-
Notifications
You must be signed in to change notification settings - Fork 415
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Follow-up REUSE specifications #1091
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @lnceballosz. First of all thanks for chasing this up. This is good progress and I'm generally happy with the recommendations here. Some comments on my side.
- I would like to keep git history consistent so I'd reword
adding SPDX headers to doc files
->docs: Add SPDX headers
. - All your commits need to have a Signed-off-by. You can easily do that with the
-s
argument ingit commit
for example. creating LICENSES directory
->Create LICENSES directory with the current licenses
- I would drop the dep5 file for now. My experience is that using it is always problematic as "umbrella" approaches are always error-prone. Let's leave the patches for now.
- Rewording:
adding SPXD headers to .gitignore
->.gitignore: Add SPDX headers
. MInd the typo too. - Drop for now the header for recipes-graphics/vc-graphics/files/vchiq.sh - I need to figure it out first.
- Squash all the other commits in one: "meta-raspberrypi: Add SPDX headers"
I don't think that the header of vc-graphics.inc
and alike is a problem here because the meta-data can be MIT while the component itself is another LICENSE (even closed).
We already have a CI workflow that includes a reuse checker. See https://github.com/agherzan/meta-raspberrypi/blob/master/.github/workflows/compliance.yml#L37 . The only catch is that currently it is allowed to fail as the repository is not yet fully compliant. This MR will be a big step forward towards that. You will be able to see the CI logs once we cleanup this MR a bit and kick it.
3630878
to
26546a1
Compare
Signed-off-by: Lina Ceballos <[email protected]>
Signed-off-by: Lina Ceballos <[email protected]>
Signed-off-by: Lina Ceballos <[email protected]>
Hi @agherzan!
All the best, |
This needs more work because the changes include git conflict marker that would break the layers. |
Hi
I'm Lina Ceballos from the Free Software Foundation Europe, and the REUSE Booster program. As promised, here it's a cleaner and more updated merge request which suggests the REUSE specifications that make licensing and copyright information unambiguous and perfectly human- and machine-readable 1. This MR is a follow-up from the one I closed some weeks ago.
Some important notes in this regard:
.reuse
folder that includes patch and conf files, keeping in mind that creating a separate .license file for each of them is not ideal. However, if you prefer to proceed with the latter, please feel free to do so.There are still some files that I didn't touch:
The imagine files
img/LF_17_02_Yocto-Badge-Update_Compatible_Final_Blank.png
andimg/balena.png,
since I don't know who the copyright holder is and under what license they are. Please feel free to add this information by creating a .license file for those two image files.For the files:
recipes-bsp/bootfiles/rpi-bootfiles.bb
recipes-graphics/vc-graphics/vc-graphics.inc
Keeping in mind that they have a special license situation, my suggestions here remain as follows:
You can keep the license MIT for those files since they are licensed under MIT although the components they build are under the custom license: Broadcom-RPi license.
In this regard, I noticed that the text of the custom license makes it a proprietary license. This apart, to be more precise:
"This software may only be used for the purposes of developing for, running, or using a Raspberry Pi device."
The custom license still has to be part of the
LICENSE
directory, you can add it following these steps, but in this case, I would suggest you make sure to clarify in theREADME
file the context where this license is used and applied and that it refers to the binary component involved in booting Raspberry Pi devices. Something like "The custom proprietary license in the LICENSES directory is part of the build system functionality and refers to closed source components involved in running or using a Raspberry Pi device"The copyright tag in the text file of this custom license itself refers only to the license text, so no other action is required.
Please bear in mind that this is meant to be a practical example of how the REUSE specifications would look like, feel free to implement them or some, but also feel free to proceed to do so on your own.
I would like to note that while reaching REUSE compliance is a larger one-time chunk, maintaining this status is fairly simple: inclusion in CI pipelines, pre-commit hooks, badges, you-name-it, everything possible 2.
Please also note that REUSE is an established practice with a lot of organisations using it, among them the KDE community, curl, GNUHealth (in progress), Linux kernel, companies such as Siemens, SAP, and LGE, as well as numerous smaller and larger projects. We would be happy to have you on board as well!
If there is something we can help with, feel free to reach out, we are more than happy to help!
Footnotes
https://reuse.software/ ↩
https://reuse.software/dev/ ↩