[REUSE] SPDX/REUSE Updates in KDE Land

Andreas Cord-Landwehr cordlandwehr at kde.org
Sun Aug 16 06:27:33 UTC 2020 

Hi, I would like to give a short update about what currently is happening in 
KDE regarding SPDX markers and REUSE. -- If this is not the right list, please 
tell me; but right now I assume that you are interested :)

In KDE, with 24 years of source code files in our repositories, we have 
collected quite a zoo of different license headers over the years that are 
supposed to be cleaned up. Moreover, one product that we offer explicitly for 
usage by developers outside the KDE community are the KDE frameworks, which is 
a set of libraries on top of Qt that shall simplify the life of every Qt 
developer (all licensed as LGPL, contrary to the most other parts of KDE which 
are mostly GPL).

During the last months we converted all of our KDE frameworks to REUSE 
compatible license information and copyright statements (at least those files 
that contain copyright information for now). A short status update is here:
https://cordlandwehr.wordpress.com/2020/08/14/spdx-for-kf5-kf6-status-update/

During this conversion, I worked on two tools that might be also interested 
for people outside of KDE:

1. License-Digger: This small tool was developed to do automatic conversions 
of code bases to REUSE compatible license statements. Note that the approach 
is different to the Linux Kernel, which used two existing license detection 
tools, compared both results, generated a conversion table and had a script 
that applied these changes.
My approach is to trust more in the (very intense unit tested) tool and do a 
direct conversion but be much more restrictive about how licenses are 
detected:
https://invent.kde.org/sdk/licensedigger

2. Build-System-Tooling for Compatibility Testing: This is still an early 
version, but the idea is automatically generated unit tests for checking 
compatibility with outbound licenses of libraries/executables. Actually, is is 
meant as regressions testing that added source files do not prevent the legal 
distribution of a binary artifact with a specific outbound license (internally 
it runs "reuse spdx" and uses the generated BOM file):
https://invent.kde.org/frameworks/extra-cmake-modules/-/merge_requests/21

Cheers,
Andreas

More information about the REUSE mailing list