Hi Stefan
Je mer, 2024-01-10 je 16:38 +0000, Eidelloth, Stefan skribis:
=> Should I use a THIRDPARTY.txt file in addition to the LICENSES folder of REUSE Compliance? Or do I not need such a file if my project is already REUSE compliant?
I think this depends on what your needs are. For simple or self- contained projects, REUSE compliance makes this THIRDPARTY.txt file entirely superfluous. For projects that vendor 3rd-party code, for which REUSE isn't incredibly well-suited, that may or may not be the case. Specifically, REUSE doesn't convey some of the metadata contained within that file, chiefly the name of the component.
There is an open issue/PR that is at least tangentially related: https://github.com/fsfe/reuse-tool/issues/779
This new REUSE.toml file is more flexible/powerful than `.reuse/dep5` and could hypothetically be extended to convey more metadata than the current system (even exclusively for internal use: it's just a TOML file, so you can add any unused keys and the linter won't break). This could therefore also cover THIRDPARTY.txt.
But if you have a requirement to include THIRDPARTY.txt specifically, then that's the requirement.
Yours with kindness, Carmen