[Reuse] REUSE tutorial

Carmen Bianca Bakker carmenbianca at fsfe.org
Thu Apr 25 17:29:00 UTC 2019 

Hi Max,

Je ĵaŭ, 2019-04-25 je 17:35 +0200, Max Mehl skribis:
> ~ Carmen Bianca Bakker [2019-04-25 08:03 +0200]:
> > Some quick thoughts for the mailing list:
> 
> Thanks. Will you channel back our finding to Luis?

I had given him a short response, and will let him know if there is
anything more.

> > Rationales need to be visible on the websites. I think the tutorial
> > should be as short as possible, though. But perhaps one short, quippy
> > line?
> 
> Yes, I think as soon as we found a catchy slogan and elevator pitch, we
> can paste it on both landing page and tutorial.

+1

Especially, I would love to have a nice graphic containing the
following on the main page:

# SPDX-Copyright: Free Software Foundation Europe
#
# SPDX-License-Identifier: CC-BY-SA-4.0

to demonstrate the simplicity of REUSE. But will make a separate
proposal for that when we get to work on re-arranging the website.
Finalising the FAQ and tutorial is more important for now.

> > > > It'd be good if the documentation mentioned what tools actually pick up Reuse metadata. eg, my understanding is that Valid-License-Identifier is a Reuse-specific extension and so may not get picked up by all scanners? If it is picked up by many major scanners, it'd be good to say that!
> > 
> > Good idea. Maybe upstream Valid-License-Identifier to SPDX?
> 
> Not sure if that works, but I could ask Kate in a phone call we are
> going to have in 1-2 weeks.

Awesome!

> So Valid-License-Identifier is for identifying customised licenses like
> MIT and BSD, and when the same license appears with multiple, different
> copyright holders, right? Is there any other argument how we can
> convince SPDX to include this?

Not quite correct. The spec is currently a bit of a mess when it comes
to BSD and MIT. It suggests that you include a lot of separate copies
for these licenses with unique identifiers, which gets really tiresome
really quickly.

We kind of want to get away from this recommendation. There are a
couple of ways to do that, but I currently want to simply not make any
recommendation within the spec, and propose several ways to fix it in
the FAQ instead.

But back on topic: Valid-License-Identifier serves almost the exact
same purpose as SPDX-License-Identifier: Identifying the license of the
below text. If you have a COPYING file, you don't need to analyse the
text to figure out what license it is, you just need to read the Valid-
License-Identifier tag.

I believe exceptions get Valid-Exception-Identifier.

In practice, this would look like...

Valid-License-Identifier: GPl-3.0-or-later
Valid-License-Identifier: GPL-3.0-only
License-Text:

                    GNU GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007

 Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

[...]

Why is this tag handy? Because it completely gets rid of heuristics.
You don't have to _guess_ what license you're looking at. You just
declare it with a tag that you can easily parse.

> > > > Should it have a concept similar to ClearlyDefined's facets? I think it'd be useful to be able to not just say "this file is CC-BY", but "this file is CC-BY and a documentation file", or rather than "this file is proprietary" instead "this file is proprietary and a test file". Both of these are common situations that metadata would help scanners to analyze and deal with, and that upstream maintainers are best positioned to analyze.
> > 
> > Basically a good idea, but would mess with the simplicity of REUSE.
> > Maybe like an optional config file such as the DEP5 file, that can mark
> > entire directories? But I think this is outside of the scope of REUSE.
> 
> Full ack. I also think would be harder to sell to our target audience,
> and would increase manual work for them.

+1

> > > > Have you given any thought to how this meshes with SFLC's recommendations? Specifically, they recommend centralizing copyright notices, and that seems like something that might be worth incorporating somehow.
> > 
> > I think REUSE is doing the exact opposite, short of including the
> > license texts in a centralised location (LICENSES/). I'm not certain if
> > the approaches are inherently incompatible, or whether something can be
> > done here.
> 
> I think so too. Especially since one can easily create a BoM with full
> REUSE compliance, so generation of a central file would be easy.

Ah, I accidentally got rid of formatting. This is the URL that was
included, for those so inclined:

https://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html#centralizing-license-notices

With kindness,
Carmen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.fsfe.org/mailman/private/reuse/attachments/20190425/2c6ab801/attachment.sig>

More information about the Reuse mailing list