Welcome to the 2021 SPDX Google Summer of Code Project Page
See the proposal template if you are interested in submitting a Google Summer of Code proposal.
Should you have questions please do not hesitate to contact one of the mentors directly.
- 1 What is SPDX ?
- 2 Why choose an SPDX Project?
- 3 Getting Involved
- 4 Proposed 2021 Projects
- 4.1 SPDX Workgroup Tooling Projects
- 4.2 SPDX Specification Projects
What is SPDX ?
First and foremost we are a community dedicated to solving the issues and problems around Open Source licensing and compliance. The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of who have been involved with license compliance and identification for years.
As part of this effort we have developed a set of collateral that can be used:
- License List and Short Identifiers
- SPDX Specification for generating SPDX Documents in multiple formats
- A set of basic tools for working with SPDX Documents
- License Identifiers in source
Why choose an SPDX Project?
Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort.
Beyond working with your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list and on gitter (see resources). There is however a weekly call you could join as well. .
Proposed 2021 Projects
Mentors: please fill out the following template for any projects you wish to propose.
=== Project Name === add overview of project here ====Skills Needed==== what skills should the student have to do the coding exercises ====Background Information==== context for the project and references to be studied ====Available Mentors==== list individuals who are willing to mentor and provide information about the project proposal.
(The projects from 2019 can be found on the 2019 Google Summer of Code projects page for SPDX ).
SPDX Workgroup Tooling Projects
These projects are aimed at contributing to the SPDX tools to help reduce the effort to create SPDX documents and increase the accuracy of them.
Generate RDF/OWL/XML from Structured Markdown
Convert a consistently structured Markdown file into a Web Ontology Language XML document. Changes to an existing Markdown file should update the OWL document. The Markdown will have a well defined structure to allow for translation of the text in Markdown to the elements and attributes of the RDF/OWL XML file. The conversion will also validate that the Markdown follows the required specification. The conversion would be run as part of a Github action for the SPDX specification.
- Skills in writing parsing algorithms (e.g. working with Abstract Syntax Tree)
- Knowledge of RDF/OWL/XML formats
- Knowledge of Markdown syntax
The SPDX tech team works very collaboratively on the specification updates using markdown pages in Github as the primary documentation for the specification. RDF/OWL is used as the primary technical specification for the object model including relationships, cardinality, class structure, and other restrictions. There is a lot of overlap between the information in the Markdown and the information in the OWL document. To improve the quality and productivity of the specification work, the SPDX technical team has decided to add tooling for verification of the Markdown and conversion of any common information to the OWL document.
Below are some additional resources for this project:
- RDF OWL parsing notes from the W3C
- Github flavored Markdown
- Results of process discussion
- Analysis of RDF/OWL fields relative to Markdown (work in progress)
- Current RDF/OWL document for SPDX spec
- Markdown for version 3.0 - subject to change as we specify the markdown constraints for this project
SPDX Specification Projects
The following projects contribute directly to the creation or validation of the SPDX 2.1 specification.
SPDX Specification Views for legal counsels and developers
The proposal is to see if it possible to deduct large SPDX documents into a small subset SPDX document providing a specific reduced "views" on larger data.
- Understanding of compliance needs of legal counsels and developers so we can remove friction to adopt SPDX
SPDX documents commonly contain 100s, if not 1000s of entries making it hard for a human to make manual corrections or draw conclusions. No scanner can provide 100% complete data human corrections are usual needed. The aim from this proposal is twofold: 1. Enable developers with a "code view" of tool-generated SPDX document close to the code they work on to enable them to make corrections to the SPDX data. For instance amend SPDX package tag values or model package dependencies not detected by used scanner. 2. Provide legal counsels with a "package and limited file view" to enable legal conclusions
ClearlyDefined exporting and importing SPDX documents
The goal of this GSoC project would be to add support in the ClearlyDefined project to export curated data into SPDX 2.2 documents. Once that is accomplished, being able to import SPDX documents into the curated database would be the next step.
- Experience with JSON and YAML (XML a plus)
- Ability to interpret and implement the SPDX specification and related ClearlyDefined community documentation
- Ability to work with the community in integrating results with other projects
- Willingness to learn about open source licensing and related technical matters
Export a ClearlyDefined workspace as a SPDX document:
- user to navigate to https://clearlydefined.io/workspace
- Add one or more components to the workspace through any of the existing means,
- then click Share, and then slick SPDX (choice of 2.2 supported output formats).
which would result in an SPDX document is exported containing all of the components that were in the workspace. Note: If there is mandatory information required by SPDX that ClearlyDefined does not have we will need to determine how to accommodate that.
To populate a workspace from a SPDX document:
- user to navigate to https://clearlydefined.io/workspace
- drag a SPDX document into the workspace and then all of the components in the SPDX document are added to the workspace.
There are some discrepancies between the content in ClearlyDefined and that SPDX documents, so work would be needed with both communities to figure out: what to do if license information in the SPDX disagrees with what ClearlyDefined has and how to handle pending curations?