From nico at nicorikken.eu Tue Jul 5 06:34:21 2022 From: nico at nicorikken.eu (Nico Rikken) Date: Tue, 05 Jul 2022 08:34:21 +0200 Subject: [REUSE] - Author Statement In-Reply-To: References: Message-ID: Hello Rohit, Thanks for using REUSE. Can you provide some examples to make it more concrete? You can anonimise it of course. Legally the author (or contributor) and copyright are different. The author has done the contribution, but especially in a work context whether consultancy or employment the company is typically the copyright holder. For individual contributors making the contribution on their own behalf, the copyright is typically with that person. More on this in the FAQ https://reuse.software/faq/#copyright-holder-author The safest option is to keep things as close to what they where, so the conversion to REUSE/SPDX on introduces the most minimal change. As suggested in the FAQ https://reuse.software/faq/#edit-copyright-and-licensing  This can for instance manifest itself in having different copyright header styles because each author might have a different way or preference to state their copyright https://reuse.software/faq/#copyright-symbol Feel free to follow up if you are left with some further questions Best, Nico Rikken -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: This is a digitally signed message part URL: From rohit.pandey4900 at gmail.com Wed Jul 6 17:00:51 2022 From: rohit.pandey4900 at gmail.com (Rohit Pandey) Date: Wed, 06 Jul 2022 17:00:51 -0000 Subject: [REUSE] Ignore missing/bad licenses from testdata files Message-ID: Hello, During the implementation of the REUSE.software standard, I added the licensing and copyright information to testdata files through dep5. However, reuse tool still shows missing/bad licensing information from testdata files. Is there any method to ignore or any plan in the future? [image: image.png] I have added issue #556 in reuse-tool for the same. Thanks Rohit -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 1032307 bytes Desc: not available URL: From max.mehl at fsfe.org Wed Jul 27 14:33:36 2022 From: max.mehl at fsfe.org (Max Mehl) Date: Wed, 27 Jul 2022 16:33:36 +0200 Subject: [REUSE] Ignore missing/bad licenses from testdata files In-Reply-To: References: Message-ID: <1658932315.yq15pyxxb4.2220@fsfe.org> ~ Rohit Pandey [2022-07-06 13:30 +0200]: > During the implementation of the REUSE.software standard, I added the > licensing and copyright information to testdata files through dep5. > However, reuse tool still shows missing/bad licensing information from > testdata files. Is there any method to ignore or any plan in the future? > > I have added issue #556 > in reuse-tool for the same. Sorry, this stuck in the moderation queue during my parental leave. Meanwhile, there are quite some questions and ideas for solutions mentioned in the issue. So I'd suggest we move the conversation to there. Best, Max -- Max Mehl - Programme Manager -- Free Software Foundation Europe Contact and information: https://fsfe.org/about/mehl -- @mxmehl The FSFE is a charity that empowers users to control technology From max.mehl at fsfe.org Thu Jul 28 09:13:13 2022 From: max.mehl at fsfe.org (Max Mehl) Date: Thu, 28 Jul 2022 11:13:13 +0200 Subject: [REUSE] Curl is now REUSE compliant! In-Reply-To: <7E0635EB-5C39-47CF-A3AC-C743D2C5D0AA@metaeffekt.com> References: <5f4e1e9e-e304-d86a-79fd-89b14246b7f4@fsfe.org> <20220622122209.wsj4iy6dvfs5oe25@debian-BULLSEYE-live-builder-AMD64> <7E0635EB-5C39-47CF-A3AC-C743D2C5D0AA@metaeffekt.com> Message-ID: <1658998822.ai2t0nmw1a.2220@fsfe.org> Hi Karsten, ~ Karsten Klein [2022-06-22 18:06 +0200]: > I took the thread as a trigger to check what our scanners derive and > made the following observations (not intended to be complete, but to > simply to trigger thoughts): Thanks for taking this as a chance to make a thorough check of the project. It highlights how a variety of tools and multiple pairs of eyes are needed to capture the complexity of a project like curl. I took the liberty to create an issue upstream as this is best to be discussed there. I also added some comments behind the points on how these can be addressed with REUSE: https://github.com/curl/curl/issues/9220 > My biggest concern with REUSE is that it might HIDE or OBFUSCATE > information (see items above). Just relying on the > SPDX-License-Identifier does not provide the full truth. Of course. REUSE, as most best practices, is not meant to be the single point of truth or the silver bullet to all problems in its sphere. It's an intentionally simple practice to mark files and get an overview for humans and machines of licensing and copyright – for the project's developers, re-users, compliance folks etc. > Currently we configure our scanner to intentionally excludes lines > containing SPDX-License-Identifier tags, because we would like “to see > through”. > > I don’t want to say, that this is the final situation. But in case > projects apply REUSE, I would require them to be as accurate as > possible and identify all corner cases; otherwise it just adds further > work and ambiguity. I, foreseeably, would see it the other way round. Especially for projects that adopt REUSE from the start, it usually is a great resource and helps its developers to keep track of special cases like included snippets under different copyright and license, third-party libraries, dual-licensing and so on. Retroactively identifying and fixing these is much harder (see Linux) and – as we see it here – also prone to mistakes. But it's still worth it! Many more people have a much better understanding of curl's licensing now, including the maintainer. During the process, we fixed some incompatible licensing and clarified a lot of questions. Moreover, it now is a constant reminder for contributors and maintainers to keep a closer look on potential licensing issues. Best, Max -- Max Mehl - Programme Manager -- Free Software Foundation Europe Contact and information: https://fsfe.org/about/mehl -- @mxmehl The FSFE is a charity that empowers users to control technology From max.mehl at fsfe.org Tue Aug 30 13:48:37 2022 From: max.mehl at fsfe.org (Max Mehl) Date: Tue, 30 Aug 2022 15:48:37 +0200 Subject: [REUSE] Change of REUSE coordinators Message-ID: <1661866265.orubik95dc.2220@fsfe.org> Dear all, It's been almost 4 years since I've had the honour to take over the role as co-coordinator of the REUSE initiative. From 1 September onwards I will no longer work for the FSFE, the organisation steering REUSE, and therefore pass the baton. It's been a pleasure to work so intensely in the vivid ecosystem around REUSE which many of you contributed to. >From September onwards, my colleagues Lina and Linus will take over my responsibilities and focus on helping more projects become REUSE compliant and at the same time making the tooling around it even more comfortable and beginner-friendly. And as before, REUSE also can rely on great contributions by engaged people, most notably Carmen who has been with REUSE since its beginning, Nico and Florian who contribute a lot to the helper tool, and Matija who helps tremendously with the legal sides of the specification and FAQ updates. So, REUSE continues to be backed by wonderful people. Personally, I will surely stay involved with REUSE here and there, and hopefully also professionally in the scope of my new role at Deutsche Bahn which – obviously – involves a lot of FOSS. Looking forward to meeting many of you at future meetings and conferences! I'll be available via my new email and of course via LinkedIn, Signal or social media as before. Best, Max -- Max Mehl - Programme Manager -- Free Software Foundation Europe Contact and information: https://fsfe.org/about/mehl -- @mxmehl The FSFE is a charity that empowers users to control technology