[REUSE] REUSE.yaml

Max Mehl max.mehl at fsfe.org
Tue Jun 22 13:17:35 UTC 2021 

Hi all,

We are getting a bit closer to introducing REUSE.yaml as a way to
provide bulk-information about copyright and licensing for files.

Here's an issue asking for your opinions on possible formats and
syntaxes of the files, including target and globbing rules as well as
internal conflict resolution:

  https://github.com/fsfe/reuse-docs/issues/81

Conflict resolution outside of a REUSE.yaml file between the different
options how one can define information with REUSE is discussed here:

  https://github.com/fsfe/reuse-docs/issues/70

Your feedback is highly appreciated, and very important so we can make a
well-founded decision. Thank you.

Best,
Max


~ Max Mehl [2021-05-04 12:06 +0200]:
> Hi all,
> 
> Here's a pleasant update on the matter of providing a REUSE.yaml file
> (working title). 
> 
> For those who joined later, a short summary: for some special cases,
> REUSE allows to bulk-declare copyright/licensing for whole directories.
> This currently happens via Debian's DEP-5 format. However, we are not
> so happy about it for a number of reasons:
> 
> * The syntax and the keys are different from the SPDX tags REUSE users
>   are expecting.
> * The file's location is a bit opaque and far away from the actual files
>   it describes.
> * DEP-5 creates some dependencies for the REUSE tooling that are not
>   that easy to work with.
> * It's not a SPDX-supported format.
> 
> That is why we aim to soft-deprecate DEP-5 by a more flexible file
> format.
> 
> ~ Max Mehl [2020-07-28 12:38 +0200]:
>> ~ Matija Šuklje [2020-07-27 15:32 +0200]:
>>> Die 25. 07. 20 et hora 02:00 Gary O'Neall scripsit:
>>>> Let me know if there is interest in creating a REUSE profile in SPDX.  The
>>>> REUSE group could determine which fields are mandatory and which fields are
>>>> optional.  Myself and the SPDX tech team would be happy to collaborate on
>>>> the effort.
>>> 
>>> Thanks Gary, that sounds like a great way forward! :D
>>> 
>>> While I can’t call any shots, my vote would definitely be to work together 
>>> with SPDX and duplicate as little as possible between the two solutions.
>> 
>> I fully agree, and would love to have a light REUSE profile in SPDX!
> 
> Thanks to Kate and Gary from SPDX, we had a great chat in a recent SPDX
> tech meeting about an issue I created with SPDX:
> 
>   https://github.com/spdx/spdx-spec/issues/502
> 
> This issue describes the wish to have a file that describes at least
> copyright and licensing for files in its own or child directories.
> 
> During the meeting, we figured that there are no big blockers to
> integrate this into SPDX spec 3.0. Gary provided an excellent summary
> in his most recent comment on this issue, if you are interested.
> 
> However, they need to run this by the SPDX legal team as well. So
> nothing is written in stone yet, but I am already excited to see REUSE
> offering a more elegant, flexible, and SPDX-standardised way to make
> repositories REUSE compliant!
> 
> If you have any comments on this, please share your opinion on the issue
> directly. Apart from that, as always, feel free to ask everyone here or
> me directly via mail.
> 
> Best,
> Max

-- 
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join

More information about the REUSE mailing list