On Mon, Jan 06, 2025 at 04:42:08PM +0100, kpcyrd wrote:
> On 1/6/25 3:49 PM, Rafael Epplée wrote:
> > Let's consider going with a less explicit way to specify licensing info,
> > and drastically reduce the work involved:
> >
> > - Add a LICENSES folder with the original 0BSD text inside
> > - Instead of REUSE.toml, use the same piece of prose in every repo to
> > specify which files are covered by the 0BSD, e.g. in the README:
> >
> > > Binary files, as well as any files describing changes ("patches") to
> > the software that is being built are provided under the license terms of
> > the software they describe changes for.
> > > Any files containing a license notice are provided under the license
> > terms defined in their respective notices.
> > > Files not matching the conditions above are provided under the 0BSD
> > license.
> >
> > This would have the advantage of being easy to automate, and easy to
> > implement for devtools maintainers and package maintainers.
>
> I think this is a reasonable approach. I don't think this qualifies as
> cruft, if we consider it necessary to put a LICENSE file into every PKGBUILD
> repository, this file would be equally valid. It clarifies the copyright
> situation with the same level of authority as the LICENSE file does.
>
> Including a LICENSE and README file into each PKGBUILD repository in the
> first place (vs. archlinux/state.git or elsewhere) is something we could
> also revisit of course, but I also strongly think we shouldn't use a custom
> license text.
>
> I think implementing REUSE for an entire operating system is enough work to
> warrant an interim solution. I've been doing this kind of copyright
> annotation work for Debian for just shy of about 300 packages and it's a
> heroic amount of work to do this for the entire operating system.
Debian mirrors sources and we do not need to do the same amount of work for
this.
I annotated your packages quickly to gauge. So you maintain 145 packages, and
`pkgctl clone --maintainer kpcyrd` gave me ~138 repositories.
I then wrote a quick script that stuff a baseline REUSE.toml config into each of
your repositories and made it output all failing lints.
Out of 138 source repoes it listed 21 repositories to have additional work.
The example REUSE.toml is below. Please note I took the liberty of including the
vendored `Cargo.lock` files to include, as they are generated and maintained by
us(?).
version = 1
[[annotations]]
path = [
"PKGBUILD",
".SRCINFO",
".nvchecker.toml",
"*.install",
"Cargo.lock",
"keys/**",
"*.sysusers",
"*.tmpfiles"
]
SPDX-FileCopyrightText = "Arch Linux contributors"
SPDX-License-Identifier = "0BSD"
Running the same on my packages gave 39 repositories out of 202 git
repositories.
I don't think this is an unreasonable amount of work if we are estimating that
between 1
in 4 repositories needs some entries to be covered.
--
Morten Linderud
PGP: 9C02FF419FECBE16
signature.asc
Description: PGP signature
