Proposal: Allow REUSE compatible License Statements in License Policy

Mon Jan 6 17:04:18 GMT 2020

+1! More standardization and structure in the license information should 
simplify maintenance and validation of this information, even better if it's 
following a global standard :)

Thanks for working on this,
Volker

On Sunday, 5 January 2020 16:40:20 CET Andreas Cord-Landwehr wrote:
> Hi, I want to propose to allow SPDX-based [5] and REUSE.software [1]
> compatible license statements as a new option in our KDE licensing policy.
> 
> For background information about REUSE and SPDX and why it makes sense, I
> tried to aggregate the important information in a blog post and will not add
> any details in this mail:
> https://cordlandwehr.wordpress.com/2019/12/31/reuse-machine-readable-licens
> e-information/
> 
> In order to start porting to SPDX identifiers and to allow license
> statements that are compatible with the REUSE specification, a few changes
> are needed in our license possibly, which currently is focused on license
> header statements [2]. Thus, I propose the following changes:
> 
> 1. Allow SPDX-based license statements by replacing bullet point 3 with:
> "Each source file either must contain SPDX identifiers or licence headers
> to state under which terms the software may be used, modified and
> redistributed. The SPDX identifiers or licence headers stated below must be
> used. Inside one repository all files shall follow the same system for
> licence statements." 2. Require REUSE conformance by adding a sub bullet
> point 3.1 that requires license text to be added in a REUSE compatible way:
> "For each used SPDX identifier, the licence text must be included
> compatible with the SPDX specification."
> 3. Update all SPDX license identifiers in the policy with their current
> versions (e.g. GPL-2.0 was replaces with GPL-2.0-only to stress the
> identifier meaning)
> 4. Specify how to state the LicenseRef-KDE-Accepted-LGPL and LicenseRef-KDE-
> Accepted-GPL statements. For details see the discussion on the SPDX list
> [3]. A very short discussion is also on the OSI license review list about
> the question if the statement that KDE acts as a proxy to accept possible
> upcoming GPL/LGPL licenses is a license of its own or not.
> 
> To make these changes easier to review, I prepared a license policy update
> draft (note the v2 if you saw my previous draft). My goal is to make the
> changes to the policy as small as possible at the moment to keep the review
> phase short. (as a side-note, I would like to also talk about a bigger
> revision at next Akademy, which focuses on a refactoring between the legal
> requirements of allowed licenses and the technical way how to correctly
> state licensing information).
> 
> Here is my policy update proposal:
> * Proposal:
> https://community.kde.org/Policies/Licensing_Policy/Draft_SPDX_v2 * Diff to
> current policy: https://community.kde.org/index.php?
> title=Policies%2FLicensing_Policy%2FDraft_SPDX_v2&type=revision&diff=87138&o
> ldid=87134
> 
> I would be very happy to receive feedback if this proposal goes into the
> right direction and if we shall go forward this way. Also (mostly for the
> legal experts), I would be glad if you could carefully read the
> LicenseRef-KDE- Accepted-LGPL and LicenseRef-KDE-Accepted-GPL statements
> and give me feedback. Those are based on our current license statements but
> try to better integrate with the SPDX based license statements.
> 
> Cheers,
> Andreas
> 
> [1] https://reuse.software/
> [2] https://community.kde.org/Policies/Licensing_Policy
> [3]
> https://github.com/spdx/license-list-XML/issues/928#issuecomment-562945646
> [4]
> http://lists.opensource.org/pipermail/license-review_lists.opensource.org/
> 2019-December/004454.html
> [5] https://spdx.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20200106/328bf95b/attachment.sig>