Linux Foundation’s License Compliance Standard, SPDX, Offers Real Value
By Mark Gisi
There is only one criterion that determines whether a piece of software is open source software (OSS) – the license from which you receive the software under. If you are granted rights under an open source license such as the BSD, Apache or GPL, it is open source software.
Although the open source movement has other core pillars, which include the power of the community development model, peer recognition, and community review (the many eyeballs affect), there is no movement without the license.
Open source developers do not ask for much for the use of their software. What little they do request is described by a few conditional obligations listed in the license. In exchange for satisfying those obligations, the user is granted certain rights with respect to copying, modifying and/or redistributing the developer’s creation. Obligations may include a requirement to pass along the source code, provide certain notifications (e.g., modification notices) or just simply provide attribution. The task of satisfying the respective license obligations is often referred to as license compliance.