Packages for FSFE's REUSE Initiative

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Packages for FSFE's REUSE Initiative

Carmen Bianca Bakker
Hi all,

Over the coming week, I will make submit requests against Factory for
two new packages: `python-debian` and `reuse`.  I am writing to this
list per the recommendation of the wiki article :)

`reuse` is a tool of which I am the upstream author, written for the
Free Software Foundation Europe's REUSE Initiative.  The REUSE
Initiative is a set of best practices for developers to license their
software in a way that is standardised and computer-parseable.  The
recommendations are broken up in three parts:

  1. Provide the exact text of each license used.

  2. Include a copyright notice and license in each file.

  3. Provide an inventory for included software.

Specifically for recommendation 2 and 3, the REUSE Initiative builds on
top of the work by the SPDX Workgroup.

In practice, the recommendations boil down to a a simple matter of
including the following lines in each comment header:

  # Copyright (C) 2017  Carmen Bianca Bakker <[hidden email]>
  #
  # [Can include regular blurb text here or elsewhere.]
  #
  # SPDX-License-Identifier: GPL-3.0+

And declaring the licences of all files that cannot have comment headers
in a `debian/copyright` file, borrowed from the Debian project.  This is
also incidentally why I am packaging `python-debian` :)

For extra integration, it is also recommended to allow a sort of "soft
linking" to the provided licence texts.  If my source code refers to a
`GPL-3.0+` licence, then it would be handy to know which file this
corresponds with.  Towards that end, you can either plop the licence in
`LICENSES/GPL-3.0.txt` or add the following lines to e.g. `COPYING`:

  Valid-License-Identifier: GPL-3.0
  License-Text:

                      GNU GENERAL PUBLIC LICENSE
                         Version 3, 29 June 2007

   Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
   Everyone is permitted to copy and distribute verbatim copies
   of this license document, but changing it is not allowed.

  [...]

And that is more or less the gist of the REUSE Initiative!  We have been
in collaboration with the Linux kernel to refine the recommendations and
to see what can be done to make the kernel compliant.  I assume there
will be more news on that later.  You can find more information at
<https://reuse.software/>.

The to-be-submitted reuse package is a linter for recommendations 1 and
2, and a compiler for recommendation 3.  It's a tool to help facilitate
developers in implementing the recommendations. It's a Python project of
under a thousand lines of code that is thoroughly documented and tested,
so maintainability shouldn't be very taxing.  Including it in the
distribution will lower the barrier for adoption and _hopefully_ improve
and standardise the licensing practices of Free Software projects.  One
may hope :)

The python-debian package is pulled from PyPI and maintained by the
lovely people at Debian, the distribution that is next on my list of
packaging.  I use only a very small portion of the package, and
unfortunately the package does not include any automated testing.  There
is some stuff in there that depends on `python-apt` (which is not
packaged for openSUSE, and probably never will be), but this is
fortunately not a hard dependency.

Thank you for building such an awesome distribution!

Yours sincerely,

--
Carmen Bianca Bakker
Technical Intern
Free Software Foundation Europe e.V.


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Packages for FSFE's REUSE Initiative

Bernhard Voelker
On 12/19/2017 04:17 PM, Carmen Bianca Bakker wrote:

> `reuse` is a tool of which I am the upstream author, written for the
> Free Software Foundation Europe's REUSE Initiative.  The REUSE
> Initiative is a set of best practices for developers to license their
> software in a way that is standardised and computer-parseable.  The
> recommendations are broken up in three parts:
>
>   1. Provide the exact text of each license used.
>
>   2. Include a copyright notice and license in each file.
>
>   3. Provide an inventory for included software.

Hi Carmen,

most packages here at openSUSE are just downstream, so I think the use of
'reuse' is limited to checking what upstream has put in their files?

When using it upstream: is this initiative of the FSF coordinated e.g.
with the GNU standards?  I didn't see any discussion about
"SPDX-License-Identifier"s on the GNU mailing lists.

Thanks & have a nice day,
Berny

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Packages for FSFE's REUSE Initiative

Carmen Bianca Bakker
Hi Bernhard,

Op 19-12-17 om 17:36 schreef Bernhard Voelker:
> most packages here at openSUSE are just downstream, so I think the use of
> 'reuse' is limited to checking what upstream has put in their files?

The use of reuse is similar to that of python3-flake8: For developers to
use while writing their programs, to verify that all their files are
covered by copyright notices and licences.  If you want to check what
upstream has put in their files, there are much better inspection tools
such as FOSSology or ScanCode.

> When using it upstream: is this initiative of the FSF coordinated e.g.
> with the GNU standards?  I didn't see any discussion about
> "SPDX-License-Identifier"s on the GNU mailing lists.

It's an initiative of the FSFE, the European sister organisation :)
There has been no coordination with the FSF/GNU yet.  I'm also not
subscribed to the GNU mailing lists.  Is this a good place to bring up
the initiative?  I do not want to seem the part of a spammy intruder, in
truth!

Yours sincerely,

--
Carmen Bianca Bakker
en eo fy nl


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Packages for FSFE's REUSE Initiative

Bernhard Voelker
Hi Carmen,

On 12/19/2017 05:46 PM, Carmen Bianca Bakker wrote:
> Op 19-12-17 om 17:36 schreef Bernhard Voelker:
>> most packages here at openSUSE are just downstream, so I think the use of
>> 'reuse' is limited to checking what upstream has put in their files?
>
> The use of reuse is similar to that of python3-flake8: For developers to
> use while writing their programs, to verify that all their files are
> covered by copyright notices and licences.  If you want to check what
> upstream has put in their files, there are much better inspection tools
> such as FOSSology or ScanCode.

I see, thanks.

>> When using it upstream: is this initiative of the FSF coordinated e.g.
>> with the GNU standards?  I didn't see any discussion about
>> "SPDX-License-Identifier"s on the GNU mailing lists.
>
> It's an initiative of the FSFE, the European sister organisation :)
> There has been no coordination with the FSF/GNU yet.  I'm also not
> subscribed to the GNU mailing lists.  Is this a good place to bring up
> the initiative?  I do not want to seem the part of a spammy intruder, in
> truth!

Well, you can try there, but this will probably start a bike-shedding
discussion.  Maybe it's better to send an email to RMS and the folks at
the FSF in Boston first ... licensing is tricky and usually beyond of
what the average hacker is able to care about.

Have a nice day,
Berny
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Packages for FSFE's REUSE Initiative

Aleksa Sarai
On 2017-12-19, Bernhard Voelker <[hidden email]> wrote:

> > > When using it upstream: is this initiative of the FSF coordinated e.g.
> > > with the GNU standards?  I didn't see any discussion about
> > > "SPDX-License-Identifier"s on the GNU mailing lists.
> >
> > It's an initiative of the FSFE, the European sister organisation :)
> > There has been no coordination with the FSF/GNU yet.  I'm also not
> > subscribed to the GNU mailing lists.  Is this a good place to bring up
> > the initiative?  I do not want to seem the part of a spammy intruder, in
> > truth!
>
> Well, you can try there, but this will probably start a bike-shedding
> discussion.  Maybe it's better to send an email to RMS and the folks at
> the FSF in Boston first ... licensing is tricky and usually beyond of
> what the average hacker is able to care about.
Note that FSFE has done their fair share of licensing and legal work[1],
so they're not just a bunch of "average hacker(s)" in this field. They
also do far more work in policy than the FSF proper these days.
SPDX-License-Identifier has also been worked on by the LF legal teams as
well, as part of the Linux kernel work to add these headers to all
files.

[1]: https://fsfe.org/activities/ftf/activities.en.html

--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Packages for FSFE's REUSE Initiative

Bernhard Voelker
On 12/19/2017 10:54 PM, Aleksa Sarai wrote:
> Note that FSFE has done their fair share of licensing and legal work[1],
> so they're not just a bunch of "average hacker(s)" in this field. They
> also do far more work in policy than the FSF proper these days.

Sorry, I didn't mean the team initiating this, but the potential users
of REUSE - like ... e.g. me: when it comes to legal statements I'm lost.
We "average hackers" have to rely on what advocates/lawyers have put
together for us, so many, many thanks to all of those who push free
software this way.

> SPDX-License-Identifier has also been worked on by the LF legal teams as
> well, as part of the Linux kernel work to add these headers to all
> files.
>
> [1]:https://fsfe.org/activities/ftf/activities.en.html

Thanks for the pointer.

Have a nice day,
Berny
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]