[REUSE] REUSE.yaml

Max Mehl max.mehl at fsfe.org
Tue May 4 10:06:06 UTC 2021 

Hi all,

Here's a pleasant update on the matter of providing a REUSE.yaml file
(working title). 

For those who joined later, a short summary: for some special cases,
REUSE allows to bulk-declare copyright/licensing for whole directories.
This currently happens via Debian's DEP-5 format. However, we are not
so happy about it for a number of reasons:

* The syntax and the keys are different from the SPDX tags REUSE users
  are expecting.
* The file's location is a bit opaque and far away from the actual files
  it describes.
* DEP-5 creates some dependencies for the REUSE tooling that are not
  that easy to work with.
* It's not a SPDX-supported format.

That is why we aim to soft-deprecate DEP-5 by a more flexible file
format.

~ Max Mehl [2020-07-28 12:38 +0200]:
> ~ Matija Šuklje [2020-07-27 15:32 +0200]:
>> Die 25. 07. 20 et hora 02:00 Gary O'Neall scripsit:
>>> Let me know if there is interest in creating a REUSE profile in SPDX.  The
>>> REUSE group could determine which fields are mandatory and which fields are
>>> optional.  Myself and the SPDX tech team would be happy to collaborate on
>>> the effort.
>> 
>> Thanks Gary, that sounds like a great way forward! :D
>> 
>> While I can’t call any shots, my vote would definitely be to work together 
>> with SPDX and duplicate as little as possible between the two solutions.
> 
> I fully agree, and would love to have a light REUSE profile in SPDX!

Thanks to Kate and Gary from SPDX, we had a great chat in a recent SPDX
tech meeting about an issue I created with SPDX:

  https://github.com/spdx/spdx-spec/issues/502

This issue describes the wish to have a file that describes at least
copyright and licensing for files in its own or child directories.

During the meeting, we figured that there are no big blockers to
integrate this into SPDX spec 3.0. Gary provided an excellent summary
in his most recent comment on this issue, if you are interested.

However, they need to run this by the SPDX legal team as well. So
nothing is written in stone yet, but I am already excited to see REUSE
offering a more elegant, flexible, and SPDX-standardised way to make
repositories REUSE compliant!

If you have any comments on this, please share your opinion on the issue
directly. Apart from that, as always, feel free to ask everyone here or
me directly via mail.

Best,
Max

-- 
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join

More information about the REUSE mailing list