[REUSE] Handle copyright and licensing of snippets

nicolas1.toussaint at orange.com nicolas1.toussaint at orange.com
Fri Mar 13 08:50:55 UTC 2020 

Hello,

This is definitely a needed feature (mostly for StackOverflow copy & 
pastes ASAIAC)

My PoV on raised points above:

 > REUSE-Snippet-* vs SPDX-Snippet*
Definitely in favor of aligning with SPDX standard, for standardization 
reasons,
  but also to facilitate automatic detection.
BUT, they are useless without corresponding END tags
  -> should we see with SPDX team to add them ?

 > The tool would have to crawl more than the first 4 kilobytes of a file
 > to catch all potential snippets.
This means more time & computing power, but searching for a fixed string 
'SPDX-Snippet'
  is still much less effort than searching for plenty of keywords, regexps,
  or similarities with license texts for ex.

 > SPDX-License-Identifier and SPDX-SnippetLicenseConcluded are quite 
different from each other,
 > so one more pattern of tags to learn for adopters.
We can still search for "SPDX-License-Identifier" in the first 4kb,
  then 'SPDX-Snippet*' in the rest of the files.

 >  marking every single snippet of copied code is a tedious task for 
developers,
It sure is... and will likely only be used under constraint :)
Source code editors could also help here with automatic text insertion.
When we have an open source snippet detection solution, it could also 
help inserting those tags.

And an open question: should we add the possbility to also specify a 
source URL along
  license and copyright information to easily trace back the snippet to 
the source ?

Nico

On 06/03/2020 08:07, Matija Šuklje wrote:
> On četrtek, 05. marec 2020 13:46:01 CET, Gustafsson, Stefan wrote:
>>
>> P.S. Slightly unrelated to the how-to-mark-snippets-topic: in the 
>> example you chose, one could argue that copying a snippet of code 
>> under CC-BY-SA-4.0 into an Apache-2.0 licensed file/project could 
>> make that whole file/project a "Adapted Material" in the spirit and 
>> letter of CC-BY-SA-4.0, and hence the whole file/project would need 
>> to be licensed under CC-BY-SA-4.0 (Section 3.b) or a BY-SA Compatible 
>> License - so no need bothering marking the snippet anymore 😉 
>
> Sure, but that is just one example (not uncommon, as AFAIR 
> StackOverflow uses CC-BY-SA¹), and there are other – perhaps even 
> incompatible – sets of licenses one could take as an example. Do you 
> have a better suggestion?
>
> In any case, since we are talking about source code, the fact that a 
> snippet is differently licensed from the majority of the code still 
> somewhat similar to including a differently licensed library or copy a 
> file into the codebase. So, one can still fix the potential 
> incompatibility (or avoid certain obligations) by removing that 
> portion of the code and replacing it with one that is compatible, 
> without major harm. As long as all files and snippets have their 
> licensing info clearly attached to them, you can fix anything that 
> needs fixing.
>
> Following your example, CC-BY-SA-4.0 might apply to the whole file, 
> but what happens if someone later removes that snippet. If the person 
> before them simply changed the license of the whole file to 
> CC-BY-SA-4.0, then one would assume the file would continue to be 
> under that license (instead of Apache-2.0, which would be more logical).
>
> In addition, I would argue that the rest of the file remains under 
> Apache-2.0 even if a CC-BY-SA-4.0 snippet was embedded into it. That 
> is the licensing situation of the code. It is only in the next step 
> when we look into the specific obligations each license (and piece of 
> code) demands. Only then we decide that CC-BY-SA-4.0 is the common 
> denominator² of both CC-BY-SA-4.0 and Apache-2.0, and that it is that 
> license which applies to the new work as a whole (while parts of the 
> work are still licensed as they are).
>
> Now, if this was binary-only, things might have been different³.
>
>
> cheers,
> Matija
>> 1    https://stackoverflow.com/legal/terms-of-service#licensing
>
> 2    Although another common denominator could be GPL-3.0-only.
>
> 3    C.f. adplumbatio vs ferruminatio
>     https://de.wikisource.org/wiki/RE:Adplumbatio
>     https://muse.jhu.edu/chapter/318772

-- 

Nicolas Toussaint
OBS - Orange Business Services - Lyon, France
Tel: +33 608 763 559

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fsfe.org/pipermail/reuse/attachments/20200313/738aa136/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5478 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fsfe.org/pipermail/reuse/attachments/20200313/738aa136/attachment-0001.bin>

More information about the REUSE mailing list