GSOC/GSOC Application

From SPDX Wiki
Jump to: navigation, search

Google Summer of Code Application

This information can be used to create the application.

Organization Information

Organization Application

Why does your org want to participate in Google Summer of Code?

SPDX is an all volunteer community committed to improving the awareness, standards and tools for open source compliance. By engaging students, we will increase the awareness of open source compliance for future software professionals. We would also like to engage students in a collaborative open source project and potentially keep them engaged after the project completes. It would be valuable to extend the compliance tools available for the open source community and for commercial software companies.

How many potential mentors have agreed to mentor this year?


How will you keep mentors engaged with their students?

Three of our mentors have had experience with GSoC and have been very engaged in the past projects. We plan on having regular communications with the mentors in our mailing lists as well as in our weekly calls where mentors will present on the progress of their projects. Each of our mentors will have a back-up mentor to help support the mentoring activities and provide continuing engagement if the mentor is unavailable for any reason.

How will you help your students stay on schedule to complete their projects?

The mentors will be primarily responsible for the student progress, with the back-up mentor providing support. Students will be required to create a milestone schedule and report on its progress with their mentors in addition to regular communication. The mentors will help the student work through any roadblocks or help them reach out to the broader community should the need arise. We will be tracking progress in our weekly tech calls and discuss any issues when needed.

How will you get your students involved in your community during GSoC?

We will involve the students in our standard communications (email distribution lists and weekly calls), provide a forum for them to communicate their project and results. Once significant milestones have been achieved, we will feature their results on the website.

How will you keep students involved with your community after GSoC?

We will encourage them to become members of the community and continue to support what they have worked on or get involved in other areas. We will encourage them to continue to contribute and maintain ongoing dialog through 1:1 emails with the mentors, inclusion in the SPDX mailing lists, and encouraging them to participate in the tech subgroup calls.

Has your org been accepted as a mentor org in Google Summer of Code before?


Which years did your org participate in GSoC?

, , 2014, , , , , , , , ,

For each year your organization has participated, counts of successful and total students:

3/3 All students were successful. Please note: our participation in 2014 was as part of the Linux Foundation. We are applying this year as an independent collaborative open source organization.

If your org has applied for GSoC before but not been accepted, select the years:

2016, , , , , , , , , , ,

If you are a new organization to GSoC, is there a Google employee or previously participating organization who will vouch for you? If so, please enter their name, contact email, and relationship to your organization. (optional)

Three of our mentors have participated in the 2014 GSoC and one of our mentors has participated in more than 1 previous GSoC.

What year was your project started?


Anything else we should know (optional)?

Our community consists of a broad range of individuals from foundations, open source communities, linux distributors and business professionals working together with a common goal. While compliance may not always seem exciting we believe they will gain exposure to some of the legal and business aspects of working with open source licensing as well. In addition, the tooling and problems we face are complex and should provide a good technical challenge for the student.

Organization Profile

Organization Profile


Promoting open source compliance through standard communication of SW licenses.

Short Description

The Software Package Data ExchangeR (SPDXR) specification is a standard format for communicating the components, licenses and copyrights associated with a software package.

Long Description

Our Mission

Develop and promote adoption of a specification to enable any party in a software supply chain, from the original author to the final end user, to accurately communicate the licensing information for any piece of copyrightable material that such party may create, alter, combine, pass on, or receive, and to make such information available in a consistent, understandable, and re-usable fashion, with the aim of facilitating license and other policy compliance.

Our Vision

The vision of SPDX is achieve license compliance with minimal cost across the supply chain. Ideally, upstream component developers begin the process by supplying SPDX flies as part of their downloads. Users of those components therefore have a starting point for the SPDX files they create for their "customers," and so on. If everything is working properly, the provenance of each piece of code is researched and documented only once during its journey through a supply chain, and that information is passed on in parallel with the code in the SPDX format.


Development of SPDX is run somewhat like an open source project: Those that participate influence. Decisions tend to be made by consensus. The spec itself is written by a technical team with input and support from business and legal teams. Although much of the the initial focus was on Linux and the project is under the auspices of the Linux Foundation, the strategy from the outset has been much broader to be applicable to anything open source. To accommodate a range of needs, SPDX can be implemented in XML or tag-value formats.

The SPDX "IP" is all housed on this site. Most of that is embodied in the spec itself, but we have developed a number of separate assets that complement the specification, including a standard license list, implementation guidelines and the SPDX compatible tools.

Primary Open Source License

Apache License 2.0 (Apache-2.0)

Organization Category


Technology Tags

rdf, python, java, github, c

Topic Tags

compliance, opensource, licensing

Ideas List

Application Instructions

Please review the requirements described in the project ideas page at Submit your proposals using the GSoC website to the mentor from the ideas page or feel free to contact them directly with questions.

Proposal Tags

workgroup tools, github integration, specification projects


Mailing List

Contact Email

Google+ URL

Twitter URL

Blog URL