{"id":43712,"date":"2018-08-30T14:39:47","date_gmt":"2018-08-30T14:39:47","guid":{"rendered":"http:\/\/www.sickgaming.net\/blog\/2018\/08\/30\/solving-license-compliance-at-the-source-adding-spdx-license-ids\/"},"modified":"2018-08-30T14:39:47","modified_gmt":"2018-08-30T14:39:47","slug":"solving-license-compliance-at-the-source-adding-spdx-license-ids","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2018\/08\/30\/solving-license-compliance-at-the-source-adding-spdx-license-ids\/","title":{"rendered":"Solving License Compliance at the Source: Adding SPDX License IDs"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2018\/08\/solving-license-compliance-at-the-source-adding-spdx-license-ids.jpg\" class=\"ff-og-image-inserted\" \/><\/div>\n<p>Accurately identifying the license for open source software is important for license compliance. However, determining the license can sometimes be difficult due to a lack of information or ambiguous information. Even when there is some licensing information present, a lack of consistent ways of expressing the license can make automating the task of license detection very difficult, thus requiring significant amounts of manual human effort. \u00a0\u00a0There are some commercial tools applying machine learning to this problem to reduce the false positives, and train the license scanners, but a better solution is to fix the problem at the upstream source.<\/p>\n<p>In 2013, \u00a0the\u00a0<a href=\"https:\/\/git.denx.de\/?p=u-boot.git;a=commit;h=eca3aeb352c964bdb28b8e191d6326370245e03f\">U-boot project decided to use the SPDX license identifiers<\/a>\u00a0in each source file instead of the GPL v2.0 or later header boilerplate that had been used up to that point. \u00a0\u00a0The initial commit message had an eloquent explanation of reasons behind this transition.<\/p>\n<p>Read more at <a href=\"https:\/\/www.linuxfoundation.org\/blog\/2018\/08\/solving-license-compliance-at-the-source-adding-spdx-license-ids\/\">The Linux Foundation<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Accurately identifying the license for open source software is important for license compliance. However, determining the license can sometimes be difficult due to a lack of information or ambiguous information. Even when there is some licensing information present, a lack of consistent ways of expressing the license can make automating the task of license detection [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":43713,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40],"tags":[],"class_list":["post-43712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-freebsd-unix"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/43712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=43712"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/43712\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/43713"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=43712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=43712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=43712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}