From 9e16bc8ce8b1097110a73297b027a6d28528429d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Allan=20Nordh=C3=B8y?= Date: Sun, 15 Nov 2020 09:58:11 +0000 Subject: [PATCH 1/2] REUSE FAQ language reworked --- faq.md | 275 +++++++++++++++++++++++++++------------------------------ 1 file changed, 130 insertions(+), 145 deletions(-) diff --git a/faq.md b/faq.md index 4349cfd..48a81b0 100644 --- a/faq.md +++ b/faq.md @@ -11,8 +11,8 @@ title: "Frequently Asked Questions" ## I am short on time. Can you give me the quickest possible summary? {#quick-summary} -We want to improve the way that people license their software projects. We -propose three steps to achieve this: +To improve the way that people license their Free Software projects, +three steps are proposed: ### 1. Choose and provide licenses {#step-1} @@ -20,10 +20,10 @@ Choose a [Free Software](https://fsfe.org/about/basics/freesoftware) license for your project. Find the SPDX identifier of your license in the [SPDX License List](https://spdx.org/licenses/). Download the license text for your license from the -[license-list-data](https://github.com/spdx/license-list-data/tree/master/text) -repository and put it in the `LICENSES/` directory. +[license-list-data](https://github.com/spdx/license-list-data/tree/master/text) repository +and put it in the `LICENSES/` folder. -### 2. Add copyright and licensing information to each file {#step-2} +### 2. Add copyright and licensing info to each file {#step-2} Then, for all files, edit the header to contain the following: @@ -67,18 +67,17 @@ that software is [Free Software](https://fsfe.org/about/basics/freesoftware). ## Which license should I choose? {#which-license} -Always choose a Free Software license, i.e., a license that gives the recipient -the freedom to use, study, share, and improve the software. Aside from that, the -license you choose is up to you. -If you are contributing to an existing project, you should release your -changes under the same license as the project. Otherwise, the [Free Software -Foundation](https://www.gnu.org/licenses/license-recommendations.html), +Always choose a Free Software license, i.e., a license giving the recipient +the freedom to use, study, share, and improve the software. The license you +pick beyond that is up to you. If contributing to an existing project, release your +changes under the same license as the project, which is done by default. +Otherwise, the [Free Software Foundation](https://www.gnu.org/licenses/license-recommendations.html), [choosealicense.com](https://choosealicense.com/), and [joinup.eu](https://joinup.ec.europa.eu/collection/eupl/joinup-licensing-assistant-jla) -have some good recommendations. Note that these resources each emphasise a -different value, and come with their own biases. +have some good recommendations. These resources each emphasise different values, +and come with their own biases. -Above all, if you value freedom, you should choose a license that makes your +Above all, if you value freedom, choose a license that makes your software [Free Software](https://fsfe.org/about/basics/freesoftware.en.html). ## What is SPDX? {#what-is-spdx} -SPDX stands for [Software Package Data Exchange](https://spdx.org/). It is a -project by the [Linux Foundation](https://www.linuxfoundation.org/) and the rock -upon which REUSE is built. SPDX defines a standardized way to share copyright -and licensing information between projects and people. Most importantly for +SPDX is the rock upon which REUSE is built and stands for +[Software Package Data Exchange](https://spdx.org/). It is a +project by the [Linux Foundation](https://www.linuxfoundation.org/). +SPDX defines a standardised way to share copyright +and licensing info between projects and people. Most importantly for REUSE, SPDX maintains the [SPDX License List](https://spdx.org/licenses/), which -defines standardized identifiers for a lot of licenses. +defines standardised identifiers for a lot of licenses. -# The tool {#tool} +# The REUSE tool {#tool} -## How do I install and use the REUSE tool? {#install-tool} +## Install and use the REUSE tool {#install-tool} -The REUSE tool is a handy companion that can verify your compliance with REUSE +The REUSE tool is a handy companion to verify your compliance with REUSE and automate a lot of adjacent tasks. You can find the full documentation for the tool at . But the short of it is: @@ -108,29 +108,27 @@ $ export PATH=~/.local/bin:$PATH $ reuse --help ``` -## How do I exclude a file from REUSE compliance testing? {#exclude-file} +## Exclude a file from REUSE compliance testing {#exclude-file} -If the file is a build artifact and you use Git, simply make sure that the file +If the file is a build artifact and you use Git, ensure the file is covered by your `.gitignore` file. Otherwise, you cannot exclude files from REUSE compliance testing. It would go -entirely against the purpose of REUSE: making sure that every file has a +entirely against the purpose of REUSE: to make sure every file has a copyright and license tag. -If you really want to exclude a file, consider using the -[CC0](https://creativecommons.org/publicdomain/zero/1.0/) license for this -file. By doing this, you put the file in the public domain, or your country's -equivalent. +License files are automatically excluded from compliance testing. -There is one exception: License files are automatically excluded from compliance -testing. - -If you have an entire directory that you want to "exclude" from REUSE compliance +If you have an entire folder you want to "exclude" from REUSE compliance testing, you can [use a DEP5 file](#bulk-license). -## Do you support a version control system other than Git? {#no-git} + + +TODO --> -Currently we do not, but please [get in +## Plans to support a version control system other than Git? {#no-git} + +Currently no, but please [get in touch](https://github.com/fsfe/reuse-tool/issues). # Licensing and compliance {#licensing} @@ -139,15 +137,14 @@ touch](https://github.com/fsfe/reuse-tool/issues). ## Is there a standard format for declaring copyright? {#standard-copyright} -Generally, we recommend that you use `SPDX-FileCopyrightText: [year] [copyright holder] -<[contact address]>`. You may choose to drop items except the copyright holder, -which must always be included. We recommend that you include all items, however. +Generally, it is recommended you use `SPDX-FileCopyrightText: [year] [copyright holder] +<[contact address]>`. You may choose to drop items beyond the copyright holder +(which must always be included). Our recommendation is to include all items. The specification includes a section on the exact format of the copyright -notice. See [the specification](/spec) and [the next -question](#copyright-symbol). +notice. See [the specification](/spec) and [the next question](#copyright-symbol). -## Do I use SPDX-FileCopyrightText, Copyright, or ©? {#copyright-symbol} +## Use SPDX-FileCopyrightText, Copyright, or ©? {#copyright-symbol} The specification lists the following copyright notices as valid: @@ -159,7 +156,7 @@ Copyright 2016, 2018-2019 Joe Anybody Copyright (c) Alice ``` -Out of those, the first two are highly recommended. The others exist primarily +Of those, the first two are highly recommended. The others exist primarily to be compatible with existing conventions. @@ -172,7 +169,7 @@ Generally, there are four options for you to choose: 2. The year of the latest publication. -3. All years of publications, either as range (e.g., 2017-2019) or as separate +3. All years of publications, either as range (e.g., 2017–2019) or as separate entries (e.g., 2017, 2018, 2019). 4. Do not include any year. @@ -183,17 +180,16 @@ Which option you choose is ultimately up to you. Members of the GPL family are listed separately in the SPDX License List as -only and -or-later, even though the license texts are identical. If you have -code under only one of these licenses, we recommend that you only include that -one license. +code under only one of these licenses, include only that one license. -If you have code under both an -only license and an -or-later license, we -recommend that you include both licenses separately. +If you have code under both an -only license and an -or-later license, it +is recommended you include both licenses separately. ## What are license exceptions and what do I do with them? {#license-exceptions} -License exceptions are additions or alterations to a license that often work to -permit a certain use of the code that wouldn't be allowed under the original -license. It is often used by compilers, where a portion of compiler code may end +License exceptions are additions or alterations to a license often working so as to +permit a certain use of the code that wouldn't otherwise be allowed under the original +one. It is often used by compilers, where a portion of the compiler code may end up in the resulting binary. The exception may waive rights over portions of code that end up in binaries. @@ -209,119 +205,110 @@ person holds copyright over the output. Common examples are source code, documentation, audio, and video. There are some edge cases, however. For instance, the program `print("Hello, -REUSE!")` probably does not meet the threshold of originality. Similarly, data +REUSE!")` does not meet the threshold of originality. Similarly, data files and configuration files may not meet that threshold either. ## What to do with uncopyrightable files? {#uncopyrightable} -There are two things that you can do with such a file to make sure that its -copyright and licensing is recorded. The first option is to simply use your -regular copyright and license header for this file. There is nothing that stops -you from claiming copyright over your own works. However, a court would still -likely find such files uncopyrightable. - -The alternative is to waive your copyright by using the -[CC0-1.0](https://creativecommons.org/publicdomain/zero/1.0/) license. +You can use your regular copyright and license header for this file. +There is nothing that stops you from claiming copyright over your own works. +However, a court would still likely find such files uncopyrightable. -It is important to note that you can only do this for your own works. If the -file was authored by someone else, you must declare their copyright and license -in the header. +It is important to note you are only permitted to do this for your own works. If the +file was authored by someone else, declare their copyright and license in the header. ## How do I copy someone else's work? {#copy-work} If someone else has made their work available for you to use and copy, you can -incorporate their work into your project. When you put the work in one of the -files in your project, you should add an `SPDX-FileCopyrightText` tag for the copyright -holder(s) and an `SPDX-License-Identifier` tag for the license(s) under which -the work was made available. +incorporate their work into your project, as per the license of said work. When you put +the work in one of the files in your project, you should add an `SPDX-FileCopyrightText` +tag for the copyright holder(s) and an `SPDX-License-Identifier` tag for the license(s) +under which the work was made available. -If the work was licensed differently from your project, you should verify -whether the licenses are compatible, and add the new licenses to your project. +If the work was licensed differently from your project, verify whether the licenses are +compatible, and add the new ones to your project if need be (and possible). ## Can I copy a work that has no copyright notice or license? {#no-copyright-license} -Before you proceed, always first make sure that you can find the copyright and -licensing information elsewhere. Some projects only include this information in -the root directory or in their README file. +Before proceeding, always first ensure you can find the copyright and +licensing information elsewhere first. Some projects only include this info in +the root of the repository, or in their README file. -If you can find no copyright notice, then that is no problem. You can add the +If you cannot find a copyright notice, then that is no problem. You can add the copyright notice yourself. -If the work has no license, then that means that you do not have the right to -copy it. If you believe that this is a mistake and the author clearly meant for -you to be able to copy this work, you should contact the author and ask them to -license their work. Feel free to refer them to . +If the work has no license, it means you do not have the right to copy it. +If you believe this is a mistake and the author clearly meant for +you to be able to copy this work, contact the author and ask the person to +license their work. Feel free to refer to . ## Where else do I put my license information? {#where-else} Marking all individual files with `SPDX-License-Identifier` tags goes a long way -towards unambiguously communicating the license information of your project, but -it helps to communicate the license information in natural language as well. In -the README of your project, feel free to provide a summary of the licensing -information, or simply redirect the reader to your `LICENSES/` directory. +towards unambiguously communicating the license info of your project, and helps +communicate it in natural language too. In the README of your project, feel free +to provide a summary of the licensing info, or simply redirect the reader to +your `LICENSES/` folder. -Additionally, many package hosting sites expect that you declare the licensing -information of your package. For instance, the [setup.py file of the REUSE +Additionally, many package hosting sites expect the licensing info of your package +to be declared. For instance, the [setup.py file of the REUSE tool](https://github.com/fsfe/reuse-tool/blob/master/setup.py) declares all the -licenses that it uses in the format expected by the Python packaging +licenses it uses, in the format expected by the Python packaging infrastructure. ## What is a copyright holder, and what is an author? {#copyright-holder-author} -In these resources, we maintain a distinction between the copyright holder and -the author. The author (also known as creator) is the person who sat down and -created a work. Think of the author as a programmer, writer, or artist. +In these resources, a distinction between the copyright holder and +the author is maintained. The author (also known as the creator) is the person who +sat down and created the work. Think of the author as a programmer, writer, or artist. -The copyright holder is the person who has the exclusive rights over that work. +The copyright holder is the person who has the exclusive rights to that work. Often the author and the copyright holder are the same. However, if the author -is being paid by their employer to create a work, the employer is often the -copyright holder. +is paid by their employer to create a work, the employer is often the copyright holder. -Keep in mind that in some jurisdictions, the word "author" is often used as a -synonym for "copyright holder". In other jurisdictions, authors maintain some -rights over their work even if they are not the copyright holder. +Keep in mind the word "author" is used as a synonym for "copyright holder" in some jurisdictions. +In others, authors maintain some rights to their work even if not the copyright holder. ## I changed a single line of code. Should I add an SPDX-FileCopyrightText tag with my name? {#when-copyright} -The core question here is: At what point should I consider myself a copyright -holder over a file? This is up to your discretion. It might help to be -consistent and add the tag to every file you touch, but it is perhaps more -valuable to reach a consensus about this within your project. +The core question is: At what point should I consider myself a copyright +holder over a file? This is at your discretion. It might help adding the tag to +every file you touch for the sake of consistency, but perhaps a more +valuable approach is to reach a consensus about this within your project first. ## How do I deal with a file that has been edited by many people? {#many-copyright-statements} -Some files are edited by many people and would have an extremely long list of -copyright holders in the header. This may be aesthetically unpleasing, but is +Some files are edited by many people and would thus end up with an extremely long +list of copyright holders in the header. This may be aesthetically unpleasing, but not incorrect. If you would rather not deal with having so many copyright notices, some projects such as Chromium circumvent this problem by using "Copyright (c) 2013 The Chromium Authors" as their copyright tag. You may consider doing this, but -then you should keep a list of copyright holders and authors in a separate file +in so doing, also keep a list of copyright holders and authors in a separate file in your project. ## Why can't I just use version control to record copyright? {#vcs-copyright} -In [a previous question](#copyright-holder-author), we distinguished between -copyright holders and authors, which are not always the same. Version control -typically only records authorship, which makes it unsuitable for the task of -recording copyright. +In [a previous question](#copyright-holder-author), you will find the distinction +between copyright holders and authors upheld, as they are not always the same. +Version control software typically only records authorship, making it unsuitable +for the task of recording copyright. -Another obstacle is that version control history may contain errors, and fixing -such an error would require rewriting the history, causing all contributors to -have to re-download the new trunk. +Another obstacle is that of version control history potentially containing errors, +and as fixing such errors requires rewriting the history, this causes all +contributors having to re-download the new trunk. -A further issue with version control is that the `blame` command that is -typically (mis)used to find authorship line-by-line shows only the author of the -last commit in that line, even if it was just something as trivial as fixing a -typo. +A further issue of version control software is the `blame` command is +typically (mis)used to find authorship, but line-by-line shows only the author of the +last commit of each line, even if the change only fixed a typo. -## Can I bulk-license whole directories? {#bulk-license} +## Can I bulk-license whole folders? {#bulk-license} -If you have a directory containing many files, it may not be easy or practical -to edit every file to contain a header. While doing this would be ideal, there -is an alternative. By creating the file `.reuse/dep5` in the root of your -project, you can bulk-license a directory. Example: +With many files, it may not be easy or practical to edit each so that they all +contain a header. While doing this would be ideal, there is an alternative. +By creating the file `.reuse/dep5` in the root of your project, you can +bulk-license a folder recursively. Example: ``` Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ @@ -345,7 +332,7 @@ You can read more about this file format by Debian ## Can I license only a part of a file as being under a different license? {#partial-license} The short answer is that yes, you can, but no, there is no standard way for -REUSE to recognize this. If you have a small segment of a file that is licensed +REUSE to recognize this. If you have a small segment of a file licensed differently, you should list that license under a separate `SPDX-License-Identifier` tag in the header. @@ -354,21 +341,21 @@ For instance: "The class Foo is copied from project Bar and licensed under MIT. All changes are licensed under GPL-3.0-or-later." A possible way to circumvent the problem is to extract the segment from the -file, and to keep it in its own file. +file, and to keep it as its own file. ## How do I properly declare multi-licensing? {#multi-licensing} -You should always include all licenses in the `LICENSES/` directory. +You should always include all licenses in the `LICENSES/` folder. -The correct SPDX license expression that applies to the file depends on the -intent. If all the code within is licensed under multiple licenses, and the -licensee can choose under which license they consume the work, use +The correct SPDX license expression applying to the file depends on +intent. If all the code within the file is licensed under multiple licenses, and the +licensee can choose which license they consume the work under, use `SPDX-License-Identifier: MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later`, as parts of Firefox do. If all the code within the file is licensed under multiple licenses, and the user must comply with all licenses simultaneously, use -`SPDX-License-Identifier: LGPL-2.0-or-later AND AML`, as can be found in Simple +`SPDX-License-Identifier: LGPL-2.0-or-later AND AML`, as is the case in the Simple DirectMedia Layer (SDL). If all the code within the file is licensed under either one license or another @@ -379,29 +366,29 @@ use separate tags `SPDX-License-Identifier: GPL-2.0-only` and You can read more about SPDX expressions [on the SPDX wiki](https://wiki.spdx.org/view/LicenseExpressionFAQ). - -## I only have a single license file. Should I still create a LICENSES directory? {#single-license} +## I only have a single license file. Should I still create a LICENSES folder? {#single-license} -Yes. This may seem extraneous, but it prevents future confusion when differently -licensed code is adopted. By keeping all licenses in a single directory, it is -easy for a user of your program to find all the licenses they need to comply -with in the blink of an eye. +Yes. This may seem extraneous, but prevents future confusion when differently +licensed code is adopted. By keeping all licenses in a single folder, any +user of your program can find all the licenses they need to comply with in the +blink of an eye. ## Should I put comment headers in my license files? {#header-in-license} You should not edit license files. Please see [this question](#edit-license). -## How do I use a license that is not on the SPDX License List? {#custom-license} +## How do I use a license not found in the SPDX License List? {#custom-license} -If you have a custom or modified license that does not appear in the SPDX -License List, place your license in the file -`LICENSES/LicenseRef-MyLicense.txt`. By naming your license as such, tools that -speak SPDX will still be able to recognise your license. +If the SPDX License List does not have your unsuited, yet to be included, custom +or modified license, you could place your license in the file +`LICENSES/LicenseRef-MyLicense.txt`. By naming your license as such, tools speaking +SPDX will still be able to recognise your license. ## How do I use a custom exception? {#custom-exception} @@ -410,8 +397,8 @@ custom license](#custom-license) that embeds the exception. ## Should I edit my license files? {#edit-license} -You should never edit license files. When you use an existing license, you -should always copy it verbatim. +You should never edit license files. When you use an existing license, +always copy it verbatim. -There are many reasons for why you should not alter license texts, but if you do -alter the texts, you should use a different SPDX identifier for this license. +There are many reasons why you should not alter license texts, but if you do, +you should use a different SPDX identifier for this license. See [the previous question](#custom-license). ## Can I edit copyright notices and license disclaimers? {#edit-copyright-and-licensing} -If you find out that some information is incorrect, you are free to adjust it. +If you find some info is incorrect, you are free to adjust it. Otherwise, it is usually a good idea to leave copyright notices and license disclaimers intact. But there is no one-size-fits-all answer here. ## Can I remove the license and copyright information from minified code (e.g., JavaScript)? {#minified} -You can, but you probably should not. Many minifiers have an option that allows -you to retain the header comment. If this option is present, you should use it, -especially if you use a license that mandates that you include a license -disclaimer. +You can, but probably should not. Many minifiers have an option allowing +you to retain the header comment. If this option is present, use it, +especially if you use a license mandating you include a license disclaimer. # For lawyers and legal experts {#lawyers} ## I am a lawyer and want a bill of materials {#bill-of-materials} -Install the reuse tool and run `reuse spdx -o reuse.spdx` in the project root -to create an [SPDX -document](https://spdx.org/spdx-specification-21-web-version). +Install the REUSE tool and run `reuse spdx -o reuse.spdx` in the project root +to create an [SPDX document](https://spdx.org/spdx-specification-21-web-version). From 9c10af1216df84c3903337b8197e207c416f3090 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Allan=20Nordh=C3=B8y?= Date: Sun, 7 Feb 2021 16:43:43 +0100 Subject: [PATCH 2/2] Can't remember what this is actually called --- faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/faq.md b/faq.md index cade39f..adc1f60 100644 --- a/faq.md +++ b/faq.md @@ -397,7 +397,7 @@ wiki](https://wiki.spdx.org/view/LicenseExpressionFAQ). ## How to deal with license texts which include copyright statements, like MIT/BSD? {#license-templates} Some license texts, such as MIT or the BSD family of licenses, can be modified -to contain custom copyright notices (called invariant sections). +to contain custom copyright notices. If you are releasing code under such a license, we recommend you add the license text to the project without any modifications whatsoever. A good way of