[go: up one dir, main page]

Today I Learned

tags

2023/12/12

TL;DR: slap copyright comments on files and vendor licenses into a top-level LICENSES/${spdx_id}.${ext} directory.

The SPDX spec v2.3 references the REUSE spec v3.

Alternatively, you can use aLicenseRef-custom license identifier to refer to a license that is not on the SPDX License List, such as the following:

SPDX-License-Identifier: LicenseRef-my-special-license

TheLicenseRef-format is defined in AnnexD. When using a customLicenseRef-identifier, you will also need to provide a way for others to determine what license text corresponds to it.Version 3.0 of the REUSE Software Specificationprovides a standardized format that can optionally be used for providing the corresponding license text for these identifiers.

The REUSE spec has the following interesting points:

A Project MUST include a License File for every license under which Covered Files are licensed.

Each License File MUST be placed in theLICENSES/directory in the root of the Project. The name of the License File MUST be the SPDX License Identifier of the license followed by an appropriate file extension (example:LICENSES/GPL-3.0-or-later.txt). The License File MUST be in plain text format.

If a license does not exist in the SPDX License List, its SPDX License Identifier MUST beLicenseRef-[idstring]as defined by the SPDX Specification, Section 6 …

Each Covered File MUST have Copyright and Licensing Information associated with it. There are two ways to associate Copyright and Licensing Information with a file.

Comment Headers

To implement this method, each plain text file that can contain comments MUST contain comments at the top of the file (comment header) that declare that file’s Copyright and Licensing Information.

If a file is not a plain text file or does not permit the inclusion of comments, the comment header that declares the file’s Copyright and Licensing Information SHOULD be in an adjacent file of the same name with the additional extension.license(example:cat.jpg.licenseif the original file iscat.jpg).

The comment header MUST contain one or moreSPDX-FileCopyrightTexttags, and one or moreSPDX-License-Identifiertags. A tag is followed by a colon, followed by a text value, and terminated by a newline.

Instead of the SPDX-FileCopyrightText tag, the symbol©, or the word Copyright MAY be used, in which case a colon is not needed.

# SPDX-FileCopyrightText: 2016, 2018-2019 Jane Doe <jane@example.com>
# SPDX-FileCopyrightText: 2019 Example Company
#
# SPDX-License-Identifier: GPL-3.0-or-later

[…]

© Example Corporation <https://corp.example.com>
Copyright 2016, 2018-2019 Joe Anybody
Copyright (c) Alice

Dep5

Alternatively, Copyright and Licensing Information MAY be associated with a file through a DEP5 file.[…]

The DEP5 file MUST be nameddep5and stored in the.reuse/directory in the root of the Project (i.e..reuse/dep5).

An example of a DEP5 file:

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: Project
Upstream-Contact: Jane Doe <jane@example.com>
Source: https://example.com/jane/project

Files: po/*
Copyright: 2019 Translation Company
License: GPL-3.0-or-later