Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make mostly reuse conformant #502

Merged
merged 12 commits into from
Sep 13, 2022

Conversation

felixfontein
Copy link
Contributor

SUMMARY

Everything except changelog/fragments/ is now reuse conformant (https://reuse.software/spec/).

CC @gotmax23

ISSUE TYPE
  • Docs Pull Request
  • Feature Pull Request
COMPONENT NAME

licensing

@felixfontein felixfontein changed the title Make reuse conformant [WIP] Make reuse conformant Aug 21, 2022
@felixfontein
Copy link
Contributor Author

@gotmax23 one thing I'm very unsure about is the last commit: 35e1068

It adds .license files for all the vendored PEM certificate files that are used in some of the tests. I'm not sure whether these files are actually copyrightable / licensable, and if yes which license / copyright text should be used. Right now I put the default collections' license + copyright combination in there, but it feels wrong.

Maybe you saw something similar and have an idea what to do here?

@felixfontein felixfontein marked this pull request as draft August 21, 2022 08:01
@felixfontein felixfontein changed the title [WIP] Make reuse conformant Make reuse conformant Aug 21, 2022
@gotmax23
Copy link
Contributor

@gotmax23 one thing I'm very unsure about is the last commit: 35e1068

It adds .license files for all the vendored PEM certificate files that are used in some of the tests. I'm not sure whether these files are actually copyrightable / licensable, and if yes which license / copyright text should be used. Right now I put the default collections' license + copyright combination in there, but it feels wrong.

Maybe you saw something similar and have an idea what to do here?

IANAL, and I'm not exactly sure what to do here. I guess you have three options:

  • Leave it as is with the explicit GPL-3.0-or-later license. There was already an implicit GPL license.
  • You can use SPDX-License-Identifier: Unlicense if you want to declare it as non-copyrightable. REUSE recommends CC0 for this purpose, but the RH lawyers don't like that license and they've recently banned it in Fedora.
  • Not declare any explicit license and break REUSE compliance.

@felixfontein
Copy link
Contributor Author

I'm currently tending to the third option. The first two require legal advice (IMO)... I guess a better approach is to replace them by files we generate ourselves. This will take a bit of time though, but I think I'll work on that first.

@gotmax23
Copy link
Contributor

gotmax23 commented Aug 21, 2022

I'm currently tending to the third option. The first two require legal advice (IMO)

I'd lean towards adding the GPL headers (option 1). That's what was already there, even if it was implicit, so we wouldn't be changing anything. If the files aren't copyrightable, then the license is invalid, anyways. It's no different than the blank __init__.py files that we added headers to. See also: https://reuse.software/faq/#what-is-copyrightable

FWIW, I do remember that one of the go libraries used by docker that we package in Fedora includes a Lets Encrypt root certificate that it uses for tests, as well. The library is Apache licensed. There was no special license information attached to it. The certificate is copied straight into a const in the go source file. (I know about this, because I had to update the certificate to a non-expired one to fix test failures)

Comment on lines +24 to +52
try:
with open(filename, 'r', encoding='utf-8') as f:
for line in f:
line = line.rstrip()
if 'Copyright ' in line:
has_copyright = True
if 'Copyright: ' in line:
print('%s: found copyright line with "Copyright:". Please remove the colon.' % (filename, ))
if 'SPDX-FileCopyrightText: ' in line:
has_copyright = True
idx = line.find('SPDX-License-Identifier: ')
if idx >= 0:
lic_id = line[idx + len('SPDX-License-Identifier: '):]
spdx_license_identifiers.extend(lic_id.split(' OR '))
if 'GNU General Public License' in line:
if 'v3.0+' in line:
other_license_identifiers.append('GPL-3.0-or-later')
if 'version 3 or later' in line:
other_license_identifiers.append('GPL-3.0-or-later')
if 'Simplified BSD License' in line:
other_license_identifiers.append('BSD-2-Clause')
if 'Apache License 2.0' in line:
other_license_identifiers.append('Apache-2.0')
if 'PSF License' in line or 'Python-2.0' in line:
other_license_identifiers.append('PSF-2.0')
if 'MIT License' in line:
other_license_identifiers.append('MIT')
except Exception as exc:
print('%s: error while processing file: %s' % (filename, exc))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the only change here is putting it in a try-except block?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And support for SPDX-FileCopyrightText:. The try/except block comes from community.general, the SPDX-FileCopyrightText: block change too I think, and the other projects got the OR change from this one IIRC. Basically making sure that all projects have essentially the same copy of this whole file. (The only exception is community.dns, which has a special clause for plugins/public_suffix_list.dat having a non-GPL license outside of module_utils and modules.)

@github-actions
Copy link

github-actions bot commented Sep 13, 2022

Docs Build 📝

Thank you for contribution!✨

This PR has been merged and your docs changes will be incorporated when they are next published.

@felixfontein felixfontein changed the title Make reuse conformant Make mostly reuse conformant Sep 13, 2022
@felixfontein
Copy link
Contributor Author

I decided to revert the controversial part of this PR so we can get it merged, and only have the controversial part left.

@felixfontein felixfontein marked this pull request as ready for review September 13, 2022 18:30
@felixfontein felixfontein merged commit 95626ab into ansible-collections:main Sep 13, 2022
@felixfontein felixfontein deleted the licenses-2 branch September 13, 2022 19:13
@felixfontein
Copy link
Contributor Author

@gotmax23 thanks for reviewing this, and your comments!

@felixfontein
Copy link
Contributor Author

The controversial parts and reverts of the last commits are in #509.

@gotmax23
Copy link
Contributor

@gotmax23 thanks for reviewing this, and your comments!

Sure! Thank you for all of the work you've done for this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants