Open source license compliance has become more complex as time progresses. Using open source tools and open standards (SPDX), we should be able to make it easy to comply with the terms of the licenses specified in the code, and not require expensive proprietary technologies. This talk will outline some steps that will help to make license compliance more transparent, and with automation, make it easier to fulfill the obligations.
Using an openly developed standard (SPDX), and open source tooling it is now possible to generate accurate summary information for a project with open source tools, that can be shared with those that use the project. Software development today builds thousand of open source components that developers have shared, tools permit composition of new interfaces from code from many sources, conveying the licensing information hasn't always been a priority for developers, and as a result there's a fair amount of ambiguity out there that needs sophisticated proprietary tooling to decipher the actual licenses in effect. By leveraging automation to generate this information when a project builds, it ensures that the intentions of the authors are accurate and can easily be respected.
This talk will overview the problem scope and then propose some open source tools that can help start the automation part using open standards to improve the transparency of the information.