Software Package Data Exchange
Software Package Data Exchange (SPDX) is a file format used to document information on the software licenses under which a given piece of computer software is distributed. SPDX is authored by the SPDX Working Group, which represents more than twenty different organizations, under the auspices of the Linux Foundation.
SPDX describes the exact terms under which a piece of software is licensed. It does not attempt to categorize licenses by type, for instance by describing licenses with similar terms to the BSD License as "BSD-like".
The current version of the standard is 2.1, ratified in November 2016.
Each license is identified by a full name, such as "Mozilla Public License 2.0" and a short identifier, here "MPL-2.0".
Licenses can be combined by operators
OR, and grouping
On the other hand,
(Apache-2.0 AND MIT) means that both licenses apply.
There is also a "+" operator, when applied to a license, means that future versions of the license apply. For example,
Apache-1.1+ means that
Apache-2.0 may apply (and future versions if any).
The GNU family of licenses (e.g., GNU General Public License 2.0) have the choice of choosing a later version of the license built in. Sometimes, it was not clear, whether the SPDX expression
GPL-2.0 meant "exactly GPL version 2.0" or "GPL version 2.0 or any later version". Thus, since version 3.0 of the SPDX License List, the GNU family of licenses get new names.
GPL-2.0-only means "exactly version 2.0" and
GPL-2.0-or-later "GPL version 2.0 or any later version".
- Odence, Phil (2010-06-23). "The Software Package Data Exchange (SPDX) Format". Dr Dobb's. Retrieved 2012-08-31.
- Stewart, Kate; Odence, Phil; Rockett, Esteban. "Software Package Data Exchange (SPDX™) Specification". International Free and Open Source Software Law Review. 2 (2). doi:10.5033/ifosslr.v2i2.45.
- Vaughan-Nichols, Steven (August 10, 2010). "Linux Foundation launches major open-source license compliance program". Computerworld. Retrieved 2012-08-31.
- "General Meeting/Minutes/2016-11-03 - SPDX Wiki". wiki.spdx.org.
- Richard Stallman. "For Clarity's Sake, Please Don't Say "Licensed under GNU GPL 2"!". www.gnu.org. Retrieved 2018-05-24.
- Jilayne Lovejoy. "License List 3.0 Released!". spdx.org. Retrieved 2018-05-24.