Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore how package managers can become strategic partners in open source license and attribution compliance in this 36-minute conference talk from the Linux Foundation. Examine the critical role package managers play in modern software development, where they simplify dependency management but often obscure transitive changes, leading to complex dependency trees with minimal oversight. Discover how different package managers follow similar models of fetching software and metadata, yet vary significantly in format, quantity, and quality of compliance information. Learn about the challenges Open Source Program Offices (OSPOs) face when managing heterogeneous language stacks and maintaining compliance across diverse ecosystems. Analyze various package managers and the compliance data they provide, while identifying best practices from each system. Understand proposed solutions for breaking down silos between different ecosystems and encouraging convergence on non-language-specific metadata and practices to streamline compliance work and strengthen the overall open source ecosystem.
