known as it should. The result is that we lack a uniform manner of expressing licensing information between different people and tools, causing confusion (or simply lack of better licensing details).
Some months ago we decided to take SPDX into practice and developed our own desktop tooling (released as Free Software under EUPL) to create and read these documents with ease.
During our talk we'll present SPDX, give a summary of the key values that are interesting to keep in mind and give a demonstration of the tool in action.
Bring your laptop, suggest practical cases and we'll have a good session for questions and answers.
Start time: 14:00
Room: Workshop (C115)
- RedFrogConf (C118)
- A revolutionary idea: why not use a job queue system for your job queue?
- Programmierung mit LaTeX...
- Open Source Backup
- VlizedLab - Eine Open Source-Virtualisierungslösung für PC-Räume
- HS6 (PHP)
- Full Throttle Refactoring
- Python (C120)
- HeimAutomatisierung mit Python und RaspberryPi