fsfe / reuse-tool Goto Github PK
View Code? Open in Web Editor NEWreuse is a tool for compliance with the REUSE recommendations.
Home Page: https://reuse.software
reuse is a tool for compliance with the REUSE recommendations.
Home Page: https://reuse.software
From the documentation:
If your project includes documentation which is not included in the final build
artefact, you are encouraged but not obliged to include license information for
these too.
Is it possible to specifically exclude folders or files from reuse lint
?
A package called fsfe-reuse
that provides a program called reuse
is a little confusing. Looking through the history, it was originally called reuse
, then renamed to fsfs-reuse
in a8c2890 without any rationale.
Is there a reason why the package cannot be called just reuse
?
The SPDX-License-Identifier given as a parameter for reuse download
is case-sensitive. I wonder whether this is actually necessary since there is no conflict. Especially for manual downloads, some users might appreciate the tool being less strict about this.
However, I think that we should stay case-sensitive when checking the identifiers with reuse lint
.
Also: Automatically detect if a .license
file already exists.
Some argparse arguments currently use argparse.FileType
. This is really convenient because it automatically detects whether a file exists and/or is writeable. But it's also annoying because it creates a stream and doesn't handle directories.
It shouldn't be too hard to homebrew something for this that just returns a Path object.
The tool will currently not recognise GPL-3.0
or GPL-3.0+
as a valid licence, preferring instead the new GPL-3.0-only
and GPL-3.0-or-later
.
Should the tool consider deprecated licences as valid? Should there be a warning?
The "+" operator remains a part of the SPDX spec, however, and should probably be handled correctly.
I need a little heads up on how to build reuse-tool
from scratch. My Linux distro is using Python 3.5 and I had to upgrade to 3.6 to install dependencies and the application.
So far I managed to install requirements.txt.
What are the build steps I have to take?
Downloaded licenses are formatted differently than originals (in text form). I believe this is because licenses may be downloaded from https://github.com/spdx/license-list-data/ which apparently generates them from HTML.
You can see what I mean, here:
I am not sure if this issue should be opened also in the spdx repository, but I think it would be nice if REUSE did not alter licenses.
Is it ok to modify licenses such as GPL (even just to reformat them) that explicitly forbids changes to the license itself?
Copyright (C) 2007 Free Software Foundation, Inc. https://fsf.org/
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Given a file erroneous-spdx.txt
:
SPDX-Copyright: Carmen
SPDX-License-Identifier: MIT OR BSD AND
The output of reuse lint
is:
reuse._util - ERROR - Could not parse 'MIT OR BSD AND'
reuse.project - ERROR - erroneous-spdx.txt holds an SPDX expression that cannot be parsed, skipping the file
NO LICENSE
The following files have no license(s):
erroneous-spdx.txt
NO COPYRIGHT
The following files have no copyright:
erroneous-spdx.txt
SUMMARY
Bad licenses: 0
Missing licenses: 0
Unused licenses: 0
Used licenses: Apache-2.0, CC-BY-SA-4.0, CC0-1.0, GPL-3.0-or-later
Read errors: 0
Files with copyright information: 47 / 48
Files with license information: 47 / 48
The ERROR statements are just logger output from within the program. The file is then completely skipped over, and its (completely valid) SPDX-Copyright tag is ignored.
Is this sufficient, or should the plumbing somehow change to account for this edge case?
Still need to do this... Also not sure whether reuse addheader
should support using something other than SPDX-Copyright
. Maybe that's a job for templates?
e.g., someone could have a template along the lines of:
SPDX-License-Identifier: {spdx_license_expression}
Copyright © {year} {copyright_holder} {copyright_contact}
instead of the default
SPDX-License-Identifier: {spdx_license_expression}
SPDX-Copyright: {year} {copyright_holder} {copyright_contact}
(Super rough sketch, that isn't an actual proposal)
Those tests don't exist, but should. This issue mostly exists as a reminder to self.
this is a repost from the forum:
From the documentation we read that it is allowed to add a suffix to the file name containing the License Text:
(you may attach some suffix to the filename as well, such as LICENSE.txt ).
I tested this and am having problems. I created a file with SPDX License Identifier
SPDX-Copyright: 2019 Alice
SPDX-License-Identifier: BSD-2-Clause
then created a License file with the name LICENSES/BSD-2-Clause-Alice.txt
The tool couldn’t find it. When I change the name to LICENSES/BSD-2-Clause.txt
it works.
Can the prefix only be applied to file extensions?
I initially quickly created #43 to quickly deal with an issue where the page of Dockerhub would incorrectly deal with <https://example.com>
links.
Example:
But, as it turns out, Sphinx is now broken.
Example:
So I've reverted all those commits for now. Will deal with this another time.
It would be great to create an example demonstrating how to use REUSE in a custom Git repository as a part of its continuous integration practice (e.g., Travis CI).
Recently I have spent a lot of time on including REUSE into CI used in gim repository. The main problem was with setting up required Python version together with language: shell
in .travis.yml, which seems impossible.
Well, I have ended up with Python version 3.5.2 (see also #25) and it looks like it is working but I am still afraid of that older Python version. Don't you know how to change Python version in Travis CI while using language: shell
and not language: python
by any chance? python: <version>
doesn't work in that case.
TLDR: I read #28 and the example https://git.io/fj577. I am fine with that, I think we need a way to automate this. And for some files the tagging has to be out-of-band, headers wont work.
My proposal:
reuse set-license --license X --copyright Y $GLOB
Which would edit .reuse/dep5
, also replace entries if needed and report conflicts.
For example:
reuse set-license --license CC-BY-SA-4.0 --copyright "2019 Ganwell" static/*.png
Adds this to .reuse/dep5:
Files: static/*.png
Copyright: 2019 Ganwell
License: CC-BY-SA-4.0
reuse set-common-config --license AGPL-3.0-or-later --copyright "2019 Ganwell"
This should add entries to .reuse/dep5 for common files like .gitignore, Cargo.tom, package.json. It's just too much to ask from users to track all these files. I also don't like headers in these file, because many of these files are generated/edited by command-line tools and these headers have a high chance to break the file, or the command-line tools might remove the header again.
Here is my motivation, I kind of argue that not every file should be tracked, but I can accept every file being tagged when there is good support for that.
I understand the goal to include every file. It feels like a good goal to me too. But I am not sure if really everything should be included. I moved 20 repositories to AGPL yesterday and I refused to add a license/copyright indicators to everything, it took over 10h regardless. Two mayor cases:
Config files, these are often strongly structured: Cargo.tom, package.json, .travis-ci.yml, .gitlab-ci.yml. A notable exception I see: setup.py is actually code and I sometimes write code in these that should be under copyright/copyleft.
Less structure config files and config for IDEs and helper tools, like: .gitignore, .flake8, setup.cfg. In my option they don't hold a copyright-able work. Although in theory maybe everything does, but really... its just a burden.
I think reuse should offer to set license/copyright on them, but by automatically extending .reuse/dep5 or some other out-of-band file. I can't add meaningful copyright indicators to files like *.png, *.jpg, *.dat. Some might actually have a comment field inside, but
I have to start the programm that produced that file to edit the comment
Almost nobody would ever bother to look inside a binary file
See also #13.
git config
and .reuse/config
should provide default values for author/email and default license respectively.
It makes sense for me to implement this as a composite of Project. This might be a little difficult, though, because I'd have to forward the config object to a lot of places that do not currently have one.
reuse download
could use an option to download all used licenses in a project, instead of having to download them individually. Perhaps with an --all
flag?
Since this might cause some issues with badly formed license information and/or false-positive findings, this could also happen interactively.
The following code fails during reuse lint
and complains about the identifier in
license_identifier
variable, which is used for writing license info to another file.
# SPDX-FileCopyrightText: 2019 Example
#
# SPDX-License-Identifier: LicenseRef-Proprietary
#
license_copyright_text = "SPDX-FileCopyrightText: 2019 Example"
license_identifier = "SPDX-License-Identifier: LicenseRef-Proprietary"
fout = open('out.txt', 'w')
fout.write(license_copyright_text)
fout.write('\n')
fout.write(license_identifier)
fout.close()
However, this file already has a valid license header.
The error message is:
reuse._util - ERROR - Could not parse 'LicenseRef-Proprietary"'
reuse.project - ERROR - kek.py holds an SPDX expression that cannot be parsed, skipping the file
Hello,
I was wondering how to properly license software with LGPL. On the GNU website ( https://www.gnu.org/licenses/gpl-howto.html ) I read that I should include both the GNU GPL plus the content of the LGPL:
Please note that, since the LGPL is a set of additional permissions on top of the GPL, it's crucial to include both licenses so users have all the materials they need to understand their rights
However the REUSE tool seems to be downloading only the text of the LGPL. Is that ok even if it contradicts the official guidelines?
Thanks :)
The question is clear. What is the minimal required Python version? README.rst states 3.6 whereas pypi as well as its badge states 3.5.
From my experience, it seems that REUSE works under Python 3.5.2 (Travis CI using Xenial image).
Hello,
I was trying to run reuse, but ran into an ImportError. Any idea why reuse cannot find its imports?
09:56 kuno@pink-yoshi:~/code$ mkdir reuse
09:56 kuno@pink-yoshi:~/code$ cd reuse
09:56 kuno@pink-yoshi:~/code/reuse$ python3 -m venv ve
09:57 kuno@pink-yoshi:~/code/reuse$ ve/bin/pip install fsfe-reuse
Collecting fsfe-reuse
Using cached https://files.pythonhosted.org/packages/30/11/f96ce5e81048ac1af34f68725c22ec88131c137ffa22ddf7814af917ce5c/fsfe_reuse-0.5.0-py3-none-any.whl
Collecting python-debian (from fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/87/49/a34a602141db50b101a25d1f256b33cfb7b406bafd0f00e071a5f7424c92/python_debian-0.1.36-py3-none-any.whl
Collecting license-expression (from fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/de/6b/65b4a2ee355a1ea1b78bdc858e314e767cedcc44e8aaf9cd46e4da41674b/license_expression-0.999-py2.py3-none-any.whl
Collecting binaryornot (from fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/24/7e/f7b6f453e6481d1e233540262ccbfcf89adcd43606f44a028d7f5fae5eb2/binaryornot-0.4.4-py2.py3-none-any.whl
Collecting boolean.py (from fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/9b/27/d22062a221010e17935237ba4b574cd828238ea02e0765337c238466a512/boolean.py-3.6-py2.py3-none-any.whl
Collecting Jinja2 (from fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/1d/e7/fd8b501e7a6dfe492a433deb7b9d833d39ca74916fa8bc63dd1a4947a671/Jinja2-2.10.1-py2.py3-none-any.whl
Collecting requests (from fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/51/bd/23c926cd341ea6b7dd0b2a00aba99ae0f828be89d72b2190f27c11d4b7fb/requests-2.22.0-py2.py3-none-any.whl
Collecting six (from python-debian->fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/73/fb/00a976f728d0d1fecfe898238ce23f502a721c0ac0ecfedb80e0d88c64e9/six-1.12.0-py2.py3-none-any.whl
Collecting chardet (from python-debian->fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl
Collecting MarkupSafe>=0.23 (from Jinja2->fsfe-reuse)
Using cached https://www.piwheels.org/simple/markupsafe/MarkupSafe-1.1.1-cp35-cp35m-linux_armv7l.whl
Collecting idna<2.9,>=2.5 (from requests->fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests->fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/18/b0/8146a4f8dd402f60744fa380bc73ca47303cccf8b9190fd16a827281eac2/certifi-2019.9.11-py2.py3-none-any.whl
Collecting urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 (from requests->fsfe-reuse)
Using cached https://files.pythonhosted.org/packages/81/b7/cef47224900ca67078ed6e2db51342796007433ad38329558f56a15255f5/urllib3-1.25.5-py2.py3-none-any.whl
Installing collected packages: six, chardet, python-debian, boolean.py, license-expression, binaryornot, MarkupSafe, Jinja2, idna, certifi, urllib3, requests, fsfe-reuse
Successfully installed Jinja2-2.10.1 MarkupSafe-1.1.1 binaryornot-0.4.4 boolean.py-3.6 certifi-2019.9.11 chardet-3.0.4 fsfe-reuse-0.5.0 idna-2.8 license-expression-0.999 python-debian-0.1.36 requests-2.22.0 six-1.12.0 urllib3-1.25.5
09:56 kuno@pink-yoshi:~/code/reuse$ cd ..
09:59 kuno@pink-yoshi:~/code$ cd reuse-example/
09:59 kuno@pink-yoshi:~/code/reuse-example (master)$ ../reuse/ve/bin/reuse lint
Traceback (most recent call last):
File "../reuse/ve/bin/reuse", line 7, in <module>
from reuse._main import main
File "/home/kuno/code/reuse/ve/lib/python3.5/site-packages/reuse/_main.py", line 13, in <module>
from . import (
File "/home/kuno/code/reuse/ve/lib/python3.5/site-packages/reuse/download.py", line 11, in <module>
from os import PathLike
ImportError: cannot import name 'PathLike'
09:59 kuno@pink-yoshi:~/code/reuse-example (master)$
System:
09:59 kuno@pink-yoshi:~/code/reuse-example (master)$ lsb_release -a
No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 9.9 (stretch)
Release: 9.9
Codename: stretch
Not really sure how to describe this short of giving an example:
bash-5.0$ reuse download 0BSD
Successfully downloaded 0BSD.bash-5.0$
It seems like it doesn't give a newline, and doesn't give the file extension.
We want to support custom templates for headers. Allow default templates per file type and verify integrity.
Some notes that we took:
Suppose a project with two licenses, A and B. docs
is the only directory that has files licensed under B. If I do reuse lint any_other_directory
, the linter will complain that license B is unused. This is kind of annoying and needs to be fixed.
While writing the documentation, I am noticing that some subcommands (e.g., reuse download
) are already wholly documented by their --help
command. Because I don't want to copy+paste (DRY), I would like to share the documentation from a single source. Ideally, that would look something like this:
download
========
<-- Output of `reuse download --help` here -->
[...]
I think this can be achieved with Jinja2. It's just a little bit of work that I want to put off.
I tried to lint the Linux kernel today and received a fatal error, see below:
Git: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Branch: master
Commit: 089cf7f6ecb266b6a4164919a2e69bd2f938374a
This error is rather new, with 0.4.0, linting Linux didn't throw an error.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/dual/Apache-2.0, resolving to Apache-2. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/dual/CDDL-1.0, resolving to CDDL-1. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/dual/MPL-1.1, resolving to MPL-1. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/exceptions/GCC-exception-2.0, resolving to GCC-exception-2. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/preferred/GPL-2.0, resolving to GPL-2. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/preferred/LGPL-2.0, resolving to LGPL-2. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/preferred/LGPL-2.1, resolving to LGPL-2. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - CRITICAL - LGPL-2 is the SPDX License Identifier of both LICENSES/preferred/LGPL-2.1 and LICENSES/preferred/LGPL-2.0
Traceback (most recent call last):
File "/usr/bin/reuse", line 11, in <module>
load_entry_point('fsfe-reuse==0.5.0', 'console_scripts', 'reuse')()
File "/usr/lib/python3.7/site-packages/reuse/_main.py", line 225, in main
return parsed_args.func(parsed_args, out)
File "/usr/lib/python3.7/site-packages/reuse/lint.py", line 255, in run
project = create_project()
File "/usr/lib/python3.7/site-packages/reuse/project.py", line 297, in create_project
return Project(root)
File "/usr/lib/python3.7/site-packages/reuse/project.py", line 63, in __init__
self.licenses = self._licenses()
File "/usr/lib/python3.7/site-packages/reuse/project.py", line 277, in _licenses
"Multiple licenses resolve to {}".format(identifier)
RuntimeError: Multiple licenses resolve to LGPL-2
$ reuse lint
SUMMARY
Bad licenses: 0
Missing licenses: 0
Unused licenses: 0
Used licenses: CC0-1.0, GPL-3.0-or-later
Read errors: 0
Files with copyright information: 6 / 6
Files with license information: 6 / 6
Congratulations! Your project is REUSE compliant :-)
reuse.project - ERROR - .reuse/dep5 has syntax errors
Traceback (most recent call last):
File "/home/carmen/Projektoj/reuse/src/reuse/project.py", line 256, in _copyright
self._copyright_val = Copyright(fp)
File "/home/carmen/.virtualenvs/reuse/lib64/python3.7/site-packages/debian/copyright.py", line 150, in __init__
raise NotMachineReadableError('no paragraphs in input')
debian.copyright.NotMachineReadableError: no paragraphs in input
Reported by @mxmehl
When I look into https://git.fsfe.org/reuse/website,
this repository has a single license file and a git submodule. The submodule contains a LICENSES
folder (in master branch).
The first thing I notice is that some files have no SPDX license identifier, for example README.md
, though the rendered output as 'content of the website' is licensed.
Files like .gitmodules
and Dockerfile
do not have a license. I was hoping to use reuse lint
in a build step to check whether the project is REUSE compliant
or not, but this doesn't work since there is no distinction between exceptions and missing license identifier.
When using submodules I receive the following git error: fatal: Pathspec 'reuse-docs/.git' is in submodule 'reuse-docs'
Finally, licenses from submodules cannot be found: reuse - WARNING - reuse-docs/practices/2.0.md is licensed under CC-BY-SA-4.0, but its license file could not be found
The reason for this is that the license only exist in the folder of the submodule and is missing in the root folder of the repository.
In this case, should I copy all licenses from submodules into the root LICENSES
folder, according to practice 1
or should I make a reference in the header:
/*
* This file is part of project X. It’s copyrighted by the contributors
* recorded in the version control history of the file, available from
* its original location http://git.example.com/X/filename.c
*
* SPDX-License-Identifier: GPL-3.0
*/
Arch Linux users can also use this AUR to install reuse: https://aur.archlinux.org/packages/reuse
We should mention it in the README, the docs, and the website.
Given .reuse/dep5
file
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Files: gradle/*.lockfile
Copyright: © Basil Peace
License: Apache-2.0
reuse lint
(master
branch) correctly recognizes license on gradle/main.lockfile
file under Debian, but not under Windows.
Under Windows this works:
Files: gradle\\*.lockfile
which is somewhat strange.
Format should be OS-independent otherwise cross-platform development and build is not feasible.
Hello! Would it be possible to add some relevant GitHub topics to this repository? It would be great and also it might bring some people.
I also want to say 'Thank you' this way for developing this project! ❤️ I have been using it in my every single software project (and even in some non-software focused ones) I have developed using Git. Still remember when I found it on FSFE Git and it was exactly what I wanted. Just type reuse lint
and that's all.
It's a shame that this project is so underestimated. Yet, it is one of my GitHub stars! ⭐
When running reuse spdx
over reuse-website, I find the following as an example:
FileName: ./site/static/css/template.css
SPDXID: SPDXRef-80751eb67afd7c1010f435798d7feb52
FileChecksum: SHA1: b7b7266ae690116ed56a71f616afd9d2bace073a
LicenseConcluded: NOASSERTION
LicenseInfoInFile: MIT
FileCopyrightText: <text>SPDX-FileCopyrightText: 2019 Free Software Foundation Europe e.V. <https://fsfe.org>
SPDX-FileCopyrightText: 2015 Omar Abdelhafith <[email protected]></text>
<text>
tag?This issue outlines all the ways in which one might use reuse addheader
, and what should happen in those cases.
This is a super straightforward case.
reuse addheader --copyright "Mary Sue" --license 0BSD myfile.py
should add the header
# SPDX-Copyright: CURRENT_YEAR Mary Sue
#
# SPDX-License-Identifier: 0BSD
Should there be a confirmation prompt here?
Also a simple case.
reuse addheader --year 1984 --copyright "Mary Sue" --llicense 0BSD myfile.py
should add the header
# SPDX-Copyright: 1984 Mary Sue
#
# SPDX-License-Identifier: 0BSD
You can repeat arguments.
reuse addheader --copyright "Mary Sue" --copyright "John Doe" --license 0BSD --license MIT
should add the header
# SPDX-Copyright: CURRENT_YEAR John Doe
# SPDX-Copyright: CURRENT_YEAR Mary Sue
#
# SPDX-License-Identifier: 0BSD
# SPDX-License-Identifier: MIT
The thing prompts you, maybe? This might be super clumsy though.
Everything between brackets is user input.
$ reuse addheader myfile.py
Who is the copyright holder?: [Mary Sue]
What is the license?: [0BSD]
SUCCESS MESSAGE HERE
Maybe we can set environment variables so that you don't have to be prompted. Kind of like a default setting for lazy users.
$ export NAME="Mary Sue"
$ export EMAIL="[email protected]"
$ export DEFAULT_LICENSE="0BSD"
$ reuse addheader myfile.py
will add the header
# SPDX-Copyright: CURRENT_YEAR Mary Sue <[email protected]>
#
# SPDX-License-Identifier: 0BSD
Should the user be prompted to confirm this?
Maybe we could put some defaults in .reuse/config
. Let's say that that file looks like this:
[reuse]
default_license="0BSD"
reuse addheader --copyright "Mary Sue" myfile.py
should add the header
# SPDX-Copyright: CURRENT_YEAR Mary Sue
#
# SPDX-License-Identifier: 0BSD
Should the user be prompted to confirm this?
The default copyright holder CANNOT be in .reuse/config
, because an individual's setting cannot be in the repository.
Maybe some defaults could be taken from git config
. Given a .git/config
(or global gitconfig) like this
[user]
email = [email protected]
name = Mary Sue
Then reuse addheader --license 0BSD myfile.py
might add the header
# SPDX-Copyright: CURRENT_YEAR Mary Sue <[email protected]>
#
# SPDX-License-Identifier: 0BSD
Should the user be prompted for this?
Given a git config
like this:
[user]
email = [email protected]
name = Mary Sue
and environment variables like this:
export NAME="Jane Doe"
export EMAIL="[email protected]"
export DEFAULT_LICENSE="MIT"
and a .reuse/config
like this:
[reuse]
default_license="0BSD"
What happens if you type reuse addheader myfile.py
?
What happens if you type reuse addheader --copyright "John Doe" --license "CC0-1.0" myfile.py
?
In contrast to license_expression
, which does a lot of legwork for us by verifying and interpreting SPDX License Expressions, spdx-tools
isn't currently doing much. I initially required it because it comes with an SPDX License List, but I ended up copying that code into the repository and making some minor adjustments.
Hello! I am a big fan of the new REUSE badge as it is simpler and smaller. However, it seems that GitHub caches some images on their servers and unfortunately includes the REUSE badge in this caching process. The following image should illustrate the new REUSE badge (from the official REUSE website) but in reality it is the older one:
So right now I am stuck with the older REUSE badge wherever I go on GitHub. I suspect that it is not only my problem and it affects more users. Please, let me know whether you are affected as well.
Do you know if there is any refresh interval of their cached images by chance? If so, what is the interval? Is there anything to do to get the new REUSE badge working?
If I can be of any help, feel free to ask.
This is related to #11.
This issue proposes several design challenges for the behaviour of reuse addheader
. I'm not really sure how to introduce them other than to simply expose them.
Just assume that we call reuse addheader
on all files.
Given a file
# This is my first program
print("Hello, world")
What should be done with the existing header?
Given a file
# This file is copyrighted by:
#
# SPDX-Copyright: Mary Sue
#
# This file is licensed under:
#
# SPDX-License-Identifier: 0BSD
print("Hello, world!")
What should be done with the existing header?
Given a file
# This is my first program
# SPDX-Copyright: Mary Sue
print("Hello, world!")
What should be done with the SPDX info?
With the release of v0.4.0, things have changed a lot. I would say that most changes are positive and it seems to me that a lot of program mechanisms are simpler as well as the REUSE Specification, which is almost always good; things are almost never as simple as they should be. ⚫ And license downloading... Good work on that! 👍 And I have hardly worked with the v0.5.0 so far, so I am looking forward. 😃
But there is a little problem arising from the new specification. It is the GitHub license integration. New specification requires all license files to be in the LICENSES directory, which makes sense to make things more simple and consistent but it certainly breaks the GitHub integration and it looks like the repository is not licensed at all at first glance. On the other hand, with previous versions there was a problem with the requirement of LICENSE.txt.license just to state the LICENSE.txt license identifier. I think it was the only way to both be REUSE compliant and meet GitHub integration (correct me if I am wrong). It certainly was not a perfect solution but it worked.
However, I like the idea that filename meets the license inside and REUSE should stick with it in my opinion. Nevertheless, I would like to open a discussion about any possible ways of GitHub integration and try to establish an official REUSE suggestion (or functionality) to solve this problem.
Personally, I don't have any specific suggestions but I have tried to somehow use both REUSE and GitHub integration in the vhdldep and asus-fan-control repositories.
In vhdldep, there was the preferred license added using GitHub website (the SPDX one is not recongised by GitHub 😕) and that's it. In this case, it is good that all know that the preferred license is the MIT license. However, I don't know how to include this information in README.md, so I have omitted it so far. It could be confusing. At the end of the day, which MIT license (LICENSE.txt, or LICENSES/MIT.txt) is this project license under? README.md is far from legal text.
In asus-fan-control, the situation about the right interpretation of the license is much better. However, the integration of GitHub says 'Other' license, which is predictable...
So as you can see, it may be a minor problem but I really like this program and I would be really happy to solve the above problem. Do you have any ideas? Any possible solutions including adding a new functionality to the program? Thank you for your time and sharing your opinions! 🎉
We already have some documentation for the tool, but I think we should provide more on the usage of the tool, so explain the function.
Ideally, we think of a way to integrate the different knowledge bases, so
This popped up in #90.
The tool currently goes by the following names:
If this could somehow be shrunk down to one name, that would be fantastic. But I'm not sure it can be shrunk down to one. Its name should remain reuse
on the CLI, barring a better alternative. But reuse
is not a very good name outside of the context of the CLI.
When running reuse lint not inside the repository but at least one level above, reuse lint does complain about missing files in LICENSES/, although they are in the given directory,
Situation:
/home/max/
|─ reuse-example
|─ some_other_dir
When running reuse lint
inside of /home/max/reuse-example
, everything is fine.
When running reuse lint reuse-example
inside of /home/max
, it fails. The same if I run reuse lint ../reuse-example
when running it inside the some_other_dir
:
# MISSING LICENSES
'CC-BY-4.0' found in:
* reuse-example/img/cat.jpg
'CC0-1.0' found in:
* reuse-example/.gitignore
'GPL-3.0-or-later' found in:
* reuse-example/Makefile
* reuse-example/README.md
* reuse-example/img/dog.jpg
* reuse-example/src/main.c
# SUMMARY
* Bad licenses:
* Missing licenses: CC-BY-4.0, CC0-1.0, GPL-3.0-or-later
* Unused licenses:
* Used licenses:
* Read errors: 0
* Files with copyright information: 6 / 6
* Files with license information: 6 / 6
Not sure how a good solution could look like since I assume that it is not trivial for the tool to detect what's the root of the project, especially when submodules are included.
The README says that the project is licensed under GPL-3.0-or-later, which is true, but not the whole truth.
If I add the following to a comment header:
# SPDX-License-Identifier: hello
Then I get this as output from reuse lint
:
# BAD LICENSES
'hello' found in:
* src/reuse/templates/default_template.jinja2
# SUMMARY
* Bad licenses: hello
* Missing licenses:
* Unused licenses:
* Used licenses: Apache-2.0, CC-BY-SA-4.0, CC0-1.0, GPL-3.0-or-later
* Read errors: 0
* Files with copyright information: 56 / 56
* Files with license information: 56 / 56
Unfortunately, your project is not compliant with version 3.0 of the REUSE Specification :-(
It should probably be under "missing licenses" as well.
According to the SPDX page: AGPL-3.0
and GPL-3.0-or-later
are correct identifiers.
What is interesting AGPL, is actually as AGPL-1.0 in source of reuse, but no matter what I try, it says the identifier is invalid.
$> reuse init
Initializing project for REUSE.
What license is your project under? Provide the SPDX License Identifier.
To stop adding licenses, hit RETURN.
AGPL-1.0
'AGPL-1.0' is not a valid SPDX License Identifier
What license is your project under? Provide the SPDX License Identifier.
To stop adding licenses, hit RETURN.
AGPL-3.0
'AGPL-3.0' is not a valid SPDX License Identifier
What license is your project under? Provide the SPDX License Identifier.
To stop adding licenses, hit RETURN.
GPL-3.0
'GPL-3.0' is not a valid SPDX License Identifier
What license is your project under? Provide the SPDX License Identifier.
To stop adding licenses, hit RETURN.
GNU Affero General Public License v3.0
'GNU Affero General Public License v3.0' is not a valid SPDX License Identifier
What license is your project under? Provide the SPDX License Identifier.
To stop adding licenses, hit RETURN.
GPL-3.0-or-later
What other license is your project under? Provide the SPDX License Identifier.
To stop adding licenses, hit RETURN.
GNU General Public License v3.0 or later
'GNU General Public License v3.0 or later' is not a valid SPDX License Identifier
What other license is your project under? Provide the SPDX License Identifier.
To stop adding licenses, hit RETURN.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.