System Package Data Exchange ( SPDX , formerly Software Package Data Exchange ) is an open standard capable of representing systems with digital components as bills of materials (BOMs). First designed to describe software components, SPDX can describe the components of software systems, AI models, software builds, security data, and other data packages. SPDX allows the expression of components, licenses , copyrights, security references and other metadata relating to systems.
48-614: The original purpose of SPDX was to improve license compliance, and it has since been expanded to facilitate additional use cases such as supply-chain transparency and security. SPDX is authored by the community-driven SPDX Project involving key industry experts, organizations, and open-source enthusiasts under the auspices of the Linux Foundation . The SPDX specification is recognized as the international open standard for security, license compliance, and other software supply chain artifacts as ISO/IEC 5962:2021. The current version of
96-418: A Finn, he did not support Russian aggression. Furthermore, he insinuated that people opposing this patch are either Russian trolls, or have been riled up by Russian state-sponsored media and revert of this patch will not be accepted. At least one other maintainer, who had criticized this unusual approach, claimed to have been blocked from the mailing list. It wasn’t until October 24 that James Bottomley,
144-623: A bilingual pun on the classic 1981 German submarine film Das Boot , which takes place on a World War II German U-boat . It is free software released under the terms of the GNU General Public License . It can be built on an x86 PC for any of its intended architectures using a cross development GNU toolchain , for example crosstool, the Embedded Linux Development Kit (ELDK) or OSELAS.Toolchain. The importance of U-Boot in embedded Linux systems
192-495: A combined total of US$ 1.2 million and Silver members contribute between US$ 5,000 and US$ 20,000 based on the amount of employees, summing up to at least US$ 6,240,000. As of June 2024, the foundation collected annual fees worth at least US$ 14,940,000. By early 2018, the Linux Foundation's website stated that it "uses [donations] in part to help fund the infrastructure and fellows (like Linus Torvalds ) who help develop
240-434: A filesystem in order for the kernel to use it as a root filesystem or initial ramdisk; U-Boot simply provides an appropriate parameter to the kernel, and/or copies the data to memory without understanding its contents. However, U-Boot can also read from (and in some cases, write to) filesystems. This way, rather than requiring the data that U-Boot will load to be stored at a fixed location on the storage device, U-Boot can read
288-416: A kernel developer, issued an apology for the intransparent handling of the situation and clarified that the action was a consequence of U.S. sanctions against Russia. According to Bottomley, developers who were allegedly employed by sanctioned companies could no longer serve as maintainers, even in a purely volunteer role. While some of the volunteer programmers were indeed employed by Russian companies, this
336-537: A much more granular level without having to package it as “envelope” data. A key design principle in SPDX 3.0 is that all elements may be expressed and referenced independent of any other element. This independence is required to support a variety of content exchange and analysis use cases and makes it easier to communicate single elements of interest. The relationship structure has also been updated to be both more expressive and easier to understand compared to older versions of
384-478: A news site to become a central source for Linux tutorials, information, software, documentation, and answers across the server, desktop/netbook, mobile, and embedded areas. It also includes a directory of Linux software and hardware. Much like Linux itself, Linux.com plans to rely on the community to create and drive content and conversation. In 2020 amidst the COVID-19 pandemic , the Linux Foundation announced
432-483: A partnership with Goodwill Central Texas to help hundreds of disadvantaged individuals from underserved communities and a variety of backgrounds get the training they need to start careers in Linux IT. In July 2020, the Linux Foundation announced an initiative allowing open-source communities to create Open Standards using tools and methods inspired by open-source developers. The Core Infrastructure Initiative (CII),
480-558: A passing project. Introduced in October 2017, the Community Data License Agreement (CDLA) is a legal framework for sharing data. There are two initial CDLA licenses: On March 3, 2009, the Linux Foundation announced that they would take over the management of Linux.com from its previous owners, SourceForge, Inc . The site was relaunched on May 13, 2009, shifting away from its previous incarnation as
528-764: A subset of the UEFI specification as defined in the Embedded Base Boot Requirements (EBBR) specification. UEFI binaries like GRUB or the Linux kernel can be booted via the boot manager or from the command-line interface. U-Boot runs a command-line interface on a console or a serial port. Using the CLI, users can load and boot a kernel, possibly changing parameters from the default. There are also commands to read device information, read and write flash memory, download files (kernels, boot images, etc.) from
SECTION 10
#1732772499178576-500: A vague justification for relieving the developers from their respecting positions as maintainers. To the growing numbers of messages expressing a mixture of surprise and outrage related to the lack of transparency surrounding the situation and concern over whether the political independence of the Linux kernel was still being maintained, Linus Torvalds blatantly responded that the reasons for this would in fact be clear, and added that, as
624-634: Is a project managed by the Linux Foundation that enables technology companies, industry stakeholders, and esteemed developers to collaboratively identify and fund critical open-source projects in need of assistance. In June 2015, the organization announced financial support of nearly $ 500,000 for three new projects to better support critical security elements of the global information infrastructure. In May 2016, CII launched its Best Practice Badge program to raise awareness of development processes and project governance steps that will help projects have better security outcomes. In May 2017, CII issued its 100th badge to
672-527: Is capable of loading data (e.g. a kernel or ramdisk image) into memory. U-Boot itself must be booted by the platform, and that must be done from a device that the platform's ROM is capable of booting from, which naturally depends on the platform.) On some embedded device implementations, the CPU or SoC will locate and load the bootloader (such as Das U-Boot) from the boot partition (such as ext4 or FAT filesystems) directly. U-Boot does not need to be able to read
720-559: Is to educate and assist developers (and their companies) on licensing requirements, to make it easier to create new software. The program consists primarily of self-administered training modules, but it is also meant to include automated tools to help programmatically identify license compliance issues. Funding for the Linux Foundation comes primarily from its Platinum Members, who pay US$ 500,000 per year according to Schedule A in LF's bylaws, adding up to US$ 7.5 million. The Gold Members contribute
768-548: The BSD License as "BSD-like". In 2020, the European Commission published its Joinup Licensing Assistant, which makes possible the selection and comparison of more than 50 licenses, with access to their SPDX identifier and full text. The GNU family of licenses (e.g., GNU General Public License version 2 ) have the choice of choosing a later version of the license built in. Sometimes, it was not clear whether
816-810: The NTIA's 'Minimum Elements For a Software Bill of Materials'. SPDX 2.2.1 was submitted to the International Organization for Standardization (ISO) in October, 2020, and was published as ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1 in August, 2021. Each license is identified by a full name, such as "Mozilla Public License 2.0" and a short identifier, here "MPL-2.0". Licenses can be combined by operators AND and OR , and grouping ( , ) . For example, (Apache-2.0 OR MIT) means that one can choose between Apache-2.0 ( Apache License ) or MIT ( MIT license ). On
864-545: The Open Source Development Labs (OSDL). The core of the project is an online patent commons reference library aggregating and documenting information about patent-related pledges and other legal solutions directed at the open-source software community. As of 2015 , the project listed 53 patents. The Linux Foundation's Open Compliance Program provides an array of programs for open-source software licensing compliance. The focus of this initiative
912-486: The embedded industry, where a vast number of product specific forks (of U-Boot and Linux) exist. The ability to run mainline software practically gives customers indemnity against lack of vendor updates. The project started as a 8xx PowerPC bootloader called 8xxROM written by Magnus Damm. In October 1999 Wolfgang Denk moved the project to SourceForge.net and renamed it to PPCBoot , because SF.net did not allow project names starting with digits. Version 0.4.1 of PPCBoot
960-400: The open source community. For software to be considered to be in the commons the patent owner must guarantee that developers will not be sued for infringement, though there may be some restrictions on the use of the patented code. The concept was first given substance by Red Hat in 2001 when it published its Patent Promise. The Patent Commons Project was launched on November 15, 2005, by
1008-585: The x86 processor architecture. Additional architecture capabilities were added in the following months: MIPS32 in March 2003, MIPS64 in April, Nios II in October, ColdFire in December, and MicroBlaze in April 2004. The May 2004 release of U-Boot-1.1.2 worked on the products of 216 board manufacturers across the various architectures. The current name Das U-Boot adds a German definite article , to create
SECTION 20
#17327724991781056-546: The LF Climate Finance Foundation (LFCF), a new initiative "to encourage investment in AI-enhanced open source analytics to address climate change ." LFCF plans to build a platform that will utilize open-source open data to help the financial investment, NGO, and academia sectors to help better model companies’ exposure to climate change. Allianz , Amazon, Microsoft, and S&P Global will be
1104-534: The LFPH, a program dedicated to advancing and supporting the virus contact tracing work led by Google and Apple and their Bluetooth notification systems. The LFPH is focusing its efforts on public health applications, including the effort's first initiative: a notification app intended for governments wanting to launch their privacy-focused exposure notification networks. As of today, LFPH hosts two contact-tracing apps. In September 2020, The Linux Foundation announced
1152-616: The Linux Foundation Certified System Administrator (LFCS) exam. In early 2017, at the annual Open Source Leadership Summit, it was announced that the Linux Foundation would begin offering an Inclusive Speaker Orientation course in partnership with the National Center for Women & Information Technology. The course is designed to give participants "practical skills to promote inclusivity in their presentations." In September 2020,
1200-431: The Linux Foundation and edX partnered to offer a free, massive open online class titled Introduction to Linux. This was the first in a series of ongoing free offerings from both organizations whose current catalogue of MOOCs include Intro to DevOps, Intro to Cloud Foundry and Cloud Native Software Architecture, Intro to Apache Hadoop, Intro to Cloud Infrastructure Technologies, and Intro to OpenStack. In December 2015,
1248-546: The Linux Foundation introduced a self-paced course designed to help prepare administrators for the OpenStack Foundation's Certified OpenStack Administrator exam. As part of a partnership with Microsoft, it was announced in December 2015 that the Linux on Azure certification would be awarded to individuals who pass both the Microsoft Exam 70-533 (Implementing Microsoft Azure Infrastructure Solutions) and
1296-458: The Linux Foundation released a free serverless computing training course with CNCF. It is taught by Alex Ellis, founder of OpenFaaS. Among many other organizations with similar offerings, The Linux Foundation has reported a 40% increase in demand for their online courses in 2020 during the coronavirus pandemic and the resulting social-distancing measures. The patent commons consists of all patented software which has been made available to
1344-641: The Linux OS as a "foundation of foundations" that hosts a variety of projects spanning topics such as cloud , networking, blockchain , and hardware. The foundation also hosts annual educational events among the Linux community, including the Linux Kernel Developers Summit and the Open Source Summit . As of September 2015 , the total economic value of the development costs of Linux Foundation Collaborative Projects
1392-494: The Linux kernel." On October 18, 2024, renowned kernel developer Greg Kroah-Hartman submitted a patch to the Linux Kernel Mailing List that removed "some" kernel developers from their roles as maintainers. These were 11 developers whose email addresses and names suggested a connection to Russia. The patch was accepted without the usual quality assurance measures, such as code reviews, and included only
1440-651: The Russian developers, and particularly Torvalds’ statements, aligns with their Code of Conduct, which includes a commitment to respectful behavior and avoidance of demeaning communication, as well as an explicit prohibition of discrimination. Das U-Boot Das U-Boot (subtitled "the Universal Boot Loader" and often shortened to U-Boot ; see History for more about the name) is an open-source boot loader used in embedded devices to perform various low-level hardware initialization tasks and boot
1488-544: The SPDX expression GPL-2.0 meant "exactly GPL version 2.0" or "GPL version 2.0 or any later version". Thus, since version 3.0 of the SPDX License List, the GNU family of licenses got new names. GPL-2.0-only means "exactly version 2.0" and GPL-2.0-or-later means "version 2.0 or any later version". The SPDX license identifier can be added to the top of source code files as a short string unambiguously declaring
Software Package Data Exchange - Misplaced Pages Continue
1536-538: The device's operating system kernel. It is available for a number of computer architectures , including M68000 , ARM , Blackfin , MicroBlaze , AArch64 , MIPS , Nios II , SuperH , PPC , RISC-V , LoongArch and x86 . U-Boot is both a first-stage and second-stage bootloader. It is loaded by the system's ROM (e.g. on-chip ROM of an ARM CPU) from a supported boot device, such as an SD card, SATA drive, NOR flash (e.g. using SPI or I²C ), or NAND flash. If there are size constraints, U-Boot may be split into two stages:
1584-600: The earlier use of the Callaway system. Debian uses a slightly different license specification. Linux Foundation The Linux Foundation ( LF ) is a non-profit organization established in 2000 to support Linux development and open-source software projects. The Linux Foundation started as Open Source Development Labs in 2000 to standardize and promote the open-source operating system kernel Linux . It merged with Free Standards Group in 2007. The foundation has since evolved to promote open-source projects beyond
1632-412: The filesystem to search for and load the kernel, device tree, etc., by pathname. U-Boot includes support for these filesystems: Device tree is a data structure for describing hardware layout. Using Device tree, a vendor might be able to use a less modified mainline U-Boot on otherwise special purpose hardware. As also adopted by the Linux kernel, Device tree is intended to ameliorate the situation in
1680-572: The initiative's founding members. LF Energy is an initiative launched by the Linux Foundation in 2018 to improve the power grid . The Linux Foundation Training Program features instructors and content from the leaders of the Linux developer and open-source communities. Participants receive Linux training that is vendor-neutral and created with oversight from leaders of the Linux development community. The Linux Foundation's online and in-person training programs aim to deliver broad, foundational knowledge and networking opportunities. In March 2014,
1728-422: The kernel and any other required data (e.g. device tree or ramdisk image) into memory, and then executing the kernel with the appropriate arguments. U-Boot's commands are actually generalized commands which can be used to read or write any arbitrary data. Using these commands, data can be read from or written to any storage system that U-Boot supports, which include: (Note: These are boot sources from which U-Boot
1776-620: The license used. The SPDX-License-Identifier syntax, pioneered by Das U-Boot in 2013, became part of SPDX in version 2.1. In 2017, the FSFE launched REUSE, which provides tools to validate the comment and to efficiently extract copyright information. The SPDX license identifier is also used in a number of package managers such as npm , Python, and Rust cargo. SPDX license expressions are used in RPM package metadata in Fedora Linux , replacing
1824-427: The new bootloader from somewhere (local storage, or from the serial port or network) into memory, and writing that data to persistent storage where the bootloader belongs. U-Boot has support for USB, so it can use a USB keyboard to operate the console (in addition to input from the serial port), and it can access and boot from USB Mass Storage devices such as SD card readers. U-Boot boots an operating system by reading
1872-496: The other hand, (Apache-2.0 AND MIT) means that both licenses apply. There is also a "+" operator which, when applied to a license, means that future versions of the license apply as well. For example, Apache-1.1+ means that Apache-1.1 and Apache-2.0 may apply (and future versions if any). SPDX describes the exact terms under which a piece of software is licensed. It does not attempt to categorize licenses by type, for instance by describing licenses with similar terms to
1920-445: The physical memory addresses as destinations for copying data (kernel, ramdisk, device tree, etc.) and for jumping to the kernel and as arguments for the kernel. Because U-Boot's commands are fairly low-level, it takes several steps to boot a kernel, but this also makes U-Boot more flexible than other bootloaders, since the same commands can be used for more general tasks. It's even possible to upgrade U-Boot using U-Boot, simply by reading
1968-614: The platform would load a small SPL (Secondary Program Loader), which is a stripped-down version of U-Boot, and the SPL would do some initial hardware configuration (e.g. DRAM initialization using CPU cache as RAM) and load the larger, fully featured version of U-Boot. Regardless of whether the SPL is used, U-Boot performs both first-stage (e.g., configuring memory controller and SDRAM ) and second-stage booting (e.g., configuring mainboard and other I/O devices, loading device tree and loading OS kernel from storage device). U-Boot implements
Software Package Data Exchange - Misplaced Pages Continue
2016-536: The serial port or network, manipulate device trees , and work with environment variables (which can be written to persistent storage, and are used to control U-Boot behavior such as the default boot command and timeout before auto-booting, as well as hardware data such as the Ethernet MAC address). Unlike PC bootloaders which obscure or automatically choose the memory locations of the kernel and other boot data, U-Boot requires its boot commands to explicitly specify
2064-596: The spec. The SPDX 3.0 data model is based on the Resource Description Framework (RDF). Data may be serialized in a variety of formats for storage and transmission, including formats defined in RDF 1.1 such as JSON-LD, Turtle (Terse RDF Triple Language), N-Triples, and RDF/XML. The 3.0 specification introduced profiles to support the expansion of use cases beyond software, without increasing overall complexity. Profiles allow users to define data for
2112-514: The standard is 3.0. The SPDX 2.x standard defines an SBOM document, which contains SPDX metadata about software. The document itself can be expressed in multiple formats, including JSON, YAML, RDF/XML, tag–value, and spreadsheet. Each SPDX document describes one or more elements, which can be a software package, a specific file, or a snippet from a file. Each element is given a unique identifier, and metadata for an element can refer to other elements. SPDX 3.0 allows users to communicate information at
2160-484: The use cases they need, while also increasing the amount of information that can be gathered directly from the SPDX data. There are eight profiles defined by SPDX 3.0: The first version of the SPDX specification was intended to make compliance with software licenses easier, but subsequent versions of the specification added capabilities intended for other use-cases, such as being able to contain references to known software vulnerabilities . Recent versions of SPDX fulfill
2208-563: Was estimated at $ 5 billion. For the Linux kernel community, the Linux Foundation hosts its IT infrastructure and organizes conferences such as the Linux Kernel Summit and the Linux Plumbers Conference. It also hosts a Technical Advisory Board made up of Linux kernel developers. One of these developers has been appointed to sit on the Linux Foundation board. In January 2016, the Linux Foundation announced
2256-651: Was first publicly released July 19, 2000. In 2002 a previous version of the source code was briefly forked into a product called ARMBoot , but was merged back into the PPCBoot project shortly thereafter. On October 31, 2002 PPCBoot−2.0.0 was released. This marked the last release under the PPCBoot name, as it was renamed to reflect its ability to work on other architectures besides the PPC ISA. PPCBoot−2.0.0 became U−Boot−0.1.0 in November 2002, expanded to work on
2304-401: Was not even true for others, sparking a discussion about this being a case of discrimination against individuals rather than just a compliance issue. For example, one of the affected kernel maintainers had been employed by Amazon Web Services for several years up to that point. The Linux Foundation has remained entirely silent on the incident, despite questions about whether the handling of
#177822