Bits of Freedom
Bits of Freedom

Tinkerer and thinker on everything free and open. Exploring possibilities and engaging with new opportunities to instigate change.

Jonas Öberg
Author

Jonas is a dad, husband, tinkerer, thinker and traveler. He's passionate about the future and bringing people together, from all fields of free and open.

Share


My Newsletters


If you're interested in what Commons Machinery, Elog.io, or myself are up to, I'd love for you to be part of my notification lists. It's pretty low volume, a few messages per month, depending on which notifications you sign up for. Thanks for taking an interest!

Read more & subscribe
Bits of Freedom

REUSE templates and examples

Jonas ÖbergJonas Öberg

The FSFE's REUSE initiative, in which we're encouraging the uptake of practices which enable computer-readable licensing and copyright information is progressing well. In the next couple of days, I'll be working on implementing these practices for a few different projects I know of, to make some examples for what a project needs to do to adhere to the REUSE practices and get a nice REUSE compliant badge!

reuse compliant

What we've already done is to create three different Git repositories, each of which is REUSE compliant, and which demonstrate different parts of the REUSe practices. You can already have a look at them here, here and here. Here's more information about each one:

Simple Hello

https://git.fsfe.org/reuse/simple-hello/
This repository contains perhaps the simplest example of a REUSE compliant program. It has a single source code file, a single license and copyright holder. As you can see if you browse it, it has a single LICENSE file, which contains a copy of the license, the GPLv3 in this case.

The LICENSE file is unchanged and used in verbatim format, which makes it possible to get an MD5/SHA1 hash of it to verify it has not been changed from the original.

There's no way to include a reasonable comment in a Markdown file, so rather than placing the license header in the README.md file, we place it separately, in README.md.license. The format of the header follow a standard format and is the same also in the src/server.js source code file.

What's important to keep in mind is that aside from having a consistent style, each header also includes the SPDX-License-Identifier tag which signals which license the file is covered by, and the License-Filename tag which gives a reference to the exact license file in use (relative to the project root).

And that's pretty much it! This is a simple, REUSE compliant, project. It may not look like much, but this is now a project which any software tool supporting the REUSE practices can understand.

Included Hello

https://git.fsfe.org/reuse/included-hello/

Building on the simple version before it, this repository looks much the same. The difference is that there are two different licenses involved. The src/index.js file is licensed under an MIT license, and the README.md under GPLv3. Since two license files are involves, we put both of them in the LICENSES/ directory and make sure to explicitly refer to them from the source files.

SPDX Hello

https://git.fsfe.org/reuse/spdx-hello/

The final practice recommended by the REUSE project is to use the best available information in a repository and automatically create an SPDX file with license and copyright information. You should never try to do this manually: the SPDX file gets very difficult to update if you do it manually, and generating it automatically is the only sensible way to make sure it's continuously updated.

The SPDX Hello example is a repository which does exactly this. It's extraordinarily hack-ish and will break on anything which doesn't look exactly like the example, but it may serve as inspiration for further work.

The repository uses two hooks, a pre-commit and a post-commit, which anyone with commit access to the repository must make sure to enable. On each commit, the post-commit hook uses the lint-bom program from https://git.fsfe.org/reuse/lint/ (this is the very hackish part), which goes through all inluded files, picks out the license headers, looks at the SPDX-License-Identifier and License-Filename tags and assembles what is meant to be a complete SPDX file.

Since this is run automatically on each commit, it should always be accurate. In practice, you would want to do more than this repository does. You may want to verify the SPDX file after creation, look into adding concluded license information, and adding more metadata to the SPDX file than what I currently have.

But this is still a functional example of what we hope REUSE will lead to: repositories, big and small, with copyrights and licenses which can be read not by humans, but by computers too!

Jonas Öberg
Author

Jonas Öberg

Jonas is a dad, husband, tinkerer, thinker and traveler. He's passionate about the future and bringing people together, from all fields of free and open.