The rate of change of open source software is continuing to accelerate beyond what is possible with manual tracking. License compliance is at the heart of what makes open source software — “open.” To make license compliance incredibly easy, we need to address how we detect and report license information, which will require a trusted and open foundation for automation. Open and collaboratively developed standards, like SPDX, need repositories of trusted historical indexible source code, like the Software Heritage project will provide.
The Software Heritage project and other community open source projects together are creating the seeds of helping those who want to respect the licenses chosen by the creators of open source software.
— Kate Stewart, Sr. Director of Strategic Projects at The Linux Foundation, SPDX project technical lead.