Proposal: Allow REUSE compatible License Statements in License Policy

Boudewijn Rempt boud at valdyas.org
Mon Jan 6 17:14:45 GMT 2020 

I'm all for it. It looks thorough, sensible and very useful.

On zondag 5 januari 2020 16:40:20 CET Andreas Cord-Landwehr wrote:
> Hi, I want to propose to allow SPDX-based [5] and REUSE.software [1] 
> compatible license statements as a new option in our KDE licensing policy.
> 
> For background information about REUSE and SPDX and why it makes sense, I 
> tried to aggregate the important information in a blog post and will not add 
> any details in this mail: https://cordlandwehr.wordpress.com/2019/12/31/reuse-machine-readable-license-information/
> 
> In order to start porting to SPDX identifiers and to allow license statements 
> that are compatible with the REUSE specification, a few changes are needed in 
> our license possibly, which currently is focused on license header statements 
> [2]. Thus, I propose the following changes:
> 
> 1. Allow SPDX-based license statements by replacing bullet point 3 with: "Each 
> source file either must contain SPDX identifiers or licence headers to state 
> under which terms the software may be used, modified and redistributed. The 
> SPDX identifiers or licence headers stated below must be used. Inside one 
> repository all files shall follow the same system for licence statements."
> 2. Require REUSE conformance by adding a sub bullet point 3.1 that requires 
> license text to be added in a REUSE compatible way: "For each used SPDX 
> identifier, the licence text must be included compatible with the SPDX 
> specification."
> 3. Update all SPDX license identifiers in the policy with their current 
> versions (e.g. GPL-2.0 was replaces with GPL-2.0-only to stress the identifier 
> meaning)
> 4. Specify how to state the LicenseRef-KDE-Accepted-LGPL and LicenseRef-KDE-
> Accepted-GPL statements. For details see the discussion on the SPDX list [3]. 
> A very short discussion is also on the OSI license review list about the 
> question if the statement that KDE acts as a proxy to accept possible upcoming 
> GPL/LGPL licenses is a license of its own or not.
> 
> To make these changes easier to review, I prepared a license policy update 
> draft (note the v2 if you saw my previous draft). My goal is to make the 
> changes to the policy as small as possible at the moment to keep the review 
> phase short. (as a side-note, I would like to also talk about a bigger 
> revision at next Akademy, which focuses on a refactoring between the legal 
> requirements of allowed licenses and the technical way how to correctly state 
> licensing information).
> 
> Here is my policy update proposal:
> * Proposal: https://community.kde.org/Policies/Licensing_Policy/Draft_SPDX_v2
> * Diff to current policy: https://community.kde.org/index.php?
> title=Policies%2FLicensing_Policy%2FDraft_SPDX_v2&type=revision&diff=87138&oldid=87134
> 
> I would be very happy to receive feedback if this proposal goes into the right 
> direction and if we shall go forward this way. Also (mostly for the legal 
> experts), I would be glad if you could carefully read the LicenseRef-KDE-
> Accepted-LGPL and LicenseRef-KDE-Accepted-GPL statements and give me feedback. 
> Those are based on our current license statements but try to better integrate 
> with the SPDX based license statements.
> 
> Cheers,
> Andreas
> 
> [1] https://reuse.software/
> [2] https://community.kde.org/Policies/Licensing_Policy
> [3] https://github.com/spdx/license-list-XML/issues/928#issuecomment-562945646
> [4] http://lists.opensource.org/pipermail/license-review_lists.opensource.org/
> 2019-December/004454.html
> [5] https://spdx.org/
> 
> 
> 


-- 
https://www.valdyas.org | https://www.krita.org

More information about the kde-community mailing list