SPDX copyright: make project reuse-compliant #306
Conversation
aesteve-rh
requested review from
nirs,
mz-pdm,
almusil and
tinez
as code owners
|
Just an idea, since I noticed outdated copyright on recently updated files, and this is something generally difficult to maintain if we don't automate it. Complemented with a script to update copyright automatically, could make keeping the copyright updated much easier. Adding this to a CI may seem like extra burden for contributors, but take into account that this only will pop up at the beginning of each year, and relax later on. |
There was a problem hiding this comment.
I'm not sure this change would be very useful. It would be better to replace the years and the whole copyright texts with short SPDX identifiers. If you'd like to take such an effort, there was some related discussion in comments to https://gerrit.ovirt.org/c/vdsm/+/116741 .
|
I did not know that this was discussed before. In principle, I do not intend to replace the format, just have a simple check to ensure that the year is updated in the modified files in a branch. No global update, but incremental, depending on the files updated. No format check. I mean, it could be just as simple as looking for the year string in the first two lines, and remove the regex, if we prefer it to be completely format agnostic. But if there is no need to enforce/check for copyright updates, we can dismiss the PR. |
|
AFAIK the years do not have a significant legal meaning so although it's good to keep them up-to-date, it's not strictly necessary. It doesn't harm to have a tool to check them but I'm not sure it's worth to maintain it in automation, IMO the resources could be better spent towards the conversion to SPDX and to get rid of the problem completely (which I admit is more difficult but perhaps not that much if we can agree how to do it). Let's see what the others think. |
|
The best way is to replace the copyrights (removing the years) and the license boilerplate using the ‘reuse’ tool, and add ‘reuse lint’ step to the ci. see how it integrated in blkhash: https://gitlab.com/nirs/blkhash/-/blob/master/.reuse/templates/blkhash.jinja2 |
aesteve-rh
force-pushed
the
aesteve/check-copyright
branch
from
51d4c3f to
2a26229
Compare
|
I have been playing with the reuse tool. It is really nice indeed. The branch needs some refinement (probably some copyright comments are in the wrong style), but is a very powerful tool. |
|
Cool, looks promising. It needs some polishing (it sometimes removes more than just the copyright notice) and explanations (do we keep the original copyright notices? will we still have years in SPDX identifiers?) but hopefully it will achieve the desired result. Why to add LICENSES/ when we already have COPYING? |
|
# Copyright 2008-2020 Red Hat, Inc.
# SPDX-FileCopyrightText: 2022 Red Hat, Inc.
# SPDX-License-Identifier: GPL-2.0-or-laterPreviously: #
# Copyright 2008-2020 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
# Refer to the README and COPYING files for full details of the license
#If we prefer to keep the full header, that is configurable (in the template).
|
|
Note for the CIs: https://github.com/marketplace/actions/reuse-compliance-check |
aesteve-rh
changed the title
|
I think we needn't duplicate the copyright notices. So if we have SPDX-FileCopyrightText: SOMETHING A then there is no need to keep Copyright SOMETHING-A at the same place. But make sure all the copyright lines (I mean those single "Copyright XXXX YYYY" lines, not full headers) are copied to SPDX-FileCopyrightText entries, I could see some non-RH ones were missing. As for years, I'm not sure what to do about them. We'd like to get rid of updating them, OTOH we should probably not discard the existing ones blindly. Examples in https://spdx.github.io/spdx-spec/v2.3/file-tags/ show entries both with and without dates, https://spdx.github.io/spdx-spec/v2.3/file-information/#8.8 suggests to keep the information as it is, including dates. So I'd keep the dates for now. If LICENSES/ is required then OK. Whether to keep COPYING in such a case: It defines the default licence, which may be relevant for files without copyright information. So it's probably better to keep it. IANAL so trying to be on the safe side with my suggestions. Maybe someone else can clarify it. |
aesteve-rh
force-pushed
the
aesteve/check-copyright
branch
from
2a26229 to
7983f2f
Compare
aesteve-rh
force-pushed
the
aesteve/check-copyright
branch
2 times, most recently
from
2d0fe0c to
1a5b490
Compare
Please add reuse to the containers before you add reuse to the lint target. |
aesteve-rh
force-pushed
the
aesteve/check-copyright
branch
from
1a5b490 to
727231d
Compare
Add GPL copyright header in all markdown files in the project with the file extension. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to shell scripts in the project. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to Makefiles[.am]? Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header in the root project folder files. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to the files in the docker folder. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header in all files with *.yml extension in the project. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to vdsm_hooks folder files. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to files in the vdsm_log folder. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to all xml files in the project. These xml are parsed later and make tests to fail if we add an inlined copyright headers. In order to avoid this, create explicit license files for project xmls. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header for files with the .conf extension in the project. Signed-off-by: Albert Esteve <[email protected]>
Add GLP license files for json files. JSON format does not accept comments. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to ax_python_module.m4. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to files in the static folder. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to files in the build-aux folder. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to the rest of the files in the tests folder. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to the files in the ci folder. Signed-off-by: Albert Esteve <[email protected]>
Add GPL copyright header to the rest of the project files not covered by other commits. Signed-off-by: Albert Esteve <[email protected]>
Add reuse environment in tox to run the linter. Then, add a Makefile target to run the reuse environment, which allows the pipelines to check the SPDX copyright headers and ensure that the project is reuse-compliant. Signed-off-by: Albert Esteve <[email protected]>
Document new SPDX headers policy, new contrib/add-spdx-header.sh script to add SPDX header to new files, and a few reuse command examples to handle non-default licenses. Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh
force-pushed
the
aesteve/check-copyright
branch
from
1690e86 to
6c6c5d7
Compare
|
Why do we have so many files in Vdsm? :-) Looks OK to me as I skimmed through it. Let's preferably merge this before branching, to avoid troubles with future backports. |
|
/ost basic-suite-master el9stream |
Make the whole project reuse-compliant and add
a lint job to check that all files have their copyright.
Signed-off-by: Albert Esteve [email protected]