Linux Foundation Organization new edition of the standard (Software Package Data Exchange), which offers a set of specifications for publishing and exchanging license and intellectual property information. The specification allows you to specify not only the general license for the entire package, but also determine the specifics of licensing individual files and fragments, indicate the owners of property rights to the code and the people involved in reviewing its licensed purity.
SPDX provides a detailed map of the intellectual property used in the package, allowing you to quickly assess possible risks, identify potential incompatibilities, and familiarize yourself with the terms of use imposed by the license. With SPDX, consumer device manufacturers can ensure that their products fully comply with open licenses and identify license inconsistencies in firmware that uses a mixture of many open source and proprietary applications. The format is optimized for automatic processing, but utilities are also provided for converting SPDX files into a human-readable representation.
Π expanded the number of scenarios with examples of using SPDX, proposed new formats for SPDX documents (JSON, YAML, XML), added new types of dependency bindings, added fields to reflect the authorship of packages, files and code snippets, added new PURL identifiers (Package URLs) and SWHIDs (Software Heritage Persistent Identifiers), a simplified SPDX Lite format is introduced, the ability to specify abbreviated license identifiers in files is provided, support for multi-line expressions for determining a license is added.
Source: opennet.ru