Building Trust: Testing SPDX Generation Tools
Having open source tooling that can generate SPDX documents is an important first step in automating detection and summarizing of the license compliance information found in source or binary code. How …
| Talk Title | Building Trust: Testing SPDX Generation Tools |
| Speakers | Philippe Ombredanne (ScanCode toolkit maintainer, Scancode toolkit and nexB Inc.), Kate Stewart (Senior Director of Strategic Programs, Linux Foundation) |
| Conference | Open Source Summit North America |
| Conf Tag | |
| Location | Los Angeles, CA, United States |
| Date | Sep 10-14, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Having open source tooling that can generate SPDX documents is an important first step in automating detection and summarizing of the license compliance information found in source or binary code. However, how can you tell which tools are able to accurately detect what is actually in the source code? Due to the imprecise nature of the way developers express licenses, there can be a lot of variance. To build up trust in the heuristics used by tools, a curated set of common packages and associated reference set of SPDX documents have been created to provide a starting point for tools to self certify against. This talk will go through the criteria use to select the packages, and provide some preliminary results.
