THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Business Team/Adoption"

From SPDX Wiki
Jump to: navigation, search
(Metrics)
(Generation and Consumption of SPDX Documents)
Line 90: Line 90:
 
| Company
 
| Company
 
| Limited internal generation of SPDX documents.
 
| Limited internal generation of SPDX documents.
 +
|-
 +
|-
 +
| WInd River
 +
| Company
 +
| 100% SPDX doc generation - both hi-def (human expert) and low-def (automation); Free SPDX cloud generation: spdx.windriver.com; Format for Open Source Software (OSS) disclosure docs for Wind River Linux 5 distro (700+); Used in internal IP compliance review; ISV requested OSS disclosure format.
 
|-
 
|-
 
|}
 
|}

Revision as of 13:49, 12 September 2013

DRAFT AS OF 28 August 2013 Currently it is a draft until we formulate the plan at which time this sentence will be removed.


Adoption

This page is being used to track the adoption of SPDX.

We will track adoption in three key areas:

  • SPDX License List
  • Generating or consuming SPDX Documents
  • Using SPDX meta tags in software


License List

Overview

The license list is a key component for SPDX. The SPDX License List includes a standardized short identifier, full name for each license, vetted license text, other basic information, and a canonical permanent URL. By providing a short identifier, users can efficiently refer to a license without having to redundantly reproduce the full license. For more information on the License List see the SPDX web site.

Goals

We talked about one year goals. Should we have one and five?

  • [proposal] Tool adoption: 5 or more license management / open source tracking tools vendors utilize the SPDX license list
  • [proposal] Open Source Projects: 10 or more open source projects visibly utilize the SPDX license list in declaring licenses

Metrics

For groups use one of the following. You can use multiple groups for an entity.

  • Foundation (e.g. Linux Foundation, Free Software, Apache, Eclipse, etc).
  • Standards (e.g. OSI, W3C, etc).
  • Community (e.g. Community projects like Uboot, Kernel, Busy Box, GNU Compiler, etc).
  • Forge (e.g. Github, Sourceforge, etc).
  • Tools (e.g. open source community or company that has tools to generate or consume SPDX).
  • Company
License List Adoption Tracking
Entity Group Notes
Texas Instruments Company Using SPDX license identifiers on software BOMs delivered with products.


Generation and Consumption of SPDX Documents

Overview

The SPDX specification is centered on the SPDX document. Creation and consumption of SPDX documents is a key measure of success for the SPDX standardization efforts.

Goals

We talked about one year goals. Should we have one and five?

  • Proposal: At least one additional large open source organization provide SPDX documents by LinuxConn 2014

Metrics

How we will measure adoption of this.

  • Proposal: Number of participants in the SPDX document "plugfest".
  • Proposal: Number of consuming organizations piloting use of SPDX documents as part of their governance process.
  • Proposal: Number of consuming organizations announcing adoption of SPDX as part of their governance process.
  • Proposal: Number of producing organizations posting SPDX format documents on the web.
  • Proposal: Number of large (more than 100 members) open source organizations producing SPDX documents (e.g. Linux Kernel, Apache, Eclipse).

For groups use one of the following. You can use multiple groups for an entity.

  • Foundation (e.g. Linux Foundation, Free Software, Apache, Eclipse, etc).
  • Standards (e.g. OSI, W3C, etc).
  • Community (e.g. Community projects like Uboot, Kernel, Busy Box, GNU Compiler, etc).
  • Forge (e.g. Github, Sourceforge, etc).
  • Tools (e.g. open source community or company that has tools to generate or consume SPDX).
  • Company
SPDX Producer/Consumer Tracking
Entity Group Notes
Texas Instruments Company Limited internal generation of SPDX documents.
WInd River Company 100% SPDX doc generation - both hi-def (human expert) and low-def (automation); Free SPDX cloud generation: spdx.windriver.com; Format for Open Source Software (OSS) disclosure docs for Wind River Linux 5 distro (700+); Used in internal IP compliance review; ISV requested OSS disclosure format.


Use of META Tags

Overview

This is a new area. It focuses on using META tags in code to help in identification of licensing and possibly other SPDX information. The technical team is looking at writing this up. Currently the U-boot community has started using a field called SPDX-License-Identifier. You can see an example here: http://git.denx.de/?p=u-boot.git;a=blob;f=post/post.c;h=4af5355fa5a20f9c2e763f37b269bea38d43e8ea;hb=6612ab33956ae09c5ba2fde9c1540b519625ba37

Goals

We talked about one year goals. Should we have one and five?

  • Proposal: Publish guidelines and/or standards for meta tag inclusion by Linux Collab Summit 2014
  • Proposal: 5 or more open source projects utilize meta tags in their in development projects by end of year 2013

Metrics

For groups use one of the following. You can use multiple groups for an entity.

  • Foundation (e.g. Linux Foundation, Free Software, Apache, Eclipse, etc).
  • Standards (e.g. OSI, W3C, etc).
  • Community (e.g. Community projects like Uboot, Kernel, Busy Box, GNU Compiler, etc).
  • Forge (e.g. Github, Sourceforge, etc).
  • Tools (e.g. open source community or company that has tools to generate or consume SPDX).
  • Company
META Tags Tracking
Entity Group Notes
U-boot Community [1]Using SPDX-License-Identifier in place of a license header in source.