@afreytes A while back I #AskFedi’ed about a “license exception” (e.g. as defined by SPDX) for this, but got no answers at that time.
I’d love to declare my stuff as being licensed something like `MPL-2.0 WITH No-AI-exception-1.0`. #SPDX #Licensing #FOSS
[edit] oh and ofc someone somewhere will likely whine about this “nOt bEiNg OpEN sOURcE” then point to @osi OSD item #6 as a reference, to which I’d respond: “I don’t care - I don’t want my creative works going into these dumpster fire systems”
"The Microsoft #opensource #SBOM Tool now supports hashtag #SPDX 3.0!"
https://www.linkedin.com/posts/adriandiglio_github-microsoftsbom-tool-the-sbom-tool-activity-7328078596596469760-za87 #cybersecurity
The #LinuxFoundation will mentor 21 contributors in the Google Summer of Code 2025!! #GSoC
Despite having lined up many more proposals than last year we got the same amount of slots.
11 for #OpenPrinting, 3 for #AGL (Automotive Grade Linux, 2 for each of #SPDX and #IIO (Industrial I/O), and 1 for each of #SOF (Sound Open Firmware), #Zephyr, and #KWorkflow.
See Google's announcements of the projects:
https://summerofcode.withgoogle.com/programs/2025/organizations/the-linux-foundation
What does it really take to build secure, auditable firmware today?
In the latest episode of Nerding Out with Viktor, I sat down with Joshua Watt (Garmin) and Ross Burton (ARM) to dig into how the Yocto Project, SBOMs, and SPDX 3.0 are changing how we ship and maintain embedded Linux at scale.
We get into:
*Why SBOMs need to be generated at build-time, not after
*How SPDX 3.0 helps with license clarity and deep package tracking
*Why VEX metadata matters when it’s time to triage real vulnerabilities
*Build determinism, OTA failures, and surviving 15-year product lifecycles
*What the Cyber Resilience Act means for your toolchain
Whether you’re deep in firmware or just trying to ship connected products without getting buried in compliance debt, this one’s worth a listen.
Listen here: https://vpetersson.com/podcast/S02E09.html
SciTech Chronicles. . . . . . .May 2nd, 2025
#protoplanets #"moment of inertia" #differentiated #stratification #SPDX #ZTS #Linux #"6.14 kernel" #respiration #electrons #electrochemistry #naphthoquinones #"geological history" #"Stac Fada Member" #Rodinia #nonmarine #"gastrointestinal diseases" #metagenomics #metaproteomics
I have added SPDX license classifiers to my Lua examples:
Snow on the SO5CW webcam this morning! 425 QSOs in the #SPDX #Contest so far. Come join the contest: https://spdxcontest.pzk.org.pl/2025/ #hamradio
How do #SBOMs fit into #AI, hardware, and critical infrastructure?
SBOMs transformed from static documents to dynamic, database-driven knowledge systems that can scale with today's complex software ecosystems. This session will provide a forward-looking perspective on where SBOM technology is heading, focusing on recent developments in SPDX 3.0 and upcoming features in SPDX 3.1.
Kate Stewart (#SPDX) and Alan Pope (Anchore) discuss the expanding role of SBOMs in modern ... https://get.anchore.com/future-of-sboms-with-kate-stewart/
#SPDX 3.0 and the Future of #SBOMs—What's Next? Kate Stewart, a leading force behind SPDX, and Alan Pope of Anchore discuss the latest advancements in SBOMs, regulatory shifts, and integration strategies. Live on March 24 at 10 AM PT. Secure your spot: https://get.anchore.com/future-of-sboms-with-kate-stewart/ https://get.anchore.com/future-of-sboms-with-kate-stewart/
#SBOMs are evolving—are you ready? Join Kate Stewart (#SPDX) and Alan Pope (Anchore) on March 24 at 10 AM PT as they explore the next phase of SBOM adoption, including SPDX 3.0/3.1, AI/ML applications, and deeper CI/CD integration. Register now: https://get.anchore.com/future-of-sboms-with-kate-stewart/
... Und schon wieder eine Idee für einen Artikel für die #heimatseite im #zwischennetz. Dieses Mal #java, #sbom, #spdx #apacheant , #apacheivy und #maven ...
SBOMs are more than an inventory—they're a critical tool for securing modern software development. Our latest guide breaks down @SBOM fundamentals, key standards like #SPDX and #CycloneDX, and real-world use cases for security, compliance, and DevSecOps. Download now https://get.anchore.com/sbom101-guide-for-devsecops-community/
The #LinuxFoundation is accepted as mentoring organization in the Google Summer of Code #GSoC #GSoC2025!
Amazing project ideas are waiting for awesome contributors: From #OpenPrinting, #Zephyr, Automotive Grade Linux #AGL, Industrial I/O #IIO, Sound Open Firmware #SOF, #SPDX, Automating Linux kernel workflows #kworkflow
https://summerofcode.withgoogle.com/programs/2025-ao/organizations/the-linux-foundation
Project ideas and how to apply:
https://wiki.linuxfoundation.org/gsoc/google-summer-code-2025
If interested to be a contributor or mentor contact us ASAP! Do not wait for the deadline.
New in Syft v1.20.0: Bitnami embedded #SBOM support for maximum accuracy + smarter license detection that preserves original text even when #SPDX matching fails. Get the most accurate SBOMs possible! #CyberSecurity
https://anchore.com/blog/syft-1-20-faster-scans-smarter-license-detection-and-enhanced-bitnami-support/
Want to parse/validate open source licenses in Rust? 🦀 Check this out.
🆔 **spdx**: Helper crate for SPDX expressions.
📚 Docs: https://docs.rs/spdx
⭐ GitHub: https://github.com/EmbarkStudios/spdx
#rustlang #library #spdx #license #parsing #opensource #validation
I’ve just seen that pip now supports License-Expression in pip show: https://pip.pypa.io/en/stable/news/#features
#pip #spdx #Python #Licensing
pip can now show SPDX license expressions 🎉
https://ichard26.github.io/blog/2025/01/whats-new-in-pip-25.0/#pep-639-spdx-license-expressions
🐍📦📜 All the pieces (I use) are now in place for PEP 639 ("Improving License Clarity with Better Package Metadata"). Thanks to contributors and maintainers of at least 6 projects and of course Karolina Surma for the PEP! discuss.python.org/t/pep-639-ro... #Python #PEP639 #PyPI #SPDX #licensing
🐍📦📜 All the pieces (that I use) are now in place for PEP 639 ("Improving License Clarity with Better Package Metadata")!
I made sure to use latest Hatchling 1.27, added `license-files = [ "LICENSE" ]`, and deleted the deprecated licence Trove classifier.
Thanks to contributors and maintainers of PyPI, packaging, Hatchling, Twine, PyPI publish GitHub Action, build-and-inspect-python-package and of course @karo for the PEP+spec!
