From fa852f6f0585106f01255e0b0e080d248b0bdaf9 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 18 Apr 2019 16:57:04 +0200 Subject: [PATCH 01/43] Add a lot of questions in the FAQ --- faq/faq.md | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 faq/faq.md diff --git a/faq/faq.md b/faq/faq.md new file mode 100644 index 0000000..77cbf49 --- /dev/null +++ b/faq/faq.md @@ -0,0 +1,116 @@ +# General + +## What is copyright? + +## What are licenses? + +## Which license should I choose? + +## Do I really need to include the license and copyright headers in all files? Why should I care? + +## What is SPDX? + +# The tool + +## How do I install and use the REUSE tool? + +The REUSE tool is a handy companion that can verify your compliance with +REUSE and automate a lot of adjacent tasks. You can find the full +documentation for the tool at . But the short +of it is: + +``` +$ pip3 install --user fsfe-reuse +$ export PATH=~/.local/bin:$PATH +$ reuse --help +``` + +## How do I exclude a file from REUSE compliance testing? + +CC0 +gitignore + +A few files are automagically excluded + +# Licensing and compliance + +## Is there a standard format for declaring copyright? + +Copyright year copyright holder email + +## Which years do I include in the copyright statement? + +## How do I declare a file as being under a certain license? + +Find the SPDX identifier of your license in the [SPDX License +List](https://spdx.org/licenses/). Download the license text for your license +from the +[license-list-data](https://github.com/spdx/license-list-data/tree/master/text) +repository and put it in `LICENSES/.txt`, where `` is +equal to the SPDX identifier. + +Then, edit the header of your file to contain the following: + +``` +# SPDX-Copyright: +# +# SPDX-License-Identifier: +``` + +## Do I need to include both GPL-3.0-or-later and GPL-3.0-only in my repository? + +## What are license exceptions and what do I do with them? + +## Do I use SPDX-Copyright, Copyright, or ©? + +## Which files are copyrightable? + +README + +LICENSE (strange exception) + +## What to do with uncopyrightable files? + +## Where else do I put my license information? + +README + +## What is a copyright holder, and what is an author? + +## How do I deal with a file that has been edited by many people? + +## Can I use DEP5 to declare licensing and copyright? + +See next question. + +## Can I bulk-license whole directories? + +DEP5 + +## Can I license only a part of a file as being under a different license? + +## Should I move my existing LICENSE or COPYING file? + +## Should I put comment headers in my license files? + +## I only have a single license file. Should I still create a LICENSES directory? + +Maybe + +## Should I edit my license files? + +NOOOOOOOOOOOOOO + +## Can I remove the license and copyright information from minified code (e.g., JavaScript)? + +Probably shouldn't + +(but REUSE only applies to source repositories) + +# For lawyers and legal experts + +## I am a lawyer and want a bill of materials + +Install the reuse tool and run `reuse spdx -o reuse.spdx` in the project root +to create an [SPDX +document](https://spdx.org/spdx-specification-21-web-version). From 8d977eeedb17b5d44bae1b2256c19da495637473 Mon Sep 17 00:00:00 2001 From: mxmehl Date: Thu, 18 Apr 2019 18:47:32 +0200 Subject: [PATCH 02/43] question about multiple mit/bsd licenses --- faq/faq.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 77cbf49..34baa0e 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -89,6 +89,11 @@ DEP5 ## Can I license only a part of a file as being under a different license? +## How to deal with MIT/BSD licenses which include copyright information themselves? + +Since files are different, use multiple of them if they are different +and from different copyright holders + ## Should I move my existing LICENSE or COPYING file? ## Should I put comment headers in my license files? From f586b95eec04e68607dd19ccfdbb6f9f150e9e83 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Sat, 20 Apr 2019 12:40:22 +0200 Subject: [PATCH 03/43] Answer some questions --- faq/faq.md | 110 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 93 insertions(+), 17 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 77cbf49..3d15404 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -1,8 +1,59 @@ # General +## I am short on time. Can you give me the quickest possible summary? + +We want to improve the way that people license their software projects. We +propose three steps to achieve this: + +### 1. Choose and provide a license + +Find the SPDX identifier of your license in the [SPDX License +List](https://spdx.org/licenses/). Download the license text for your license +from the +[license-list-data](https://github.com/spdx/license-list-data/tree/master/text) +repository and put it in `LICENSES/.txt`, where `` is +equal to the SPDX identifier. + +### 2. Add a license header to each file + +Then, for all files, edit the header to contain the following: + +``` +# SPDX-Copyright: +# +# SPDX-License-Identifier: +``` + +### 3. Confirm compliance with the linter + +Use the [REUSE tool](https://github.com/fsfe/reuse-tool) to automate some of +these steps, and to check whether you did everything correctly. + ## What is copyright? -## What are licenses? +Copyright is a legal construct that grants someone exclusive rights over a +creative work. The most important exclusive right is in the name: The right +to produce copies. Only the copyright holder is allowed to give new copies of +their work to people. + +Usually the author is the copyright holder, but often copyright is +transferred to the author's employer. In most places, you do not need to do +anything to gain copyright. As soon as you make a creative work, you (or your +employer) instantly gain copyright over it. + +Creative Commons provides a better and lengthier answer in their [Frequently +Asked +Questions](https://creativecommons.org/faq/#what-is-copyright-and-why-does-it-matter). + +## What is a license? + +One problem with copyright as it pertains to software is that it makes +software unshareable by default. A license changes that. A license defines +the terms under which the copyright holder allows the recipient of the +license to use the software. If the license allows the recipient to +[use, study, share and +improve](https://fsfe.org/freesoftware/basics/4freedoms.html) the software, +then that software is Free Software. ## Which license should I choose? @@ -10,6 +61,14 @@ ## What is SPDX? +SPDX stands for [Software Package Data Exchange](https://spdx.org/). It is a +project by the [Linux Foundation](https://www.linuxfoundation.org/) and the +rock upon which REUSE is built. SPDX defines a standardized way to share +copyright and licensing information between projects and people. Most +importantly for REUSE, SPDX maintains the [SPDX License +List](https://spdx.org/licenses/), which defines standardized identifiers for a +lot of licenses. + # The tool ## How do I install and use the REUSE tool? @@ -27,10 +86,27 @@ $ reuse --help ## How do I exclude a file from REUSE compliance testing? -CC0 -gitignore +If the file is a build artifact and you use Git, simply make sure that the file +is covered by your `.gitignore` file. + +Otherwise, you cannot exclude files from REUSE compliance testing. It would go +entirely against the purpose of REUSE: making sure that every file has a +copyright and license tag. + +If you really want to exclude a file, consider using the +[CC0](https://creativecommons.org/publicdomain/zero/1.0/) license for this +file. By doing this, you put the file in the public domain, or your country's +equivalent. + +There is one exception: License files are automatically excluded from compliance +testing. -A few files are automagically excluded + + +## Do you support a version control system other than Git? + +Currently we do not, but please [get in +touch](https://github.com/fsfe/reuse-tool/issues). # Licensing and compliance @@ -40,25 +116,25 @@ Copyright year copyright holder email ## Which years do I include in the copyright statement? -## How do I declare a file as being under a certain license? +## Do I need to include both GPL-3.0-or-later and GPL-3.0-only in my repository? -Find the SPDX identifier of your license in the [SPDX License -List](https://spdx.org/licenses/). Download the license text for your license -from the -[license-list-data](https://github.com/spdx/license-list-data/tree/master/text) -repository and put it in `LICENSES/.txt`, where `` is -equal to the SPDX identifier. +Members of the GPL family are listed separately in the SPDX License List as +-only and -or-later, even though the license texts are identical. If you have +code under only one of these licenses, we recommend that you only include that +one license. + +If you have code under both licenses, we recommend that you include both +licenses separately. -Then, edit the header of your file to contain the following: +If you do not want to include both licenses separately (e.g., for space +reasons), we you can create the file `LICENSES/GPL-3.0.txt` and add the +following header: ``` -# SPDX-Copyright: -# -# SPDX-License-Identifier: +Valid-License-Identifier: GPL-3.0-only +Valid-License-Identifier: GPL-3.0-or-later ``` -## Do I need to include both GPL-3.0-or-later and GPL-3.0-only in my repository? - ## What are license exceptions and what do I do with them? ## Do I use SPDX-Copyright, Copyright, or ©? From f8c679e0d49d23fe3376aec221094a1506c11245 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 12:37:54 +0200 Subject: [PATCH 04/43] Add new answers Also reformatted some lines. I don't know how to work Git to commit those separately. --- faq/faq.md | 94 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 77 insertions(+), 17 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index f342723..1e82e8b 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -47,13 +47,12 @@ Questions](https://creativecommons.org/faq/#what-is-copyright-and-why-does-it-ma ## What is a license? -One problem with copyright as it pertains to software is that it makes -software unshareable by default. A license changes that. A license defines -the terms under which the copyright holder allows the recipient of the -license to use the software. If the license allows the recipient to -[use, study, share and -improve](https://fsfe.org/freesoftware/basics/4freedoms.html) the software, -then that software is Free Software. +One problem with copyright as it pertains to software is that it makes software +unshareable by default. A license changes that. A license defines the terms +under which the copyright holder allows the recipient of the license to use the +software. If the license allows the recipient to [use, study, share and +improve](https://fsfe.org/freesoftware/basics/4freedoms.html) the software, then +that software is Free Software. ## Which license should I choose? @@ -62,21 +61,19 @@ then that software is Free Software. ## What is SPDX? SPDX stands for [Software Package Data Exchange](https://spdx.org/). It is a -project by the [Linux Foundation](https://www.linuxfoundation.org/) and the -rock upon which REUSE is built. SPDX defines a standardized way to share -copyright and licensing information between projects and people. Most -importantly for REUSE, SPDX maintains the [SPDX License -List](https://spdx.org/licenses/), which defines standardized identifiers for a -lot of licenses. +project by the [Linux Foundation](https://www.linuxfoundation.org/) and the rock +upon which REUSE is built. SPDX defines a standardized way to share copyright +and licensing information between projects and people. Most importantly for +REUSE, SPDX maintains the [SPDX License List](https://spdx.org/licenses/), which +defines standardized identifiers for a lot of licenses. # The tool ## How do I install and use the REUSE tool? -The REUSE tool is a handy companion that can verify your compliance with -REUSE and automate a lot of adjacent tasks. You can find the full -documentation for the tool at . But the short -of it is: +The REUSE tool is a handy companion that can verify your compliance with REUSE +and automate a lot of adjacent tasks. You can find the full documentation for +the tool at . But the short of it is: ``` $ pip3 install --user fsfe-reuse @@ -147,14 +144,42 @@ LICENSE (strange exception) ## What to do with uncopyrightable files? +There are two things that you can do with such a file to make sure that its +copyright and licensing is recorded. The first option is to simply use your +regular copyright and license header for this file. There is nothing that stops +you from claiming copyright over your own original works. + +The alternative is to waive your copyright by using the +[CC0](https://creativecommons.org/publicdomain/zero/1.0/) license. + +It is important to note that you can only do this for your own works. If the +file was authored by someone else, you must declare their copyright and license +in the header. + ## Where else do I put my license information? README ## What is a copyright holder, and what is an author? +## I changed a single line of code. Should I add an SPDX-Copyright tag with my name? + +The core question here is: At what point should I consider myself a copyright +holder over a file? This is up to your discretion. It might help to be +consistent and add the tag to every file you touch, but it is perhaps more +valuable to reach a consensus about this within your project. + ## How do I deal with a file that has been edited by many people? +Some files are edited by many people and would have an extremely long list of +copyright holders in the header. This may be aesthetically unpleasing, but is +not incorrect. + +If you would rather not deal with having so many copyright notices, some +projects such as Chromium circumvent this problem by using "Copyright (c) 2013 +The Chromium Authors" as their copyright tag. You may consider doing this, but +you should keep a list of authors in your project. + ## Can I use DEP5 to declare licensing and copyright? See next question. @@ -165,6 +190,41 @@ DEP5 ## Can I license only a part of a file as being under a different license? +The short answer is that yes, you can, but no, there is no standard way for +REUSE to recognize this. If you have a small segment of a file that is licensed +differently, you should list that license under a separate +`SPDX-License-Identifier` tag in the header. + +You can use your own comments to specify which segment is separately licensed. +For instance: "The class Foo is copied from project Bar and licensed under MIT. +All changes are licensed under GPL-3.0-or-later." + +A possible way to circumvent the problem is to extract the segment from the +file, and to keep it in its own file. + +## How do I properly declare multi-licensing? + +You should always include all licenses in the `LICENSES/` directory. + +The correct SPDX license expression that applies to the file depends on the +intent. If all the code within is licensed under multiple licenses, and the +licensee can choose under which license they consume the work, use +`SPDX-License-Identifier: MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later`, as +parts of Firefox do. + +If all the code within the file is licensed under multiple licenses, and the +user must comply with all licenses simultaneously, use +`SPDX-License-Identifier: LGPL-2.0-or-later AND AML`, as can be found in Simple +DirectMedia Layer (SDL). + +If all the code within the file is licensed under either one license or another +(for instance, all code is under GPL-2.0-only, but one function is under MIT), +use separate tags `SPDX-License-Identifier: GPL-2.0-only` and +`SPDX-License-Identifier: MIT`. + +You can read more about SPDX expressions [on the SPDX +wiki](https://wiki.spdx.org/view/LicenseExpressionFAQ). + ## How to deal with MIT/BSD licenses which include copyright information themselves? Since files are different, use multiple of them if they are different From dfb4bb785e334ec93ee5c036bbaaa31a40770bbd Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 14:30:05 +0200 Subject: [PATCH 05/43] Answer more questions, again --- faq/faq.md | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 1e82e8b..e479589 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -232,15 +232,37 @@ and from different copyright holders ## Should I move my existing LICENSE or COPYING file? -## Should I put comment headers in my license files? - ## I only have a single license file. Should I still create a LICENSES directory? Maybe +## Should I put comment headers in my license files? + +## How do I use a license that is not on the SPDX License List? + + + +If you have a custom or modified license that does not appear in the SPDX +License List, place your license in the file +`LICENSES/LicenseRef-MyLicense.txt`, and/or preface your license text with the +tag `Valid-License-Identifier: LicenseRef-MyLicense`. By doing this, SPDX will +still be able to recognise your license. + ## Should I edit my license files? -NOOOOOOOOOOOOOO +You should never edit license files. When you use an existing license, you +should always copy it verbatim. + +Some licenses, such as MIT and the BSD family of licenses, have a line that +says "Copyright (c) ". Please see + + about how to deal with those licenses. + +There are many reasons for why you should not alter license texts, but if you do +alter the texts, you should use a different SPDX identifier for this license. +See + +. ## Can I remove the license and copyright information from minified code (e.g., JavaScript)? From 5ffb4d95cc010af80d960944176060e14c32690e Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 14:33:07 +0200 Subject: [PATCH 06/43] Add REUSE header --- faq/faq.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index e479589..81f4d31 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -1,3 +1,9 @@ + + # General ## I am short on time. Can you give me the quickest possible summary? From 64e1bae850e67bd8e0b91e3d746d51a75ed004d6 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 15:06:51 +0200 Subject: [PATCH 07/43] Change variable syntax from <> to [] --- faq/faq.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 81f4d31..78c79fb 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -17,7 +17,7 @@ Find the SPDX identifier of your license in the [SPDX License List](https://spdx.org/licenses/). Download the license text for your license from the [license-list-data](https://github.com/spdx/license-list-data/tree/master/text) -repository and put it in `LICENSES/.txt`, where `` is +repository and put it in `LICENSES/[identifier].txt`, where `[identifier]` is equal to the SPDX identifier. ### 2. Add a license header to each file @@ -25,9 +25,9 @@ equal to the SPDX identifier. Then, for all files, edit the header to contain the following: ``` -# SPDX-Copyright: +# SPDX-Copyright: [year] [copyright holder] <[email address]> # -# SPDX-License-Identifier: +# SPDX-License-Identifier: [identifier] ``` ### 3. Confirm compliance with the linter @@ -260,7 +260,7 @@ You should never edit license files. When you use an existing license, you should always copy it verbatim. Some licenses, such as MIT and the BSD family of licenses, have a line that -says "Copyright (c) ". Please see +says "Copyright (c) [year] [copyright holder]". Please see about how to deal with those licenses. From 62a43e0442268fc6462d2c35de5b833dde4b2002 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 15:54:45 +0200 Subject: [PATCH 08/43] Fix erroneous answer --- faq/faq.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 78c79fb..cbfc445 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -233,8 +233,7 @@ wiki](https://wiki.spdx.org/view/LicenseExpressionFAQ). ## How to deal with MIT/BSD licenses which include copyright information themselves? -Since files are different, use multiple of them if they are different -and from different copyright holders +TODO: Figure this one out ## Should I move my existing LICENSE or COPYING file? From 5d36be440e48ec0bbf1fb6e21b1688e8de14fbb6 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 16:09:44 +0200 Subject: [PATCH 09/43] Answer more questions, again, again --- faq/faq.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index cbfc445..53f3372 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -237,9 +237,27 @@ TODO: Figure this one out ## Should I move my existing LICENSE or COPYING file? +If you use multiple licenses in your project, we recommend that you put all of +your licenses in the `LICENSES/` directory. + +If you only have a single license file, see [the next +question](#i-only-have-a-single-license-file-should-i-still-create-a-licenses-directory). + ## I only have a single license file. Should I still create a LICENSES directory? -Maybe +You do not strictly need to put your license in the `LICENSES/` directory, +though we recommend that you do. If you want to keep your license in a single +file (`LICEN[CS]E`, `COPYING`, `COPYRIGHT`), you should edit the file to signal +what licence you are actually using. + +Preface your license with the following header: + +``` +Valid-License-Identifier: [identifier] +License-Text: + +[license text] +``` ## Should I put comment headers in my license files? From e2e681161a8e48659179c54a90cd4189c6e33b0d Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 16:12:49 +0200 Subject: [PATCH 10/43] Add the hyperlinks for the questions --- faq/faq.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 53f3372..4fb0cd1 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -277,15 +277,14 @@ You should never edit license files. When you use an existing license, you should always copy it verbatim. Some licenses, such as MIT and the BSD family of licenses, have a line that -says "Copyright (c) [year] [copyright holder]". Please see - - about how to deal with those licenses. +says "Copyright (c) [year] [copyright holder]". Please see [this +question](#how-to-deal-with-mitbsd-licenses-which-include-copyright-information-themselves) +about how to deal with those licenses. There are many reasons for why you should not alter license texts, but if you do alter the texts, you should use a different SPDX identifier for this license. -See - -. +See [the previous +question](#how-do-i-use-a-license-that-is-not-on-the-spdx-license-list). ## Can I remove the license and copyright information from minified code (e.g., JavaScript)? From 20082ea4d1857771500dd000825544028311dae6 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 16:14:17 +0200 Subject: [PATCH 11/43] Split an answer into two paragraphs for improved legibility --- faq/faq.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index 4fb0cd1..1c08a66 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -56,7 +56,9 @@ Questions](https://creativecommons.org/faq/#what-is-copyright-and-why-does-it-ma One problem with copyright as it pertains to software is that it makes software unshareable by default. A license changes that. A license defines the terms under which the copyright holder allows the recipient of the license to use the -software. If the license allows the recipient to [use, study, share and +software. + +If the license allows the recipient to [use, study, share and improve](https://fsfe.org/freesoftware/basics/4freedoms.html) the software, then that software is Free Software. From 8f9a3fbf5f919f8624fbbcd15f8a0991a59c631c Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 16:15:41 +0200 Subject: [PATCH 12/43] Fix typo --- faq/faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 1c08a66..f4e7835 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -132,8 +132,8 @@ If you have code under both licenses, we recommend that you include both licenses separately. If you do not want to include both licenses separately (e.g., for space -reasons), we you can create the file `LICENSES/GPL-3.0.txt` and add the -following header: +reasons), you can create the file `LICENSES/GPL-3.0.txt` and add the following +header: ``` Valid-License-Identifier: GPL-3.0-only From 4e59f581a0fa83c2198cd29114a98b721f197e84 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 16:16:20 +0200 Subject: [PATCH 13/43] Fix a header example --- faq/faq.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index f4e7835..72fdee9 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -138,6 +138,9 @@ header: ``` Valid-License-Identifier: GPL-3.0-only Valid-License-Identifier: GPL-3.0-or-later +License-Text: + +[license text] ``` ## What are license exceptions and what do I do with them? From 98750cab813cf2079ee4647acd9da841014e822d Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 25 Apr 2019 16:24:45 +0200 Subject: [PATCH 14/43] Add and answer question about using VCS to record copyright --- faq/faq.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 72fdee9..b16255b 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -191,6 +191,17 @@ projects such as Chromium circumvent this problem by using "Copyright (c) 2013 The Chromium Authors" as their copyright tag. You may consider doing this, but you should keep a list of authors in your project. +## Why can't I just use version control to record copyright? + +In [a previous question](#what-is-a-copyright-holder-and-what-is-an-author), we +distinguished between copyright holders and authors, which are not always the +same. Version control typically only records authorship, which makes it +unsuitable for the task of recording copyright. + +Another obstacle is that version control history may contain errors, and fixing +such an error would require rewriting the history, causing all contributors to +have to re-download the new trunk. + ## Can I use DEP5 to declare licensing and copyright? See next question. From 647b2e6144cf6a3f6be1a8ff59f4659bf791148f Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Fri, 26 Apr 2019 12:24:58 +0200 Subject: [PATCH 15/43] Add custom IDs to all headers --- faq/faq.md | 98 ++++++++++++++++++++++++++---------------------------- 1 file changed, 48 insertions(+), 50 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index b16255b..b76caf4 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -4,14 +4,14 @@ SPDX-Copyright: Free Software Foundation Europe e.V. SPDX-License-Identifier: CC-BY-SA-4.0 --> -# General +# General {#general} -## I am short on time. Can you give me the quickest possible summary? +## I am short on time. Can you give me the quickest possible summary? {#quick-summary} We want to improve the way that people license their software projects. We propose three steps to achieve this: -### 1. Choose and provide a license +### 1. Choose and provide a license {#step-1} Find the SPDX identifier of your license in the [SPDX License List](https://spdx.org/licenses/). Download the license text for your license @@ -20,7 +20,7 @@ from the repository and put it in `LICENSES/[identifier].txt`, where `[identifier]` is equal to the SPDX identifier. -### 2. Add a license header to each file +### 2. Add a license header to each file {#step-2} Then, for all files, edit the header to contain the following: @@ -30,12 +30,12 @@ Then, for all files, edit the header to contain the following: # SPDX-License-Identifier: [identifier] ``` -### 3. Confirm compliance with the linter +### 3. Confirm compliance with the linter {#step-3} Use the [REUSE tool](https://github.com/fsfe/reuse-tool) to automate some of these steps, and to check whether you did everything correctly. -## What is copyright? +## What is copyright? {#what-is-copyright} Copyright is a legal construct that grants someone exclusive rights over a creative work. The most important exclusive right is in the name: The right @@ -51,7 +51,7 @@ Creative Commons provides a better and lengthier answer in their [Frequently Asked Questions](https://creativecommons.org/faq/#what-is-copyright-and-why-does-it-matter). -## What is a license? +## What is a license? {#what-is-license} One problem with copyright as it pertains to software is that it makes software unshareable by default. A license changes that. A license defines the terms @@ -62,11 +62,11 @@ If the license allows the recipient to [use, study, share and improve](https://fsfe.org/freesoftware/basics/4freedoms.html) the software, then that software is Free Software. -## Which license should I choose? +## Which license should I choose? {#which-license} -## Do I really need to include the license and copyright headers in all files? Why should I care? +## Do I really need to include the license and copyright headers in all files? Why should I care? {#why-care} -## What is SPDX? +## What is SPDX? {#what-is-spdx} SPDX stands for [Software Package Data Exchange](https://spdx.org/). It is a project by the [Linux Foundation](https://www.linuxfoundation.org/) and the rock @@ -75,9 +75,9 @@ and licensing information between projects and people. Most importantly for REUSE, SPDX maintains the [SPDX License List](https://spdx.org/licenses/), which defines standardized identifiers for a lot of licenses. -# The tool +# The tool {#tool} -## How do I install and use the REUSE tool? +## How do I install and use the REUSE tool? {#install-tool} The REUSE tool is a handy companion that can verify your compliance with REUSE and automate a lot of adjacent tasks. You can find the full documentation for @@ -89,7 +89,7 @@ $ export PATH=~/.local/bin:$PATH $ reuse --help ``` -## How do I exclude a file from REUSE compliance testing? +## How do I exclude a file from REUSE compliance testing? {#exclude-file} If the file is a build artifact and you use Git, simply make sure that the file is covered by your `.gitignore` file. @@ -108,20 +108,20 @@ testing. -## Do you support a version control system other than Git? +## Do you support a version control system other than Git? {#no-git} Currently we do not, but please [get in touch](https://github.com/fsfe/reuse-tool/issues). -# Licensing and compliance +# Licensing and compliance {#licensing} -## Is there a standard format for declaring copyright? +## Is there a standard format for declaring copyright? {#standard-copyright} Copyright year copyright holder email -## Which years do I include in the copyright statement? +## Which years do I include in the copyright statement? {#years-copyright} -## Do I need to include both GPL-3.0-or-later and GPL-3.0-only in my repository? +## Do I need to include both GPL-3.0-or-later and GPL-3.0-only in my repository? {#gpl-plus} Members of the GPL family are listed separately in the SPDX License List as -only and -or-later, even though the license texts are identical. If you have @@ -143,17 +143,17 @@ License-Text: [license text] ``` -## What are license exceptions and what do I do with them? +## What are license exceptions and what do I do with them? {#license-exceptions} -## Do I use SPDX-Copyright, Copyright, or ©? +## Do I use SPDX-Copyright, Copyright, or ©? {#copyright-symbol} -## Which files are copyrightable? +## Which files are copyrightable? {#what-is-copyrightable} README LICENSE (strange exception) -## What to do with uncopyrightable files? +## What to do with uncopyrightable files? {#uncopyrightable} There are two things that you can do with such a file to make sure that its copyright and licensing is recorded. The first option is to simply use your @@ -167,20 +167,20 @@ It is important to note that you can only do this for your own works. If the file was authored by someone else, you must declare their copyright and license in the header. -## Where else do I put my license information? +## Where else do I put my license information? {#where-else} README -## What is a copyright holder, and what is an author? +## What is a copyright holder, and what is an author? {#copyright-holder-author} -## I changed a single line of code. Should I add an SPDX-Copyright tag with my name? +## I changed a single line of code. Should I add an SPDX-Copyright tag with my name? {#when-copyright} The core question here is: At what point should I consider myself a copyright holder over a file? This is up to your discretion. It might help to be consistent and add the tag to every file you touch, but it is perhaps more valuable to reach a consensus about this within your project. -## How do I deal with a file that has been edited by many people? +## How do I deal with a file that has been edited by many people? {#many-copyright-statements} Some files are edited by many people and would have an extremely long list of copyright holders in the header. This may be aesthetically unpleasing, but is @@ -191,26 +191,26 @@ projects such as Chromium circumvent this problem by using "Copyright (c) 2013 The Chromium Authors" as their copyright tag. You may consider doing this, but you should keep a list of authors in your project. -## Why can't I just use version control to record copyright? +## Why can't I just use version control to record copyright? {#vcs-copyright} -In [a previous question](#what-is-a-copyright-holder-and-what-is-an-author), we -distinguished between copyright holders and authors, which are not always the -same. Version control typically only records authorship, which makes it -unsuitable for the task of recording copyright. +In [a previous question](#copyright-holder-author), we distinguished between +copyright holders and authors, which are not always the same. Version control +typically only records authorship, which makes it unsuitable for the task of +recording copyright. Another obstacle is that version control history may contain errors, and fixing such an error would require rewriting the history, causing all contributors to have to re-download the new trunk. -## Can I use DEP5 to declare licensing and copyright? +## Can I use DEP5 to declare licensing and copyright? {#dep5} See next question. -## Can I bulk-license whole directories? +## Can I bulk-license whole directories? {#bulk-license} DEP5 -## Can I license only a part of a file as being under a different license? +## Can I license only a part of a file as being under a different license? {#partial-license} The short answer is that yes, you can, but no, there is no standard way for REUSE to recognize this. If you have a small segment of a file that is licensed @@ -224,7 +224,7 @@ All changes are licensed under GPL-3.0-or-later." A possible way to circumvent the problem is to extract the segment from the file, and to keep it in its own file. -## How do I properly declare multi-licensing? +## How do I properly declare multi-licensing? {#multi-licensing} You should always include all licenses in the `LICENSES/` directory. @@ -247,19 +247,19 @@ use separate tags `SPDX-License-Identifier: GPL-2.0-only` and You can read more about SPDX expressions [on the SPDX wiki](https://wiki.spdx.org/view/LicenseExpressionFAQ). -## How to deal with MIT/BSD licenses which include copyright information themselves? +## How to deal with MIT/BSD licenses which include copyright information themselves? {#mit-bsd} TODO: Figure this one out -## Should I move my existing LICENSE or COPYING file? +## Should I move my existing LICENSE or COPYING file? {#move-license} If you use multiple licenses in your project, we recommend that you put all of your licenses in the `LICENSES/` directory. If you only have a single license file, see [the next -question](#i-only-have-a-single-license-file-should-i-still-create-a-licenses-directory). +question](#single-license). -## I only have a single license file. Should I still create a LICENSES directory? +## I only have a single license file. Should I still create a LICENSES directory? {#single-license} You do not strictly need to put your license in the `LICENSES/` directory, though we recommend that you do. If you want to keep your license in a single @@ -275,9 +275,9 @@ License-Text: [license text] ``` -## Should I put comment headers in my license files? +## Should I put comment headers in my license files? {#header-in-license} -## How do I use a license that is not on the SPDX License List? +## How do I use a license that is not on the SPDX License List? {#custom-license} @@ -287,30 +287,28 @@ License List, place your license in the file tag `Valid-License-Identifier: LicenseRef-MyLicense`. By doing this, SPDX will still be able to recognise your license. -## Should I edit my license files? +## Should I edit my license files? {#edit-license} You should never edit license files. When you use an existing license, you should always copy it verbatim. -Some licenses, such as MIT and the BSD family of licenses, have a line that -says "Copyright (c) [year] [copyright holder]". Please see [this -question](#how-to-deal-with-mitbsd-licenses-which-include-copyright-information-themselves) +Some licenses, such as MIT and the BSD family of licenses, have a line that says +"Copyright (c) [year] [copyright holder]". Please see [this question](#mit-bsd) about how to deal with those licenses. There are many reasons for why you should not alter license texts, but if you do alter the texts, you should use a different SPDX identifier for this license. -See [the previous -question](#how-do-i-use-a-license-that-is-not-on-the-spdx-license-list). +See [the previous question](#custom-license). -## Can I remove the license and copyright information from minified code (e.g., JavaScript)? +## Can I remove the license and copyright information from minified code (e.g., JavaScript)? {#minified} Probably shouldn't (but REUSE only applies to source repositories) -# For lawyers and legal experts +# For lawyers and legal experts {#lawyers} -## I am a lawyer and want a bill of materials +## I am a lawyer and want a bill of materials {#bill-of-materials} Install the reuse tool and run `reuse spdx -o reuse.spdx` in the project root to create an [SPDX From 45b0302d43f2c54b9a27e9bb04f4c285723e40d4 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Fri, 26 Apr 2019 19:27:37 +0200 Subject: [PATCH 16/43] Add year to copyright notice --- faq/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index b76caf4..298d8db 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -1,5 +1,5 @@ From 22ac7e3a207269d997b9f83ff25c8daf3b947bd8 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Sun, 5 May 2019 14:15:29 +0200 Subject: [PATCH 17/43] Answer two questions --- faq/faq.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 298d8db..1b1530d 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -167,6 +167,31 @@ It is important to note that you can only do this for your own works. If the file was authored by someone else, you must declare their copyright and license in the header. +## How do I copy someone else's work? {#copy-work} + +If someone else has made their work available for you to use and copy, you can +incorporate their work into your project. When you put the work in one of the +files in your project, you should add an `SPDX-Copyright` tag for the copyright +holder(s) and an `SPDX-License-Identifier` tag for the license(s) under which +the work was made available. + +If the work was licensed differently from your project, you should verify +whether the licenses are compatible, and add the new licenses to your project. + +## Can I copy a work that has no copyright notice or license? {#no-copyright-license} + +Before you proceed, always first make sure that you can find the copyright and +licensing information elsewhere. Some projects only include this information in +the root directory or in their README file. + +If you can find no copyright notice, then that is no problem. You can add the +copyright notice yourself. + +If the work has no license, then that means that you do not have the right to +copy it. If you believe that this is a mistake and the author clearly meant for +you to be able to copy this work, you should contact the author and ask them to +license their work. + ## Where else do I put my license information? {#where-else} README From a6be126abcbf4160b9a0bdfa97d00da69d6d4ae3 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Sun, 5 May 2019 14:16:33 +0200 Subject: [PATCH 18/43] Answer copyrightable question --- faq/faq.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 1b1530d..3234be3 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -149,9 +149,14 @@ License-Text: ## Which files are copyrightable? {#what-is-copyrightable} -README - -LICENSE (strange exception) +All files that are original works of authorship are copyrightable. In essence, +if someone sat down typing their own original thoughts on a keyboard, then that +person holds copyright over the output. Common examples are source code, +documentation, audio, and video. + +There are some edge cases, however. For instance, the program `print("Hello, +REUSE!")` probably does not meet the threshold of originality. Similarly, data +files and configuration files may not meet that threshold either. ## What to do with uncopyrightable files? {#uncopyrightable} From 3cba65953a52edcb01ab7eb8651e6292b38cf0ce Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Sun, 5 May 2019 14:16:58 +0200 Subject: [PATCH 19/43] Rephrase a line --- faq/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index 3234be3..c156b07 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -163,7 +163,7 @@ files and configuration files may not meet that threshold either. There are two things that you can do with such a file to make sure that its copyright and licensing is recorded. The first option is to simply use your regular copyright and license header for this file. There is nothing that stops -you from claiming copyright over your own original works. +you from claiming copyright over your own works. The alternative is to waive your copyright by using the [CC0](https://creativecommons.org/publicdomain/zero/1.0/) license. From e8c3baf98f0bb1461285fc61d68a22f5a21bd5cb Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Sun, 5 May 2019 14:17:25 +0200 Subject: [PATCH 20/43] Add two questions --- faq/faq.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index c156b07..8df2654 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -115,6 +115,8 @@ touch](https://github.com/fsfe/reuse-tool/issues). # Licensing and compliance {#licensing} +## Which licenses are compatible? {#compatible-licenses} + ## Is there a standard format for declaring copyright? {#standard-copyright} Copyright year copyright holder email @@ -330,6 +332,10 @@ There are many reasons for why you should not alter license texts, but if you do alter the texts, you should use a different SPDX identifier for this license. See [the previous question](#custom-license). +## Can I edit copyright and licensing tags? {#edit-tags} + +TODO: If erroneous, sure. + ## Can I remove the license and copyright information from minified code (e.g., JavaScript)? {#minified} Probably shouldn't From 7e10864b2ff49f958cf782c133935e8374557c2a Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 16 May 2019 17:21:03 +0200 Subject: [PATCH 21/43] Simplify sentence --- faq/faq.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 8df2654..b4bbb39 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -17,8 +17,7 @@ Find the SPDX identifier of your license in the [SPDX License List](https://spdx.org/licenses/). Download the license text for your license from the [license-list-data](https://github.com/spdx/license-list-data/tree/master/text) -repository and put it in `LICENSES/[identifier].txt`, where `[identifier]` is -equal to the SPDX identifier. +repository and put it in the `LICENSES/` directory. ### 2. Add a license header to each file {#step-2} From 4cc4f4a866059d14ee9c8b3b5f0521ad25364a4a Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 12:33:27 +0200 Subject: [PATCH 22/43] Reword the three steps Suggested-by: Max Mehl --- faq/faq.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index b4bbb39..d0fe849 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -11,7 +11,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 We want to improve the way that people license their software projects. We propose three steps to achieve this: -### 1. Choose and provide a license {#step-1} +### 1. Choose and provide licenses {#step-1} Find the SPDX identifier of your license in the [SPDX License List](https://spdx.org/licenses/). Download the license text for your license @@ -19,7 +19,7 @@ from the [license-list-data](https://github.com/spdx/license-list-data/tree/master/text) repository and put it in the `LICENSES/` directory. -### 2. Add a license header to each file {#step-2} +### 2. Add copyright and license information to each file {#step-2} Then, for all files, edit the header to contain the following: @@ -29,7 +29,7 @@ Then, for all files, edit the header to contain the following: # SPDX-License-Identifier: [identifier] ``` -### 3. Confirm compliance with the linter {#step-3} +### 3. Confirm REUSE compliance {#step-3} Use the [REUSE tool](https://github.com/fsfe/reuse-tool) to automate some of these steps, and to check whether you did everything correctly. From 13ff6b841bd37e91af87a0f14b3dc312af33c566 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 13:23:13 +0200 Subject: [PATCH 23/43] Rename CC0 to CC0-1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Matija Šuklje --- faq/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index d0fe849..4611548 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -167,7 +167,7 @@ regular copyright and license header for this file. There is nothing that stops you from claiming copyright over your own works. The alternative is to waive your copyright by using the -[CC0](https://creativecommons.org/publicdomain/zero/1.0/) license. +[CC0-1.0](https://creativecommons.org/publicdomain/zero/1.0/) license. It is important to note that you can only do this for your own works. If the file was authored by someone else, you must declare their copyright and license From ed6a5f796514360a9048ed2ef9e8a100dfa4bd51 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 12:44:15 +0200 Subject: [PATCH 24/43] Remove "for space reasons" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported-by: Matija Šuklje --- faq/faq.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 4611548..9795ceb 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -132,9 +132,8 @@ one license. If you have code under both licenses, we recommend that you include both licenses separately. -If you do not want to include both licenses separately (e.g., for space -reasons), you can create the file `LICENSES/GPL-3.0.txt` and add the following -header: +If you do not want to include both licenses separately, you can create the file +`LICENSES/GPL-3.0.txt` and add the following header: ``` Valid-License-Identifier: GPL-3.0-only From 0a416d1a638139884f8ed7312dc7b5c2ec434e32 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 12:49:14 +0200 Subject: [PATCH 25/43] Clarify what "both licenses" means --- faq/faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 9795ceb..93f5eef 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -129,8 +129,8 @@ Members of the GPL family are listed separately in the SPDX License List as code under only one of these licenses, we recommend that you only include that one license. -If you have code under both licenses, we recommend that you include both -licenses separately. +If you have code under both an -only license and an -or-later license, we +recommend that you include both licenses separately. If you do not want to include both licenses separately, you can create the file `LICENSES/GPL-3.0.txt` and add the following header: From f48b5ab139a04597a228774651b612fb3bc652d2 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 13:21:26 +0200 Subject: [PATCH 26/43] Answer question about recommended copyright notice --- faq/faq.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 93f5eef..9ae5b6d 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -147,6 +147,21 @@ License-Text: ## Do I use SPDX-Copyright, Copyright, or ©? {#copyright-symbol} +The specification lists the following copyright notices as valid: + +``` +SPDX-Copyright: 2019 Jane Doe +SPDX-Copyright: © 2019 John Doe +© Example Corporation +Copyright 2016, 2018-2019 Joe Anybody +Copyright (c) Alice +``` + +Out of those, the first two are highly recommended. The others exist primarily +to be compatible with existing conventions. + + + ## Which files are copyrightable? {#what-is-copyrightable} All files that are original works of authorship are copyrightable. In essence, From d3b67b1c726c579fb2d9aebc07493290c5c0391f Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 13:23:37 +0200 Subject: [PATCH 27/43] Add a disclaimer about uncopyrightable files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matija Šuklje --- faq/faq.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index 9ae5b6d..c706f12 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -178,7 +178,8 @@ files and configuration files may not meet that threshold either. There are two things that you can do with such a file to make sure that its copyright and licensing is recorded. The first option is to simply use your regular copyright and license header for this file. There is nothing that stops -you from claiming copyright over your own works. +you from claiming copyright over your own works. However, a court would still +likely find such files uncopyrightable. The alternative is to waive your copyright by using the [CC0-1.0](https://creativecommons.org/publicdomain/zero/1.0/) license. From 283c46264644a04c42d7e182a2b859c99e12cb51 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 14:01:46 +0200 Subject: [PATCH 28/43] Suggest referals to reuse.software MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Matija Šuklje --- faq/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index c706f12..f5563bc 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -211,7 +211,7 @@ copyright notice yourself. If the work has no license, then that means that you do not have the right to copy it. If you believe that this is a mistake and the author clearly meant for you to be able to copy this work, you should contact the author and ask them to -license their work. +license their work. Feel free to refer them to . ## Where else do I put my license information? {#where-else} From a4d41bb482a3ad95aec81d5a42168135a5d0e89d Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 13:26:12 +0200 Subject: [PATCH 29/43] Remove DEP5 question Not really sure why it exists --- faq/faq.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index f5563bc..3535964 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -248,10 +248,6 @@ Another obstacle is that version control history may contain errors, and fixing such an error would require rewriting the history, causing all contributors to have to re-download the new trunk. -## Can I use DEP5 to declare licensing and copyright? {#dep5} - -See next question. - ## Can I bulk-license whole directories? {#bulk-license} DEP5 From 2f731dfbb4af34701ba137e3d9398bc73f632939 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 13:27:58 +0200 Subject: [PATCH 30/43] Clarify that licenses should not have headers --- faq/faq.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 3535964..4517663 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -319,6 +319,8 @@ License-Text: ## Should I put comment headers in my license files? {#header-in-license} +You should not edit license files. Please see [this question](#edit-license). + ## How do I use a license that is not on the SPDX License List? {#custom-license} From d97d2f66e689350ed0e6ba44000a08b7ae76a8ac Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 13:30:03 +0200 Subject: [PATCH 31/43] Repair a sentence MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matija Šuklje --- faq/faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 4517663..e887328 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -328,8 +328,8 @@ You should not edit license files. Please see [this question](#edit-license). If you have a custom or modified license that does not appear in the SPDX License List, place your license in the file `LICENSES/LicenseRef-MyLicense.txt`, and/or preface your license text with the -tag `Valid-License-Identifier: LicenseRef-MyLicense`. By doing this, SPDX will -still be able to recognise your license. +tag `Valid-License-Identifier: LicenseRef-MyLicense`. By naming your license as +such, tools that speak SPDX will still be able to recognise your license. ## Should I edit my license files? {#edit-license} From f0a6f3fc0e6e9d2febc711ba22c7b06d9658d568 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 14:16:29 +0200 Subject: [PATCH 32/43] Answer question about format of copyright notice --- faq/faq.md | 42 ++++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index e887328..5146d04 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -118,7 +118,30 @@ touch](https://github.com/fsfe/reuse-tool/issues). ## Is there a standard format for declaring copyright? {#standard-copyright} -Copyright year copyright holder email +Generally, we recommend that you use `SPDX-Copyright: [year] [copyright holder] +<[contact address]>`. You may choose to drop items except the copyright holder, +which must always be included. We recommend that you include all items, however. + +The specification includes a section on the exact format of the copyright +notice. See [the specification](#TODO_LINK_TO_SPEC) and [the next +question](#copyright-symbol). + +## Do I use SPDX-Copyright, Copyright, or ©? {#copyright-symbol} + +The specification lists the following copyright notices as valid: + +``` +SPDX-Copyright: 2019 Jane Doe +SPDX-Copyright: © 2019 John Doe +© Example Corporation +Copyright 2016, 2018-2019 Joe Anybody +Copyright (c) Alice +``` + +Out of those, the first two are highly recommended. The others exist primarily +to be compatible with existing conventions. + + ## Which years do I include in the copyright statement? {#years-copyright} @@ -145,23 +168,6 @@ License-Text: ## What are license exceptions and what do I do with them? {#license-exceptions} -## Do I use SPDX-Copyright, Copyright, or ©? {#copyright-symbol} - -The specification lists the following copyright notices as valid: - -``` -SPDX-Copyright: 2019 Jane Doe -SPDX-Copyright: © 2019 John Doe -© Example Corporation -Copyright 2016, 2018-2019 Joe Anybody -Copyright (c) Alice -``` - -Out of those, the first two are highly recommended. The others exist primarily -to be compatible with existing conventions. - - - ## Which files are copyrightable? {#what-is-copyrightable} All files that are original works of authorship are copyrightable. In essence, From a685d52f54f9ae0598b736879b2336b1069bcdb9 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 14:22:42 +0200 Subject: [PATCH 33/43] Answer which years to include in copyright notice --- faq/faq.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 5146d04..079d7d7 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -145,6 +145,19 @@ to be compatible with existing conventions. ## Which years do I include in the copyright statement? {#years-copyright} +Generally, there are four options for you to choose: + +1. The year of initial publication. + +2. The year of the latest publication. + +3. All years of publications, either as range (e.g., 2017-2019) or as separate + entries (e.g., 2017, 2018, 2019). + +4. Do not include any year. + +Which option you choose is ultimately up to you. + ## Do I need to include both GPL-3.0-or-later and GPL-3.0-only in my repository? {#gpl-plus} Members of the GPL family are listed separately in the SPDX License List as From 5d7b9b6d3a70bacd33a42b52bbb601346452c91e Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 14:29:29 +0200 Subject: [PATCH 34/43] Clarify that copyright holders must be listed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matija Šuklje --- faq/faq.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index 079d7d7..c8afa4c 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -254,7 +254,8 @@ not incorrect. If you would rather not deal with having so many copyright notices, some projects such as Chromium circumvent this problem by using "Copyright (c) 2013 The Chromium Authors" as their copyright tag. You may consider doing this, but -you should keep a list of authors in your project. +then you should keep a list of copyright holders and authors in a separate file +in your project. ## Why can't I just use version control to record copyright? {#vcs-copyright} From 92f4541381d338f7c40a94bcc5ddb007fbe00469 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 14:42:47 +0200 Subject: [PATCH 35/43] Discourage `git blame` for copyright ownership MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matija Šuklje --- faq/faq.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index c8afa4c..8f76eac 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -268,6 +268,11 @@ Another obstacle is that version control history may contain errors, and fixing such an error would require rewriting the history, causing all contributors to have to re-download the new trunk. +A further issue with version control is that the `blame` command that is +typically (mis)used to find authorship line-by-line shows only the author of the +last commit in that line, even if it was just something as trivial as fixing a +typo. + ## Can I bulk-license whole directories? {#bulk-license} DEP5 From f6cf5408aca5aa96e81c9390d096725781690898 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 15:54:07 +0200 Subject: [PATCH 36/43] Temporarily remove question about license compatibility I cannot find a resource about this that is not centred on the GPL. --- faq/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/faq/faq.md b/faq/faq.md index 8f76eac..9a2405e 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -114,7 +114,7 @@ touch](https://github.com/fsfe/reuse-tool/issues). # Licensing and compliance {#licensing} -## Which licenses are compatible? {#compatible-licenses} + ## Is there a standard format for declaring copyright? {#standard-copyright} From a642d2114f67b7a7a68b13afa9a965a7a3325f41 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 16:00:55 +0200 Subject: [PATCH 37/43] Answer question about minifiers --- faq/faq.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 9a2405e..218448a 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -375,9 +375,10 @@ TODO: If erroneous, sure. ## Can I remove the license and copyright information from minified code (e.g., JavaScript)? {#minified} -Probably shouldn't - -(but REUSE only applies to source repositories) +You can, but you probably should not. Many minifiers have an option that allows +you to retain the header comment. If this option is present, you should use it, +especially if you use a license that mandates that you include a license +disclaimer. # For lawyers and legal experts {#lawyers} From e9f3d95dd31644634101f3e55056557db985d468 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 29 May 2019 16:04:04 +0200 Subject: [PATCH 38/43] Answer question about editing copyright/licensing info --- faq/faq.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index 218448a..9f14299 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -369,9 +369,11 @@ There are many reasons for why you should not alter license texts, but if you do alter the texts, you should use a different SPDX identifier for this license. See [the previous question](#custom-license). -## Can I edit copyright and licensing tags? {#edit-tags} +## Can I edit copyright notices and license disclaimers? {#edit-copyright-and-licensing} -TODO: If erroneous, sure. +If you find out that some information is incorrect, you are free to adjust it. +Otherwise, it is usually a good idea to leave copyright notices and license +disclaimers intact. But there is no one-size-fits-all answer here. ## Can I remove the license and copyright information from minified code (e.g., JavaScript)? {#minified} From 091bc4f4f478129437aea29af509578f7ed8246b Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Tue, 11 Jun 2019 12:33:29 +0200 Subject: [PATCH 39/43] Add question about custom exceptions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Suggested-by: Matija Šuklje --- faq/faq.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 9f14299..80df963 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -356,6 +356,11 @@ License List, place your license in the file tag `Valid-License-Identifier: LicenseRef-MyLicense`. By naming your license as such, tools that speak SPDX will still be able to recognise your license. +## How do I use a custom exception? {#custom-exception} + +It is not possible to create a custom exception. Instead, you may [create a +custom license](#custom-license) that embeds the exception. + ## Should I edit my license files? {#edit-license} You should never edit license files. When you use an existing license, you From 1c895a057e72f4cee784d81ba7eee84f4fa68bfb Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Tue, 11 Jun 2019 14:13:14 +0200 Subject: [PATCH 40/43] Answer 'which license should I choose?' --- faq/faq.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/faq/faq.md b/faq/faq.md index 80df963..d8e25c9 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -63,6 +63,14 @@ that software is Free Software. ## Which license should I choose? {#which-license} +Ultimately, the license you choose is up to you. If you are contributing to an +existing project, you should release your changes under the same license as the +project. Otherwise, the +[FSF](https://www.gnu.org/licenses/license-recommendations.html) and +[choosealicense.com](https://choosealicense.com/) have some good +recommendations. Note that these resources each emphasise a different value, and +come with their own biases. + ## Do I really need to include the license and copyright headers in all files? Why should I care? {#why-care} ## What is SPDX? {#what-is-spdx} From 0956e35b4726ccb846c518f0f05d0a595287f40a Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Wed, 19 Jun 2019 15:03:16 +0200 Subject: [PATCH 41/43] Add joinup.eu to license resources --- faq/faq.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index d8e25c9..ab2518d 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -65,11 +65,15 @@ that software is Free Software. Ultimately, the license you choose is up to you. If you are contributing to an existing project, you should release your changes under the same license as the -project. Otherwise, the -[FSF](https://www.gnu.org/licenses/license-recommendations.html) and -[choosealicense.com](https://choosealicense.com/) have some good -recommendations. Note that these resources each emphasise a different value, and -come with their own biases. +project. Otherwise, the [Free Software +Foundation](https://www.gnu.org/licenses/license-recommendations.html), +[choosealicense.com](https://choosealicense.com/), and +[joinup.eu](https://joinup.ec.europa.eu/collection/eupl/joinup-licensing-assistant-jla) +have some good recommendations. Note that these resources each emphasise a +different value, and come with their own biases. + +Above all, if you value freedom, you should choose a license that makes your +software [Free Software](https://fsfe.org/about/basics/freesoftware.en.html). ## Do I really need to include the license and copyright headers in all files? Why should I care? {#why-care} From fe69b4ae2acaa0d40a3dbb05304cca5baf379de3 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 4 Jul 2019 13:53:11 +0200 Subject: [PATCH 42/43] Answer more questions in FAQ --- faq/faq.md | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index ab2518d..d9479d2 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -77,6 +77,8 @@ software [Free Software](https://fsfe.org/about/basics/freesoftware.en.html). ## Do I really need to include the license and copyright headers in all files? Why should I care? {#why-care} +TODO + ## What is SPDX? {#what-is-spdx} SPDX stands for [Software Package Data Exchange](https://spdx.org/). It is a @@ -193,6 +195,16 @@ License-Text: ## What are license exceptions and what do I do with them? {#license-exceptions} +License exceptions are additions or alterations to a license that often work to +permit a certain use of the code that wouldn't be allowed under the original +license. It is often used by compilers, where a portion of compiler code may end +up in the resulting binary. The exception may waive rights over portions of code +that end up in binaries. + +Exceptions are treated almost identically to licenses. In order to combine a +license with an exception, you mark a file with the following tag: +`SPDX-License-Identifier: GPL-3.0-or-later WITH GCC-exception-3.1`. + ## Which files are copyrightable? {#what-is-copyrightable} All files that are original works of authorship are copyrightable. In essence, @@ -246,10 +258,33 @@ license their work. Feel free to refer them to . ## Where else do I put my license information? {#where-else} -README +Marking all individual files with `SPDX-License-Identifier` tags goes a long way +towards unambiguously communicating the license information of your project, but +it helps to communicate the license information in natural language as well. In +the README of your project, feel free to provide a summary of the licensing +information, or simply redirect the reader to your `LICENSES/` directory. + +Additionally, many package hosting sites expect that you declare the licensing +information of your package. For instance, the [setup.py file of the REUSE +tool](https://github.com/fsfe/reuse-tool/blob/master/setup.py) declares all the +licenses that it uses in the format expected by the Python packaging +infrastructure. ## What is a copyright holder, and what is an author? {#copyright-holder-author} +In these resources, we maintain a distinction between the copyright holder and +the author. The author (also known as creator) is the person who sat down and +created a work. Think of the author as a programmer, writer, or artist. + +The copyright holder is the person who has the exclusive rights over that work. +Often the author and the copyright holder are the same. However, if the author +is being paid by their employer to create a work, the employer is often the +copyright holder. + +Keep in mind that in some jurisdictions, the word "author" is often used as a +synonym for "copyright holder". In other jurisdictions, authors maintain some +rights over their work even if they are not the copyright holder. + ## I changed a single line of code. Should I add an SPDX-Copyright tag with my name? {#when-copyright} The core question here is: At what point should I consider myself a copyright @@ -287,7 +322,29 @@ typo. ## Can I bulk-license whole directories? {#bulk-license} -DEP5 +If you have a directory containing many files, it may not be easy or practical +to edit every file to contain a header. While doing this would be ideal, there +is an alternative. By creating the file `.reuse/dep5` in the root of your +project, you can bulk-license a directory. Example: + +``` +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: my-project +Upstream-Contact: Jane Doe +Source: https://git.example.com/jane/my-project + +Files: resources/img/* +Copyright: 2017 Jane Doe +License: CC-BY-4.0 + +Files: resources/vid/* +Copyright: 2017 Jane Doe + 2017 John Doe +License: CC0-1.0 +``` + +You can read more about this file format by Debian +[here](https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/). ## Can I license only a part of a file as being under a different license? {#partial-license} From 2f5f085996839e7d86c540b478d39441d54cc7d1 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Thu, 4 Jul 2019 14:14:37 +0200 Subject: [PATCH 43/43] Cross-reference to DEP5 --- faq/faq.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/faq/faq.md b/faq/faq.md index d9479d2..7407f1c 100644 --- a/faq/faq.md +++ b/faq/faq.md @@ -113,13 +113,14 @@ copyright and license tag. If you really want to exclude a file, consider using the [CC0](https://creativecommons.org/publicdomain/zero/1.0/) license for this -file. By doing this, you put the file in the public domain, or your country's +file. By doing this, you put the file in the public domain, or your country's equivalent. There is one exception: License files are automatically excluded from compliance testing. - +If you have an entire directory that you want to "exclude" from REUSE compliance +testing, you can [use a DEP5 file](#bulk-license). ## Do you support a version control system other than Git? {#no-git}