The Software Package Data Exchange® (SPDX™) specification is a standard format for communicating the components, licenses and copyrights associated with a software package. Please read the SPDX white paper to find out more.
This SPDX Group is a working group of the Linux Foundation and associated with FOSSBazaar. The specification has been adopted as one of the key elements of the Linux Foundation’s Open Compliance Program. For information,you can talk to Kate Stewart (stewart@linux.com) and Phil Odence (podence@blackducksoftware.com) who have been chairing the group.
The group works on the specification primarily via a Wiki in the Participation/Technical Team section of this site. The spec itself is under the Creative Commons Attribution License 3.0.
There are three SPDX teams: Technical, Business, and Legal. Each team has a mailing list and regular meetings. We also hold bi-weekly one-hour General Meetings and meet face-to-face at industry events (like LinuxCon) when possible. Here the General Meeting mailing list. If you want to get involved, get on the mailing list, create an account and explore to the Participation section of the website.
Involved in developing the spec have been people from over 20 organizations such as: Canonical, HP, Motorola, Black Duck Software, Qualcomm, NexB, Wind River, Open Logic, Micro Focus, Mozilla Foundation, Palamida, Freescale, TI, BT, Red Hat, Coverity, Source Auditor, Software Freedom Law Center, Apache, Eclipse, Alcatel-Lucent.