Implement SPDX-Copyright

Implement SPDX-Copyright

[Max Mehl]

Dear all,

Great to see such a big effort going on so smoothly thanks to the
excellent collaboration here! I would like to make a small suggestion
for further improvement while we are already touching so many files in
Linux.

Currently, the REUSE and SPDX team are discussing the official
introduction of the *SPDX-Copyright* tag [^1] [^2], perhaps for SPDX 2.2
and REUSE 3.0. 

The benefit is that tools can easily detect the correct line which holds
the copyright/author/year information. As of now, there are files which
contain multiple occurrences of the word "Copyright", "©" or "(c)",
which then requires the usage of error-prone logics and patterns.

Let me give a concrete example. The following header from one of the
first patches sent around here:


  // SPDX-License-Identifier: GPL-2.0-or-later
  /*
   * Copyright (C) 2013 Pavel Machek <pavel@ucw.cz>
   * Copyright (C) 2013-2014 Aaro Koskinen <aaro.koskinen@iki.fi>


could become:


  // SPDX-License-Identifier: GPL-2.0-or-later
  /*
   * SPDX-Copyright: (C) 2013 Pavel Machek <pavel@ucw.cz>
   * SPDX-Copyright: (C) 2013-2014 Aaro Koskinen <aaro.koskinen@iki.fi>


The usage of (C) or any other copyright symbols would probably be up to
personal style or legal requirements. All this tag intends to achieve is
to make automatic tooling more robust.

What do you think? Would someone see issues with realising this
technically rather simple change in the same course of action?

Best,
Max


[^1]: https://github.com/fsfe/reuse-docs/pull/23

[^2]: https://github.com/spdx/spdx-spec/issues/122

-- 
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join

Re: Implement SPDX-Copyright

[Greg KH]

On Fri, May 24, 2019 at 04:22:54PM +0200, Max Mehl wrote:
> Dear all,
> 
> Great to see such a big effort going on so smoothly thanks to the
> excellent collaboration here! I would like to make a small suggestion
> for further improvement while we are already touching so many files in
> Linux.
> 
> Currently, the REUSE and SPDX team are discussing the official
> introduction of the *SPDX-Copyright* tag [^1] [^2], perhaps for SPDX 2.2
> and REUSE 3.0. 
> 
> The benefit is that tools can easily detect the correct line which holds
> the copyright/author/year information. As of now, there are files which
> contain multiple occurrences of the word "Copyright", "©" or "(c)",
> which then requires the usage of error-prone logics and patterns.
> 
> Let me give a concrete example. The following header from one of the
> first patches sent around here:
> 
> 
>   // SPDX-License-Identifier: GPL-2.0-or-later
>   /*
>    * Copyright (C) 2013 Pavel Machek <pavel@ucw.cz>
>    * Copyright (C) 2013-2014 Aaro Koskinen <aaro.koskinen@iki.fi>
> 
> 
> could become:
> 
> 
>   // SPDX-License-Identifier: GPL-2.0-or-later
>   /*
>    * SPDX-Copyright: (C) 2013 Pavel Machek <pavel@ucw.cz>
>    * SPDX-Copyright: (C) 2013-2014 Aaro Koskinen <aaro.koskinen@iki.fi>
> 
> 
> The usage of (C) or any other copyright symbols would probably be up to
> personal style or legal requirements. All this tag intends to achieve is
> to make automatic tooling more robust.

What is wrong with the current tooling that already picks up these
"Copyright" lines?  REUSE does this today (I use it on my userspace
programs), what would changing all of this in the kernel help with that
is currently broken today?

Also note, the absence of the "Copyright" wording does not imply that
the file is not also copyrighted by someone else.  But everyone here
already knows that, right?  :)

thanks,

greg k-h

Re: Implement SPDX-Copyright

[Allison Randal]

On 5/24/19 10:22 AM, Max Mehl wrote:
> 
> Currently, the REUSE and SPDX team are discussing the official
> introduction of the *SPDX-Copyright* tag [^1] [^2], perhaps for SPDX 2.2
> and REUSE 3.0. 
[...]

> What do you think? Would someone see issues with realising this
> technically rather simple change in the same course of action?

Since it is still under discussion, we should wait until that discussion
settles out before considering a massive application.

Allison

Re: Implement SPDX-Copyright

[Armijn Hemel - Tjaldur Software Governance Solutions]

On 5/24/19 4:22 PM, Max Mehl wrote:
> Let me give a concrete example. The following header from one of the
> first patches sent around here:

[snip]


This is a very simple example that most existing tools will pick up just
fine so as Greg already said: what problem will this solve? I would be
more concerned about how many existing tools would *break* with this new
syntax.



>
>
> The usage of (C) or any other copyright symbols would probably be up to
> personal style or legal requirements.


Legal requirements? As far as I know there is no need to explicitly
declare copyright to have copyright protection in the relevant
jurisdictions.


>  All this tag intends to achieve is
> to make automatic tooling more robust.


Do you have examples of where this approach would perform better than
existing tools? Those would be much more convincing. If not it would be
a waste of time and energy IMO.

armijn


-- 
Armijn Hemel, MSc
Tjaldur Software Governance Solutions

Re: Implement SPDX-Copyright

[J Lovejoy]

Hi Max,

Thanks for all the effort on REUSE and I hope I can find some time to review the work going on there in the near future.

Regarding the copyright tag - I just wanted to note that I have yet to see this topic raised on the SPDX legal team. While I think there are some SPDX folks commenting on the REUSE docs, it would really be best if discussion of any SPDX-Copyright tag occurred on the project mailing list and calls. While certainly the tech team folks should be involved due to the tooling connection, I think the legal team needs to weigh in as well.

Feel free to raise this on the mailing list here (you’ll need to join first, if you have not already): https://lists.spdx.org/g/spdx-legal

In the meantime, I suspect the kernel folks here have their hands full with getting the license identifiers into the kernel, which also involves being able to confidently identify the licensing info for each and every file - no small feat!  Anything with copyright notices maybe can wait for another time?


Thanks,
Jilayne
SPDX legal team co-lead

> On May 24, 2019, at 8:22 AM, Max Mehl <max.mehl@fsfe.org> wrote:
> 
> Dear all,
> 
> Great to see such a big effort going on so smoothly thanks to the
> excellent collaboration here! I would like to make a small suggestion
> for further improvement while we are already touching so many files in
> Linux.
> 
> Currently, the REUSE and SPDX team are discussing the official
> introduction of the *SPDX-Copyright* tag [^1] [^2], perhaps for SPDX 2.2
> and REUSE 3.0. 
> 
> The benefit is that tools can easily detect the correct line which holds
> the copyright/author/year information. As of now, there are files which
> contain multiple occurrences of the word "Copyright", "©" or "(c)",
> which then requires the usage of error-prone logics and patterns.
> 
> Let me give a concrete example. The following header from one of the
> first patches sent around here:
> 
> 
>  // SPDX-License-Identifier: GPL-2.0-or-later
>  /*
>   * Copyright (C) 2013 Pavel Machek <pavel@ucw.cz>
>   * Copyright (C) 2013-2014 Aaro Koskinen <aaro.koskinen@iki.fi>
> 
> 
> could become:
> 
> 
>  // SPDX-License-Identifier: GPL-2.0-or-later
>  /*
>   * SPDX-Copyright: (C) 2013 Pavel Machek <pavel@ucw.cz>
>   * SPDX-Copyright: (C) 2013-2014 Aaro Koskinen <aaro.koskinen@iki.fi>
> 
> 
> The usage of (C) or any other copyright symbols would probably be up to
> personal style or legal requirements. All this tag intends to achieve is
> to make automatic tooling more robust.
> 
> What do you think? Would someone see issues with realising this
> technically rather simple change in the same course of action?
> 
> Best,
> Max
> 
> 
> [^1]: https://github.com/fsfe/reuse-docs/pull/23
> 
> [^2]: https://github.com/spdx/spdx-spec/issues/122
> 
> -- 
> Max Mehl - Programme Manager - Free Software Foundation Europe
> Contact and information: https://fsfe.org/about/mehl | @mxmehl
> Become a supporter of software freedom:  https://fsfe.org/join