The “SPDX” name was adopted in February 2010, but the project’s roots go back much further. As early as 2007, Karen Copenhaver (of Linux Foundation and Choate, Hall & Stewart), Esteban Rockett and John Ellis (both of Motorola) began to raise the issue of software pedigree and authenticity with the Linux Foundation Member Counsel. In 2008 the notion of a standard format for exchanging package information evolved into what was dubbed by Esteban and John as “The Bill of Materials Project” with Michael Herzog and Philippe Ombrédanne (both of nexB) doing the early technical work. In the same timeframe, the Debian project was working on a standard format for documenting license information in packages called DEP-5. The Fedora projects was also working on categorizing common licenses.
John, Esteban and Karen spent much of 2009 lobbying the Linux Foundation membership for support while in parallel Kate Stewart (then of Freescale, now of Canonical) was endeavoring to bring together various embedded distribution providers to achieve similar goals. At LinuxCon 2009, the players came together, the stars aligned, and the project was gaining momentum. Discussions were initiated with HP’s Martin Michlmayr of FOSSBazaar, and with his support, the framework for a workgroup to enable collaboration was put in place.
Early in 2010, specification drafting began in a workgroup of FOSSBazaar that came to be called the SPDX group. Phil Odence (of Black Duck Software) came on board in February to help coordinate the activities of the group while Kate lead the technical discussion. Also during that month, the Linux Foundation Member Counsel gave support to the effort.
In August at LinuxCon 2010, the group released a beta version of the specification coincident with the Linux Foundation announcing SPDX as one of the pillars of its new Open Compliance Program.