Hi all,
We currently have the problem that the REUSE tool which you can download from pypi [^1] actually is not REUSE compliant although the source code itself is. This might also be true for many other projects who distribute their releases through similar services.
The reason is that by compilation files are being created, e.g. binaries or documentation, which do not carry license information nor are accompanied with corresponding .license files. How shall we deal with those?
Carmen and I discussed several options, but didn't find something completely convincing. So please share your opinion to find a good solution:
1. Ignore the whole problem and assume that people interested in reusing source code will find the source repo and start from there anyway. This would ignore the few cases in which FOSS projects do not have a publicly accessible VCS and are only published via tarballs containing such problematic files.
2. Recommend projects to always link to the source code repo in the README file so interested parties will always find the REUSE compliant code somewhere and do not reply on the released tarball.
3. Recommend projects to put the problematic files in the .gitignore file. REUSE will not take these files into consideration anyway. The problem is that people will probably remove this file from a packed release, and sites like pypi might to so as well.
4. Recommend projects to add the problematic files to a DEP5 file which is also shipped with the product.
What do you think?
Best, Max
[^1]: https://pypi.org/project/fsfe-reuse/