The need to identify the license for open source software is critical for both reporting purposes and license compliance. However, determining the license can be difficult due to a lack of information or ambiguous information. Even when licensing information is present, a lack of consistent notation for providing license information can make automating the task of license detection very difficult, thus requiring vast amounts of human effort. The SPDX Work-group proposes to use SPDX license identifiers to indicate the license at the file level. The advantages of doing this are numerous but include:
- It is precise; there is no ambiguity due to variations in license header text
- It is language neutral
- It is easy to machine process
- It is concise
- The license travels with the file (as sometimes not entire projects are used or license files are removed)
- It is simple and can be used without much cost in interpreted environments like java Script, etc.
- An SPDX license identifier is immutable.
- It provides simple guidance for developers who want to make sure the license for their code is respected
Where to use it
Use in source files you create. Here is an example of a C style source licensing header using the Identifier. As you can see it is quite simple to do.
Copyright (c) 2016 Acme. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Before using the identifiers in your source you should be familiar with the license short identifiers from the SPDX License List and the license expression syntax. You can find reference to both in the Further Information Section.
The following links are meant to provide further information to references and resources you may need when working with identifiers in your source.
- "Using SPDX License List “short identifiers” in source files" - by Kate Stewart, Technical Team Co-Chair.
- Starting with the SPDX 2.1 Specification - See Appendix V, "Using SPDX short identifiers in Source Files".
- SPDX License List - See the short identifier for each license.
- Add a license to the license list (in cases where the license you are using is not represented yet).
The following list is not meant to be exhaustive but to rather give you an idea of what some people/organizations are doing.