[REUSE] Support / repurpose central LICENSE file

Matija Šuklje matija at suklje.name
Tue May 19 17:49:51 UTC 2020


Late to the party, but adding my thoughts in short.

As others have stated, neither proposal is optimal, and in any case with so 
much crowd muscle memory, we’re damned if we change the status quo, and remain 
damned if we don’t.

The lazy way out would be to keep it as it is and just let the `LICENSE` file 
be outside of REUSE’s scope – if there is one, so be it, but there needs to be 
a `LICENSES/` folder.

If we want to be more avantgarde, it is a great opportunity to improve the 
situation. The question remains if the gains outweighs the losses (kudos for 
framing it that way already at the start!).

> ## Option 1: LICENSE file valid for one-license repositories

This was already in REUSE spec before, and went out for a reason. The cons 
simply outweigh the pros. And if anyone really wants to continue to have a 
`LICENSE` file, they still can, and their REUSE compliance is just a simple:
`cp LICENSE LICENSES/${spdx_id}.txt` away.

> ## Option 2: Repurpose LICENSE file to explain general licensing situation

The problem I see with this is that it would add an additional burden on the 
maintainers, while giving very limited benefit.

TBH, if I saw something written in a `LICENSE` file, I would still take a quick 
glance at the filenames in `LICENSES/`. Well, actually, I would still run 
`reuse` or FOSSology over it anyway, as I don’t trust that whenever someone 
introduced a new license somewhere into the code base, they actually bothered 
to update the `LICENSE` file (and I’d only rely on the content of `LICENSES/` 
folder, if the project was REUSE compliant).

So I see no benefit in Option 2.

I think a suggestion (not a hard rule of the spec) that they should summarise 
the software’s licensing situation in README (or LICENSE) should be enough 
IMHO.

Also, while the `LICENSE` file in the root folder is common, there are many 
other common ways out there – `docs/licenses`, `lib/oss_licenses`, `COPYING`, 
`COPYING.GPL`, `COPYRIGHT`, `COPYLEFT`, …

If we really wanted to have something useful, we could ask for an SPDX file in 
the root of the folder, but even then we would need to trust that the 
maintainer actually regenerates the SPDX file regularly enough. In previous 
versions of the REUSE, that was actually part of the spec but it was removed, 
because it was deemed that we cannot burned the maintainers with also 
maintaining a SPDX file, especially when the `reuse` tool can very easily 
create an SPDX file out of a compliant codebase anyway.


cheers,
Matija
-- 
gsm:	tel:+386.41.849.552
www:	https://matija.suklje.name
xmpp:	matija.suklje at gabbler.org
sip:	matija_suklje at ippi.fr




More information about the REUSE mailing list