Use SPDX copyright and license headers #571
Conversation
|
Ack! :) ignore other discussion in e2e PR for now... |
nirs
force-pushed
the
spdx
branch
5 times, most recently
from
cf81aa9 to
9a9f7f3
Compare
|
The Build image and ensure clean branch test failure is unerelated, works on my fork: |
| @@ -1,3 +1,6 @@ | |||
| # SPDX-FileCopyrightText: The RamenDR authors | |||
There was a problem hiding this comment.
These are copied of CRD from other repositories, placed here for ease of use in envtests (mostly). I would hence assume these should not be copyrighted by Ramen.
There was a problem hiding this comment.
Having different copyrights is complicated, I don't think we want to go there.
It is easier to have different license for such files (this is why LICENSES/ is
a directory), but this also add complication for no good reason.
What is the issue of Ramen copyright and Apache license on all files in the repo?
There was a problem hiding this comment.
Both on DCO and these files, we copied them into this repository and do not own the copyright on them?
There was a problem hiding this comment.
the DCO is a special case since it is kind of a unmodifed license files and already
has a copyright.
But file like this:
https://github.com/RamenDR/ramen/blob/aeb78e2c0b4865691806e8dd61d6247921c0d378/hack/test/0000_00_clusters.open-cluster-management.io_managedclusters.crd.yaml
has no info on the source of the file and the copyright. We cannot have such files in
the source without any copyright and license. What copyright and license do you want to use for this files?
Can we download the crds from the original source during the build like we do in #559
for rook yamls?
There was a problem hiding this comment.
Technically we can and the following should change:
ramen/.github/workflows/sanity.yml
Lines 144 to 146 in 22669ab
- (and similar in files util_suite_test.go and volsync_suite_test.go)
ramen/controllers/suite_test.go
Lines 138 to 144 in 22669ab
There was a problem hiding this comment.
I don't want to invest more time in this right now, so I'll open issues creating the test
environment dynamically and adding a reuse lint step.
I will change the first commit to add licenses on to files that already have license
boileplate, so we keep the current copyright/license status of the project, using SPDX
instead of the text boilerplate.
There was a problem hiding this comment.
Overall I would feel better if we did not copyright anything in config directory. This one is mostly auto generated, and really do not need to be copyrighted as such.
Are there ways to exclude directories that need not have the copyrights with the reuse tool?
Reuse does not have a way to exclude specific files[1], but it does support the .reuse/dep5 file, which support bulk-license[2] specifying license for specific files without modifying I'm checking if this works with [1] https://reuse.software/faq/#exclude-file |
The YAML files for example under config/samples are provided with the olm bundle to enable users to create their versions of the resource, modifying the given sample. A copyright appearing in the sample would require what from the user under the Redistribution clause of the copyright . Practice in this space does not seem to copyright the YAMLs and unless we know where we stand legally on this it is difficult to decide otherwise. IOW, I do not want to spook a user making changes to the deployment YAMLs or samples for their distribution. |
I would possibly put these as configuration files and hence copyright not required, as in: https://reuse.software/faq/#what-is-copyrightable |
In the current version, the entire config directory is marked CC0-1.0 (public domain). Are |
The modern way to specify copyright and license is using SPDX[1]
headers. This is nicer for developers and more friendly for programs
that want to extract this info.
This change replaces existing copyright and license boilerplate with SPDX
headers.
SPDX headers were added using:
reuse init
...
reuse addheader \
--copyright 'The RamenDR authors' \
--exclude-year \
--license Apache-2.0 \
--template ramen \
--skip-unrecognised \
`git grep -l -E '^Copyright [0-9]+ The RamenDR'`
And removing the duplicate `Copyright` lines created by the `reuse` tool:
// Copyright 2022 The RamenDR authors.
The copyright excludes the years since this info is not really needed,
and this avoids the work of updating all copyrights every year.
The hack/boilerplate.go.txt and .golangci.yaml were modified manually.
Signed-off-by: Nir Soffer <[email protected]>
nirs
force-pushed
the
spdx
branch
2 times, most recently
from
590a95c to
7a0b024
Compare
Keeping LICENSE helps github and Go tools to detect the license. Signed-off-by: Nir Soffer <[email protected]>
For some reason drplacementcontrolvolsync.go did not have copyright and license boileplate, add SPDX haders. Signed-off-by: Nir Soffer <[email protected]>
For some reason some of the tests had no copyright and license
boilerplate, add SPDX headers.
Added using:
$ reuse addheader \
--copyright 'The RamenDR authors' \
--exclude-year \
--license Apache-2.0 \
--template ramen \
`git ls-files | grep _test.g`
Signed-off-by: Nir Soffer <[email protected]>
Various documents had no license or copyright information. Add the same
copyright and license used by the Go files.
Added using:
$ reuse addheader \
--copyright 'The RamenDR authors' \
--exclude-year \
--license Apache-2.0 \
--template ramen \
`git ls-files | grep '.md$'
Signed-off-by: Nir Soffer <[email protected]>
Like the rest of the documents, the images should have copyright and
license information. This is done by an explicit .license file.
Add using:
reuse addheader \
--copyright 'The RamenDR authors' \
--exclude-year \
--license Apache-2.0 \
--template ramen \
docs/interfaces.png
Signed-off-by: Nir Soffer <[email protected]>
The hack directory scripts had no copyright info. Use the same as the Go
files.
Added using:
$ reuse addheader \
--copyright 'The RamenDR authors' \
--exclude-year \
--license Apache-2.0 \
--template ramen \
`git ls-files | grep -E 'hack/.+\.sh$'`
Signed-off-by: Nir Soffer <[email protected]>
There was a problem hiding this comment.
Questions:
- The CC for config/ is removed, the plan is to add this later?
- reuse automation is again for later?
- I think as a followup these files should not get a copyright notice, they are autogenerated or config files and if we can exclude them and implement reuse automation we should:
- go.mod, go.sum, .dockerignore, .gitignore
Rest of the changes are good, and moves us closer to lesser copyright worries in the future, thanks!
Yes, but I'm not sure this is correct for all files in config.
Yes, this can be used only when handle all files in the project.
I don't think it worth the effort to have special license (e.g. CC0-10) for these files, For now I will remove these files from the last commit, and we can discuss them later. |
To make the project compliant with the REUSE spec[1], all files should have SPDX headers. For simplicity, treat the rest of the files in the same way we treat code. Some files in config, examples, and hack directories are not handled yet, since it is not clear if we own them and which license should be used. We did not decide yet how to license go.mod, go.sum, .*ignore, so they are not included in this commit. [1] https://reuse.software/spec/ Signed-off-by: Nir Soffer <[email protected]>
|
@ShyamsundarR I removed go.mod, go.sum, and .*ignore files from the last commit. This should Added #577 for tracking the next step of this work. |
Convert license and copyright boilerplate to SPDX format and add missing copyright
and license info for most files
Some files are not handled yet, so we cannot add a
reuse lintstep to the CI.
Current status: