[REUSE] Handle copyright and licensing of snippets

Gustafsson, Stefan stefan.gustafsson at sap.com
Thu Mar 5 12:46:01 UTC 2020


Hi Max,

I favor the SPDX approach. I do agree with all the cons as well 😉, adding one more: marking every single snippet of copied code is a tedious task for developers, especially for an existing project that's out there for quite some time and now wants to become REUSE compliant. In terms of adoption, tedious tasks are never a good selling point.
But ideally, I agree, snippets should be marked as such.

Best
Stefan

P.S. Slightly unrelated to the how-to-mark-snippets-topic: in the example you chose, one could argue that copying a snippet of code under CC-BY-SA-4.0 into an Apache-2.0 licensed file/project could make that whole file/project a "Adapted Material" in the spirit and letter of CC-BY-SA-4.0, and hence the whole file/project would need to be licensed under CC-BY-SA-4.0 (Section 3.b) or a BY-SA Compatible License - so no need bothering marking the snippet anymore 😉 




-----Original Message-----
From: REUSE <reuse-bounces at lists.fsfe.org> On Behalf Of Max Mehl
Sent: Donnerstag, 5. März 2020 12:36
To: reuse at lists.fsfe.org
Subject: [REUSE] Handle copyright and licensing of snippets

There is the open question how to deal with snippets inside of a REUSE
compliant file that are under a different license and copyright holder.
Example: a developer copies a snippet from StackOverflow to their file
which is licensed under Apache-2.0. According to the ToS, this snippet
would then be licensed under CC-BY-SA-4.0 [^1], and therefore also need
to declare the original copyright holder.

In an older issue [^2], Matija suggested something like the following:


```
SPDX-FileCopyrightText: Jane Doe
SPDX-License-Identifier: Apache-2.0

quasicode("by Jane Doe");

# REUSE-Snippet-Begin
# SPDX-FileCopyrightText: Foo Bar
# SPDX-License-Identifier: CC-BY-SA-4.0

print("great code by Foo Bar");

# REUSE-Snippet-End

return(42);
```

It should be noted that SPDX already has some fields to deal with
snippets [^3], and since we do not intend to introduce duplicated
standards, we might be inclined to make use of it. So we could use
instead:

* SPDX-SnippetCopyrightText: Foo Bar
* SPDX-SnippetLicenseConcluded: CC-BY-SA-4.0

Pros:
  - An official way to handle snippets and their copyright and licensing
    information.

Cons:
  - Would require a failsafe way how to mark the begin and end of a
    snippet all comment styles.
  - The tool would have to crawl more than the first 4 kilobytes of a
    file to catch all potential snippets.
  - SPDX-License-Identifier and SPDX-SnippetLicenseConcluded are quite
    different from each other, so one more pattern of tags to learn for
    adopters.


So no clearly defined suggestion but rather a start of a discussion.
Please share your opinion in reply to this mail. Thank you!


Best,
Max


[^1]: https://stackoverflow.com/help/licensing

[^2]: https://github.com/fsfe/reuse-docs/issues/34

[^3]: https://github.com/spdx/spdx-spec/blob/development/v2.2/chapters/5-snippet-information.md

-- 
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join
_______________________________________________
REUSE mailing list
REUSE at lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/reuse

This mailing list is covered by the FSFE's Code of Conduct. All
participants are kindly asked to be excellent to each other:
https://fsfe.org/about/codeofconduct


More information about the REUSE mailing list