Message ID | 20210331134502.17297-1-toertel@gmail.com |
---|---|
Headers | show |
Series | Make SWUpdate REUSE-compliant | expand |
Hi Mark, On 31.03.21 15:44, Mark Jonas wrote: > Intention of this RFC patch series is to start a process of making > SWUpdate REUSE-compliant. > > https://reuse.software/ > Thanks for addressing this. > REUSE is a FSFE initiative to make it easier to communicate license > requirements and copyright statements so it is clear for everyone which > parts of the software is under which license. The idea is that this > information shall be easy to read for humans as well as for machines. > The concept is based on the SPDX standard. Thus, many projects which > already use SPDX license identifiers are already very far in achieving > REUSE compliance. > > These patch must not be immediately applied. It shall first serve as a > base for further discussion. Additionally, it will break OpenEmbedded / > Yocto Project builds because all license files had to be renamed. > As far as I can see, we just need to change recipes-support/swupdate/swupdate_git.bb, adding there LIC_FILES_CHKSUM for the new files. It does not seem a big hurdle. > The first patches make sure that the license files are in the right > place and have the correct name according to the REUSE specification. > Also the missing GPL-2.0-only license will be added. Each patch > documents the details. Fine. I have taken a look at the licenses, too, and I am sure there is also something to clean up. The GPL-2.0-or-later makes less sense in this project, because everything is linked together and the project is just GPLv2. I will also replace all GPL-2.0-or-later with GPL-2.0-only, that is the right license for those files. > > The mongoose directory was chosen to demonstrate what needs to be done > with the source code. Some files do neither have license nor copyright > information. So both have to be added. Other files might already have > one but are lacking the other. > Ok - so Makefiles, Config.in and scripts/ must be fixed. What can we do with doc/ ? rst files have no comments, and in fact Linux kernel, too, does not set any copyright information for that. Are they affected ? > REUSE has a linter for automatic checking of the code. One way to run > the linter is to use its Docker image. > > docker run --rm --volume $(pwd):/data fsfe/reuse lint > > Mark Jonas (8): > Rename Licenses to LICENSES for REUSE compliance > doc: Correct documentation on license declaration > doc: Add BSD 1-Clause to license list > LICENSES: Rename Exception to obey SPDX naming > LICENSES: Add GPL-2.0-only license text > LICENSES: Rename GPL-2.0 to match SPDX ĺist 3.0 > LICENSES: Rename LGPL-2.1 to match SPDX ĺist 3.0 > mongoose: Make REUSE compliant > > .../BSD-1-Clause.txt | 0 > .../BSD-2-Clause.txt | 0 > .../BSD-3-Clause.txt | 0 > LICENSES/GPL-2.0-only.txt | 288 ++++++++++++++++++ > .../GPL-2.0-or-later.txt | 0 > Licenses/isc.txt => LICENSES/ISC.txt | 0 > .../LGPL-2.1-or-later.txt | 0 > .../LicenseRef-OpenSSL-Exception.txt | 0 > Licenses/mit.txt => LICENSES/MIT.txt | 0 > doc/source/licensing.rst | 20 +- > mongoose/Config.in | 5 + > mongoose/Makefile | 6 + > mongoose/mongoose.c | 2 +- > mongoose/mongoose.h | 6 +- > 14 files changed, 315 insertions(+), 12 deletions(-) > rename Licenses/bsd-1-clause.txt => LICENSES/BSD-1-Clause.txt (100%) > rename Licenses/bsd-2-clause.txt => LICENSES/BSD-2-Clause.txt (100%) > rename Licenses/bsd-3-clause.txt => LICENSES/BSD-3-Clause.txt (100%) > create mode 100644 LICENSES/GPL-2.0-only.txt > rename Licenses/gpl-2.0.txt => LICENSES/GPL-2.0-or-later.txt (100%) > rename Licenses/isc.txt => LICENSES/ISC.txt (100%) > rename Licenses/lgpl-2.1.txt => LICENSES/LGPL-2.1-or-later.txt (100%) > rename Licenses/Exceptions => LICENSES/LicenseRef-OpenSSL-Exception.txt (100%) > rename Licenses/mit.txt => LICENSES/MIT.txt (100%) > > -- > 2.25.1 > Regards, Stefano
Hi Stefano, On Wed, Mar 31, 2021 at 4:07 PM Stefano Babic <sbabic@denx.de> wrote: > > Hi Mark, > > On 31.03.21 15:44, Mark Jonas wrote: > > Intention of this RFC patch series is to start a process of making > > SWUpdate REUSE-compliant. > > > > https://reuse.software/ > > > > Thanks for addressing this. > > > REUSE is a FSFE initiative to make it easier to communicate license > > requirements and copyright statements so it is clear for everyone which > > parts of the software is under which license. The idea is that this > > information shall be easy to read for humans as well as for machines. > > The concept is based on the SPDX standard. Thus, many projects which > > already use SPDX license identifiers are already very far in achieving > > REUSE compliance. > > > > These patch must not be immediately applied. It shall first serve as a > > base for further discussion. Additionally, it will break OpenEmbedded / > > Yocto Project builds because all license files had to be renamed. > > > > As far as I can see, we just need to change > recipes-support/swupdate/swupdate_git.bb, adding there LIC_FILES_CHKSUM > for the new files. It does not seem a big hurdle. I think so, too. When updating a swupdate_git.bb or when making a new release the LIC_FILES_CHKSUM have to be adapted. > > The first patches make sure that the license files are in the right > > place and have the correct name according to the REUSE specification. > > Also the missing GPL-2.0-only license will be added. Each patch > > documents the details. > > Fine. I have taken a look at the licenses, too, and I am sure there is > also something to clean up. The GPL-2.0-or-later makes less sense in > this project, because everything is linked together and the project is > just GPLv2. I will also replace all GPL-2.0-or-later with GPL-2.0-only, > that is the right license for those files. OK, sounds good to me. I'll wait for your change on master before touching any of these files. > > The mongoose directory was chosen to demonstrate what needs to be done > > with the source code. Some files do neither have license nor copyright > > information. So both have to be added. Other files might already have > > one but are lacking the other. > > > > Ok - so Makefiles, Config.in and scripts/ must be fixed. What can we do > with doc/ ? rst files have no comments, and in fact Linux kernel, too, > does not set any copyright information for that. Are they affected ? REUSE requires that nearly all files have licensing and copyright information. https://reuse.software/spec/#copyright-and-licensing-information In case you have a file which does not support comments one way to add the information is by adding a .license companion file. For example, picture.png would have the companion file picture.png.license. Another way would be a .reuse/dep5 file in the root of the project. There you can declare single files and complete directories. As the name suggests it actually is the Debian DEP5 format. https://reuse.software/spec/#dep5 So for the doc/ directory and its rst files I'ld recommend using the .reuse/dep5 file. I will seed a discussion on how to determine missing copyright statements as a reply to the mongoose patch. Today I also realized that using the SPDX-FileCopyrightText tag is just strongly recommended but not mandatory. Instead, the symbol © or the word Copyright may be used. This already makes a number of files in SWUpdate comply with REUSE. > > REUSE has a linter for automatic checking of the code. One way to run > > the linter is to use its Docker image. > > > > docker run --rm --volume $(pwd):/data fsfe/reuse lint > > > > Mark Jonas (8): > > Rename Licenses to LICENSES for REUSE compliance > > doc: Correct documentation on license declaration > > doc: Add BSD 1-Clause to license list > > LICENSES: Rename Exception to obey SPDX naming > > LICENSES: Add GPL-2.0-only license text > > LICENSES: Rename GPL-2.0 to match SPDX ĺist 3.0 > > LICENSES: Rename LGPL-2.1 to match SPDX ĺist 3.0 > > mongoose: Make REUSE compliant > > > > .../BSD-1-Clause.txt | 0 > > .../BSD-2-Clause.txt | 0 > > .../BSD-3-Clause.txt | 0 > > LICENSES/GPL-2.0-only.txt | 288 ++++++++++++++++++ > > .../GPL-2.0-or-later.txt | 0 > > Licenses/isc.txt => LICENSES/ISC.txt | 0 > > .../LGPL-2.1-or-later.txt | 0 > > .../LicenseRef-OpenSSL-Exception.txt | 0 > > Licenses/mit.txt => LICENSES/MIT.txt | 0 > > doc/source/licensing.rst | 20 +- > > mongoose/Config.in | 5 + > > mongoose/Makefile | 6 + > > mongoose/mongoose.c | 2 +- > > mongoose/mongoose.h | 6 +- > > 14 files changed, 315 insertions(+), 12 deletions(-) > > rename Licenses/bsd-1-clause.txt => LICENSES/BSD-1-Clause.txt (100%) > > rename Licenses/bsd-2-clause.txt => LICENSES/BSD-2-Clause.txt (100%) > > rename Licenses/bsd-3-clause.txt => LICENSES/BSD-3-Clause.txt (100%) > > create mode 100644 LICENSES/GPL-2.0-only.txt > > rename Licenses/gpl-2.0.txt => LICENSES/GPL-2.0-or-later.txt (100%) > > rename Licenses/isc.txt => LICENSES/ISC.txt (100%) > > rename Licenses/lgpl-2.1.txt => LICENSES/LGPL-2.1-or-later.txt (100%) > > rename Licenses/Exceptions => LICENSES/LicenseRef-OpenSSL-Exception.txt (100%) > > rename Licenses/mit.txt => LICENSES/MIT.txt (100%) Cheers, Mark
Hi Mark, On 31.03.21 19:55, Mark Jonas wrote: > Hi Stefano, > > On Wed, Mar 31, 2021 at 4:07 PM Stefano Babic <sbabic@denx.de> wrote: >> >> Hi Mark, >> >> On 31.03.21 15:44, Mark Jonas wrote: >>> Intention of this RFC patch series is to start a process of making >>> SWUpdate REUSE-compliant. >>> >>> https://reuse.software/ >>> >> >> Thanks for addressing this. >> >>> REUSE is a FSFE initiative to make it easier to communicate license >>> requirements and copyright statements so it is clear for everyone which >>> parts of the software is under which license. The idea is that this >>> information shall be easy to read for humans as well as for machines. >>> The concept is based on the SPDX standard. Thus, many projects which >>> already use SPDX license identifiers are already very far in achieving >>> REUSE compliance. >>> >>> These patch must not be immediately applied. It shall first serve as a >>> base for further discussion. Additionally, it will break OpenEmbedded / >>> Yocto Project builds because all license files had to be renamed. >>> >> >> As far as I can see, we just need to change >> recipes-support/swupdate/swupdate_git.bb, adding there LIC_FILES_CHKSUM >> for the new files. It does not seem a big hurdle. > > I think so, too. When updating a swupdate_git.bb or when making a new > release the LIC_FILES_CHKSUM have to be adapted. > >>> The first patches make sure that the license files are in the right >>> place and have the correct name according to the REUSE specification. >>> Also the missing GPL-2.0-only license will be added. Each patch >>> documents the details. >> >> Fine. I have taken a look at the licenses, too, and I am sure there is >> also something to clean up. The GPL-2.0-or-later makes less sense in >> this project, because everything is linked together and the project is >> just GPLv2. I will also replace all GPL-2.0-or-later with GPL-2.0-only, >> that is the right license for those files. > > OK, sounds good to me. I'll wait for your change on master before > touching any of these files. Tomorrow I send the patch. > >>> The mongoose directory was chosen to demonstrate what needs to be done >>> with the source code. Some files do neither have license nor copyright >>> information. So both have to be added. Other files might already have >>> one but are lacking the other. >>> >> >> Ok - so Makefiles, Config.in and scripts/ must be fixed. What can we do >> with doc/ ? rst files have no comments, and in fact Linux kernel, too, >> does not set any copyright information for that. Are they affected ? > > REUSE requires that nearly all files have licensing and copyright information. > > https://reuse.software/spec/#copyright-and-licensing-information > I see > In case you have a file which does not support comments one way to add > the information is by adding a .license companion file. For example, > picture.png would have the companion file picture.png.license. Another > way would be a .reuse/dep5 file in the root of the project. There you > can declare single files and complete directories. As the name > suggests it actually is the Debian DEP5 format. > I see another way, too. For documentation, rst supports HTML. A HTML comment is then allowed, and this can contain the copyright and SPDX identifier. Something like <!-- Copyright .. SPDX-License-Identifier: --> > https://reuse.software/spec/#dep > > So for the doc/ directory and its rst files I'ld recommend using the > .reuse/dep5 file. I will seed a discussion on how to determine missing > copyright statements as a reply to the mongoose patch. I'll check files in doc/, I created most of them. I will check in git history, too. > > Today I also realized that using the SPDX-FileCopyrightText tag is > just strongly recommended but not mandatory. Instead, the symbol © or > the word Copyright may be used. This already makes a number of files > in SWUpdate comply with REUSE. Ok So let use the Copyright word, this is the same done in kernel. > >>> REUSE has a linter for automatic checking of the code. One way to run >>> the linter is to use its Docker image. >>> >>> docker run --rm --volume $(pwd):/data fsfe/reuse lint >>> >>> Mark Jonas (8): >>> Rename Licenses to LICENSES for REUSE compliance >>> doc: Correct documentation on license declaration >>> doc: Add BSD 1-Clause to license list >>> LICENSES: Rename Exception to obey SPDX naming >>> LICENSES: Add GPL-2.0-only license text >>> LICENSES: Rename GPL-2.0 to match SPDX ĺist 3.0 >>> LICENSES: Rename LGPL-2.1 to match SPDX ĺist 3.0 >>> mongoose: Make REUSE compliant >>> >>> .../BSD-1-Clause.txt | 0 >>> .../BSD-2-Clause.txt | 0 >>> .../BSD-3-Clause.txt | 0 >>> LICENSES/GPL-2.0-only.txt | 288 ++++++++++++++++++ >>> .../GPL-2.0-or-later.txt | 0 >>> Licenses/isc.txt => LICENSES/ISC.txt | 0 >>> .../LGPL-2.1-or-later.txt | 0 >>> .../LicenseRef-OpenSSL-Exception.txt | 0 >>> Licenses/mit.txt => LICENSES/MIT.txt | 0 >>> doc/source/licensing.rst | 20 +- >>> mongoose/Config.in | 5 + >>> mongoose/Makefile | 6 + >>> mongoose/mongoose.c | 2 +- >>> mongoose/mongoose.h | 6 +- >>> 14 files changed, 315 insertions(+), 12 deletions(-) >>> rename Licenses/bsd-1-clause.txt => LICENSES/BSD-1-Clause.txt (100%) >>> rename Licenses/bsd-2-clause.txt => LICENSES/BSD-2-Clause.txt (100%) >>> rename Licenses/bsd-3-clause.txt => LICENSES/BSD-3-Clause.txt (100%) >>> create mode 100644 LICENSES/GPL-2.0-only.txt >>> rename Licenses/gpl-2.0.txt => LICENSES/GPL-2.0-or-later.txt (100%) >>> rename Licenses/isc.txt => LICENSES/ISC.txt (100%) >>> rename Licenses/lgpl-2.1.txt => LICENSES/LGPL-2.1-or-later.txt (100%) >>> rename Licenses/Exceptions => LICENSES/LicenseRef-OpenSSL-Exception.txt (100%) >>> rename Licenses/mit.txt => LICENSES/MIT.txt (100%) > > Cheers, > Mark > Regards, Stefano
Hi Stefano, > >>> The mongoose directory was chosen to demonstrate what needs to be done > >>> with the source code. Some files do neither have license nor copyright > >>> information. So both have to be added. Other files might already have > >>> one but are lacking the other. > >>> > >> > >> Ok - so Makefiles, Config.in and scripts/ must be fixed. What can we do > >> with doc/ ? rst files have no comments, and in fact Linux kernel, too, > >> does not set any copyright information for that. Are they affected ? > > > > REUSE requires that nearly all files have licensing and copyright information. > > > > https://reuse.software/spec/#copyright-and-licensing-information > > > > I see > > > In case you have a file which does not support comments one way to add > > the information is by adding a .license companion file. For example, > > picture.png would have the companion file picture.png.license. Another > > way would be a .reuse/dep5 file in the root of the project. There you > > can declare single files and complete directories. As the name > > suggests it actually is the Debian DEP5 format. > > > > I see another way, too. For documentation, rst supports HTML. A HTML > comment is then allowed, and this can contain the copyright and SPDX > identifier. Something like > > <!-- > Copyright .. > SPDX-License-Identifier: > --> I just gave it a try and the HTML comment does not work. The comment shows verbatim in the rendered output. I tried it with the epub output and I am sure the others will look the same. https://docutils.sourceforge.io/docs/user/rst/quickref.html#comments shows that there is a way for a comment. But I also found many voices arguing against its usage. But it works: .. SPDX-FileCopyrightText: 2013 Stefano Babic <sbabic@denx.de> SPDX-FileCopyrightText: 2021 Foo Bar <foo@bar.org> .. SPDX-License-Identifier: GPL-2.0-only The indentation is important. It is also important to open a new comment block after the blank line. > > > > https://reuse.software/spec/#dep > > > > So for the doc/ directory and its rst files I'ld recommend using the > > .reuse/dep5 file. I will seed a discussion on how to determine missing > > copyright statements as a reply to the mongoose patch. > > I'll check files in doc/, I created most of them. I will check in git > history, too. I'd still prefer individual license and copyright notices in each file over declaring the whole directory using the DEP5 notation. Cheers, Mark
Hi Mark, On 02.04.21 17:43, Mark Jonas wrote: > Hi Stefano, > >>>>> The mongoose directory was chosen to demonstrate what needs to be done >>>>> with the source code. Some files do neither have license nor copyright >>>>> information. So both have to be added. Other files might already have >>>>> one but are lacking the other. >>>>> >>>> >>>> Ok - so Makefiles, Config.in and scripts/ must be fixed. What can we do >>>> with doc/ ? rst files have no comments, and in fact Linux kernel, too, >>>> does not set any copyright information for that. Are they affected ? >>> >>> REUSE requires that nearly all files have licensing and copyright information. >>> >>> https://reuse.software/spec/#copyright-and-licensing-information >>> >> >> I see >> >>> In case you have a file which does not support comments one way to add >>> the information is by adding a .license companion file. For example, >>> picture.png would have the companion file picture.png.license. Another >>> way would be a .reuse/dep5 file in the root of the project. There you >>> can declare single files and complete directories. As the name >>> suggests it actually is the Debian DEP5 format. >>> >> >> I see another way, too. For documentation, rst supports HTML. A HTML >> comment is then allowed, and this can contain the copyright and SPDX >> identifier. Something like >> >> <!-- >> Copyright .. >> SPDX-License-Identifier: >> --> > > I just gave it a try and the HTML comment does not work. The comment > shows verbatim in the rendered output. I tried it with the epub output > and I am sure the others will look the same. > > https://docutils.sourceforge.io/docs/user/rst/quickref.html#comments > shows that there is a way for a comment. But I also found many voices > arguing against its usage. But it works: > > .. > SPDX-FileCopyrightText: 2013 Stefano Babic <sbabic@denx.de> > SPDX-FileCopyrightText: 2021 Foo Bar <foo@bar.org> > > .. > SPDX-License-Identifier: GPL-2.0-only > > The indentation is important. It is also important to open a new > comment block after the blank line. Right, indentation is part of rst. Ok, we can do int this way. > >> >> >>> https://reuse.software/spec/#dep >>> >>> So for the doc/ directory and its rst files I'ld recommend using the >>> .reuse/dep5 file. I will seed a discussion on how to determine missing >>> copyright statements as a reply to the mongoose patch. >> >> I'll check files in doc/, I created most of them. I will check in git >> history, too. > > I'd still prefer individual license and copyright notices in each file > over declaring the whole directory using the DEP5 notation. Agree. Best regards, Stefano > > Cheers, > Mark >