Skip to content
This repository has been archived by the owner on May 27, 2024. It is now read-only.

Snippet documentation seems to contradict example #146

Open
bernhardreiter opened this issue Apr 30, 2024 · 2 comments
Open

Snippet documentation seems to contradict example #146

bernhardreiter opened this issue Apr 30, 2024 · 2 comments
Labels
bug Something isn't working faq FAQ spec Specification

Comments

@bernhardreiter
Copy link
Contributor

bernhardreiter commented Apr 30, 2024
edited
Loading

The instructions say:

reuse-docs/spec.md

Lines 176 to 177 in 0913b0a

Do note that SPDX snippet tags MUST start with `SPDX-Snippet`, meaning that the
correct copyright notice in a snippet is `SPDX-SnippetCopyrightText`.

but in the example only one of the two tags has the "Snippet":

reuse-docs/spec.md

Lines 182 to 184 in 0913b0a

# SPDX-SnippetBegin
# SPDX-License-Identifier: MIT
# SPDX-SnippetCopyrightText: 2022 Jane Doe <[email protected]>

Why doesn't the License-Identifier need a prepended Snippet?
@silverhook
Copy link
Collaborator

Good catch, @bernhardreiter (also, great to hear from you, it’s been a while!)

This is to do with SPDX really:
https://spdx.github.io/spdx-spec/v2.3/file-tags/#h3-snippet-tags-format
https://spdx.github.io/spdx-spec/v2.3/file-tags/#h4-caveats
https://spdx.github.io/spdx-spec/v2.3/using-SPDX-short-identifiers-in-source-files/

The problem is that License-Identifier is (older and) specific when it comes to SPDX tags, and therefore not bound to the File. Which also kinda explains why it looks different with the dash instead of CamelCase.

There are other package-, file-, and snippet-level SDPX (2.x) tags:

Package level:

  • PackageLicenseDeclared
  • PackageLicenseInfoFromFiles
  • PackageLicenseConcluded

File level:

  • LicenseInfoInFile
  • LicenseConcluded

Snippet level:

  • LicenseInfoInSnippet
  • SnippetLicenseConcluded

But the major difference is that these are intended to be in the SPDX Document, which is typically generated by a tool such as a license scanner or SCA tool that parses information found in the source code; whereas License-Identifier was specifically created to be used in source code, and therefore the tools would translate License-Identifier into the appropriate tag in the SPDX Document.

That said, yes, we probably should clarify within REUSE – just as it already is in SDPX File Tags annex – that License-Identifier is a special case.

@mxmehl mxmehl added bug Something isn't working spec Specification faq FAQ labels May 14, 2024
@mxmehl
Copy link
Member

mxmehl commented May 14, 2024

Good catch, indeed. It's also wrong in the FAQ, we should fix that before 3.2 spec.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working faq FAQ spec Specification
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@silverhook @mxmehl @bernhardreiter