Proposal: Allow REUSE compatible License Statements in License Policy
Andreas Cord-Landwehr
cordlandwehr at kde.org
Sun Jan 5 15:40:20 GMT 2020
Hi, I want to propose to allow SPDX-based [5] and REUSE.software [1]
compatible license statements as a new option in our KDE licensing policy.
For background information about REUSE and SPDX and why it makes sense, I
tried to aggregate the important information in a blog post and will not add
any details in this mail: https://cordlandwehr.wordpress.com/2019/12/31/reuse-machine-readable-license-information/
In order to start porting to SPDX identifiers and to allow license statements
that are compatible with the REUSE specification, a few changes are needed in
our license possibly, which currently is focused on license header statements
[2]. Thus, I propose the following changes:
1. Allow SPDX-based license statements by replacing bullet point 3 with: "Each
source file either must contain SPDX identifiers or licence headers to state
under which terms the software may be used, modified and redistributed. The
SPDX identifiers or licence headers stated below must be used. Inside one
repository all files shall follow the same system for licence statements."
2. Require REUSE conformance by adding a sub bullet point 3.1 that requires
license text to be added in a REUSE compatible way: "For each used SPDX
identifier, the licence text must be included compatible with the SPDX
specification."
3. Update all SPDX license identifiers in the policy with their current
versions (e.g. GPL-2.0 was replaces with GPL-2.0-only to stress the identifier
meaning)
4. Specify how to state the LicenseRef-KDE-Accepted-LGPL and LicenseRef-KDE-
Accepted-GPL statements. For details see the discussion on the SPDX list [3].
A very short discussion is also on the OSI license review list about the
question if the statement that KDE acts as a proxy to accept possible upcoming
GPL/LGPL licenses is a license of its own or not.
To make these changes easier to review, I prepared a license policy update
draft (note the v2 if you saw my previous draft). My goal is to make the
changes to the policy as small as possible at the moment to keep the review
phase short. (as a side-note, I would like to also talk about a bigger
revision at next Akademy, which focuses on a refactoring between the legal
requirements of allowed licenses and the technical way how to correctly state
licensing information).
Here is my policy update proposal:
* Proposal: https://community.kde.org/Policies/Licensing_Policy/Draft_SPDX_v2
* Diff to current policy: https://community.kde.org/index.php?
title=Policies%2FLicensing_Policy%2FDraft_SPDX_v2&type=revision&diff=87138&oldid=87134
I would be very happy to receive feedback if this proposal goes into the right
direction and if we shall go forward this way. Also (mostly for the legal
experts), I would be glad if you could carefully read the LicenseRef-KDE-
Accepted-LGPL and LicenseRef-KDE-Accepted-GPL statements and give me feedback.
Those are based on our current license statements but try to better integrate
with the SPDX based license statements.
Cheers,
Andreas
[1] https://reuse.software/
[2] https://community.kde.org/Policies/Licensing_Policy
[3] https://github.com/spdx/license-list-XML/issues/928#issuecomment-562945646
[4] http://lists.opensource.org/pipermail/license-review_lists.opensource.org/
2019-December/004454.html
[5] https://spdx.org/
More information about the kde-community
mailing list