SPDX License List: The year in review
by Jilayne Lovejoy, Legal team Co-Chair
Version 2.2 of the SPDX License List is now available and it seemed like a good opportunity to provide a summary of updates that have occurred over the last few releases and other related news.
In case you are new here, the SPDX License List is a list of commonly found open source licenses and exceptions for the purposes of being able to easily and efficiently identify such licenses and exceptions in an SPDX document (or elsewhere). The SPDX License List includes a standardized short identifier, full name for each license, vetted license text, other basic information, and a canonical permanent URL for each license and exception. The master files for the license list comprise of a spreadsheet and text files. From this data, the HTML web pages at spdx.org/licenses are generated. There are other ways to access this data, including RDFa machine readable access and a JSON file. For more information, check out the tech report, Accessing SPDX Licenses.
As of version 2.2, the SPDX License List contains 306 licenses and 24 license exceptions. The spreadsheet in the master files includes columns indicating changes for each release, but here are some highlights of the last four releases:
Version 1.20 saw the biggest single increase in the number of licenses added at 87. 77 of these new licenses were a direct result of the SPDX legal team going through the Fedora license list to attempt to provide more cross-list representation. Although not every license on the Fedora list is on the SPDX License List, this was a huge step in the right direction. A cross-reference of short identifiers is available, as well as a list of Fedora licenses that are not (yet?) on the SPDX License List. If you want to see something added from here or help further this work, please let us know!
Version 2.0 was a big change for both the SPDX specification and the license list. The addition of the license expression syntax now allows greater flexibility in representing licenses or license combinations. This included the + operator to indicate an "or later" license and the "with" operator to indicate a license exception. Consequently, some licenses were deprecated and exceptions were moved to their own list to allow for this new expression language in v2.0.
Also as of version 2.0, the legal team decided to implement a quarterly release of the license list to provide more predictability. Of course, if circumstances warrant a sooner release or if there are no changes during a quarter, then we will adjust that schedule as needed.
Version 2.1 added 5 new licenses and 12 new license exceptions. A lack of exceptions was always been a weak point for the SPDX License List. A couple members of the Legal team scoured the internet for as many license exceptions as they could find, with the goal of adding more license exceptions post-2.0 release. As such, we added 12 licenses exceptions in version 2.1 and 3 more in version 2.2 from this research and will continue to explore other additions.
Version 2.1 and 2.2 also saw 5 new licenses added each. These licenses included a few more from the Fedora list review that needed clarification.
So, now you are up-to-date with changes to the license list. A huge thanks to the participating members of the SPDX legal team who come together every couple weeks to make this all happen, as well as other work in between! Look for the 2.3 release just in time for the New Year.