Reuse compliance / license identifier / SPDX

[CarlSchwan]

There is now a specification about how to declare license in for our source code: reuse.software

This would allow to replace:

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Christoph Wurst <[email protected]>
 * @author Joas Schilling <[email protected]>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program. If not, see <http://www.gnu.org/licenses/>
 *
 */

with

<?php
/**
 * SPDX-FileCopyrightText: 2016, ownCloud, Inc.
 * SPDX-FileCopyrightText: Christoph Wurst <[email protected]>
 * SPDX-FileCopyrightText: Joas Schilling <[email protected]>
 * SPDX-License-Identifier: AGPL-3.0-only
 */

This has the following advantages:

• It's shorter :)
• It's machine-readable, so we can have a CI job verify that no file is missing licensing statements
• It's standardized using SPDX identifiers and is starting to get adopted in many other large open-source projects: e.g. Linux kernel, KDE

For porting to SPDX, I had a good experience using licensedigger. It supports a wide range of licenses and is easy to add more in our case AGPL-3.0-or-later and AGPL-3.0-only. If people are okay I could do that in some small apps first so that we can look at the result before doing the server repo.

[CarlSchwan]

I ported the profiler repo to use it nextcloud/profiler#14

[schiessle]

It would be really great if we would become reuse compliant, thanks for bringing this up @CarlSchwan

Sometimes we also need to provide a overview over all Free Software licenses withing Nextcloud, this would also make it easier to compile such a list.

[mgallien]

Switching to reuse compliant license/copyright notices would also allow to automatically check for compliance in our CI pipelines on pull requests
see https://reuse.software/dev/#ci

[CarlSchwan]

I started porting groupfolders to reuse here: nextcloud/groupfolders#2046

This requires the following patch to teach licensedigger to correctly identify Nextcloud headers https://invent.kde.org/sdk/licensedigger/-/merge_requests/99

[juliusknorr]

Has been done with #45244 and several follow up prs.