Guest Blog for Black Duck Software
In earlier blog posts, I examined five areas challenging Android development (Android Cat Herding – Part I). In this blog, I discuss two solutions to address them.
The first is SPDX – the emerging Software Package Data Exchange, part of the Linux Foundation’s Open Compliance Program. SPDX has a charter to
create a set of data exchange standards that enable companies and organizations to share component information (metadata) for software packages and related content with the aim of facilitating license and other policy compliance.
building on a specification defined as
a standard format for communicating the components, licenses and copyrights associated with a software package. An SPDX file is associated with a particular software package and contains information about that package in the SPDX format.
Read More . . .