[opensuse-factory] Packages for FSFE's REUSE Initiative
Hi all,
Over the coming week, I will make submit requests against Factory for
two new packages: `python-debian` and `reuse`. I am writing to this
list per the recommendation of the wiki article :)
`reuse` is a tool of which I am the upstream author, written for the
Free Software Foundation Europe's REUSE Initiative. The REUSE
Initiative is a set of best practices for developers to license their
software in a way that is standardised and computer-parseable. The
recommendations are broken up in three parts:
1. Provide the exact text of each license used.
2. Include a copyright notice and license in each file.
3. Provide an inventory for included software.
Specifically for recommendation 2 and 3, the REUSE Initiative builds on
top of the work by the SPDX Workgroup.
In practice, the recommendations boil down to a a simple matter of
including the following lines in each comment header:
# Copyright (C) 2017 Carmen Bianca Bakker
On 12/19/2017 04:17 PM, Carmen Bianca Bakker wrote:
`reuse` is a tool of which I am the upstream author, written for the Free Software Foundation Europe's REUSE Initiative. The REUSE Initiative is a set of best practices for developers to license their software in a way that is standardised and computer-parseable. The recommendations are broken up in three parts:
1. Provide the exact text of each license used.
2. Include a copyright notice and license in each file.
3. Provide an inventory for included software.
Hi Carmen, most packages here at openSUSE are just downstream, so I think the use of 'reuse' is limited to checking what upstream has put in their files? When using it upstream: is this initiative of the FSF coordinated e.g. with the GNU standards? I didn't see any discussion about "SPDX-License-Identifier"s on the GNU mailing lists. Thanks & have a nice day, Berny -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi Bernhard, Op 19-12-17 om 17:36 schreef Bernhard Voelker:
most packages here at openSUSE are just downstream, so I think the use of 'reuse' is limited to checking what upstream has put in their files?
The use of reuse is similar to that of python3-flake8: For developers to use while writing their programs, to verify that all their files are covered by copyright notices and licences. If you want to check what upstream has put in their files, there are much better inspection tools such as FOSSology or ScanCode.
When using it upstream: is this initiative of the FSF coordinated e.g. with the GNU standards? I didn't see any discussion about "SPDX-License-Identifier"s on the GNU mailing lists.
It's an initiative of the FSFE, the European sister organisation :) There has been no coordination with the FSF/GNU yet. I'm also not subscribed to the GNU mailing lists. Is this a good place to bring up the initiative? I do not want to seem the part of a spammy intruder, in truth! Yours sincerely, -- Carmen Bianca Bakker en eo fy nl
Hi Carmen, On 12/19/2017 05:46 PM, Carmen Bianca Bakker wrote:
Op 19-12-17 om 17:36 schreef Bernhard Voelker:
most packages here at openSUSE are just downstream, so I think the use of 'reuse' is limited to checking what upstream has put in their files?
The use of reuse is similar to that of python3-flake8: For developers to use while writing their programs, to verify that all their files are covered by copyright notices and licences. If you want to check what upstream has put in their files, there are much better inspection tools such as FOSSology or ScanCode.
I see, thanks.
When using it upstream: is this initiative of the FSF coordinated e.g. with the GNU standards? I didn't see any discussion about "SPDX-License-Identifier"s on the GNU mailing lists.
It's an initiative of the FSFE, the European sister organisation :) There has been no coordination with the FSF/GNU yet. I'm also not subscribed to the GNU mailing lists. Is this a good place to bring up the initiative? I do not want to seem the part of a spammy intruder, in truth!
Well, you can try there, but this will probably start a bike-shedding discussion. Maybe it's better to send an email to RMS and the folks at the FSF in Boston first ... licensing is tricky and usually beyond of what the average hacker is able to care about. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2017-12-19, Bernhard Voelker
When using it upstream: is this initiative of the FSF coordinated e.g. with the GNU standards? I didn't see any discussion about "SPDX-License-Identifier"s on the GNU mailing lists.
It's an initiative of the FSFE, the European sister organisation :) There has been no coordination with the FSF/GNU yet. I'm also not subscribed to the GNU mailing lists. Is this a good place to bring up the initiative? I do not want to seem the part of a spammy intruder, in truth!
Well, you can try there, but this will probably start a bike-shedding discussion. Maybe it's better to send an email to RMS and the folks at the FSF in Boston first ... licensing is tricky and usually beyond of what the average hacker is able to care about.
Note that FSFE has done their fair share of licensing and legal work[1], so they're not just a bunch of "average hacker(s)" in this field. They also do far more work in policy than the FSF proper these days. SPDX-License-Identifier has also been worked on by the LF legal teams as well, as part of the Linux kernel work to add these headers to all files. [1]: https://fsfe.org/activities/ftf/activities.en.html -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/
On 12/19/2017 10:54 PM, Aleksa Sarai wrote:
Note that FSFE has done their fair share of licensing and legal work[1], so they're not just a bunch of "average hacker(s)" in this field. They also do far more work in policy than the FSF proper these days.
Sorry, I didn't mean the team initiating this, but the potential users of REUSE - like ... e.g. me: when it comes to legal statements I'm lost. We "average hackers" have to rely on what advocates/lawyers have put together for us, so many, many thanks to all of those who push free software this way.
SPDX-License-Identifier has also been worked on by the LF legal teams as well, as part of the Linux kernel work to add these headers to all files.
Thanks for the pointer. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Aleksa Sarai
-
Bernhard Voelker
-
Carmen Bianca Bakker