+1! More standardization and structure in the license information should simplify maintenance and validation of this information, even better if it's following a global standard :)
Thanks for working on this, Volker On Sunday, 5 January 2020 16:40:20 CET Andreas Cord-Landwehr wrote: > Hi, I want to propose to allow SPDX-based [5] and REUSE.software [1] > compatible license statements as a new option in our KDE licensing policy. > > For background information about REUSE and SPDX and why it makes sense, I > tried to aggregate the important information in a blog post and will not add > any details in this mail: > https://cordlandwehr.wordpress.com/2019/12/31/reuse-machine-readable-licens > e-information/ > > In order to start porting to SPDX identifiers and to allow license > statements that are compatible with the REUSE specification, a few changes > are needed in our license possibly, which currently is focused on license > header statements [2]. Thus, I propose the following changes: > > 1. Allow SPDX-based license statements by replacing bullet point 3 with: > "Each source file either must contain SPDX identifiers or licence headers > to state under which terms the software may be used, modified and > redistributed. The SPDX identifiers or licence headers stated below must be > used. Inside one repository all files shall follow the same system for > licence statements." 2. Require REUSE conformance by adding a sub bullet > point 3.1 that requires license text to be added in a REUSE compatible way: > "For each used SPDX identifier, the licence text must be included > compatible with the SPDX specification." > 3. Update all SPDX license identifiers in the policy with their current > versions (e.g. GPL-2.0 was replaces with GPL-2.0-only to stress the > identifier meaning) > 4. Specify how to state the LicenseRef-KDE-Accepted-LGPL and LicenseRef-KDE- > Accepted-GPL statements. For details see the discussion on the SPDX list > [3]. A very short discussion is also on the OSI license review list about > the question if the statement that KDE acts as a proxy to accept possible > upcoming GPL/LGPL licenses is a license of its own or not. > > To make these changes easier to review, I prepared a license policy update > draft (note the v2 if you saw my previous draft). My goal is to make the > changes to the policy as small as possible at the moment to keep the review > phase short. (as a side-note, I would like to also talk about a bigger > revision at next Akademy, which focuses on a refactoring between the legal > requirements of allowed licenses and the technical way how to correctly > state licensing information). > > Here is my policy update proposal: > * Proposal: > https://community.kde.org/Policies/Licensing_Policy/Draft_SPDX_v2 * Diff to > current policy: https://community.kde.org/index.php? > title=Policies%2FLicensing_Policy%2FDraft_SPDX_v2&type=revision&diff=87138&o > ldid=87134 > > I would be very happy to receive feedback if this proposal goes into the > right direction and if we shall go forward this way. Also (mostly for the > legal experts), I would be glad if you could carefully read the > LicenseRef-KDE- Accepted-LGPL and LicenseRef-KDE-Accepted-GPL statements > and give me feedback. Those are based on our current license statements but > try to better integrate with the SPDX based license statements. > > Cheers, > Andreas > > [1] https://reuse.software/ > [2] https://community.kde.org/Policies/Licensing_Policy > [3] > https://github.com/spdx/license-list-XML/issues/928#issuecomment-562945646 > [4] > http://lists.opensource.org/pipermail/license-review_lists.opensource.org/ > 2019-December/004454.html > [5] https://spdx.org/
signature.asc
Description: This is a digitally signed message part.