Ngi0 reuse #1527
Open
Ngi0 reuse #1527
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rixx
reviewed
Jul 22, 2023
There was a problem hiding this comment.
I'm confused by several things here.
- The SPDX format. The Apache licence info page states "Include a copy of the Apache License, typically in a file called LICENSE, in your work, and consider also including a NOTICE file that references the License.". How is the SPDX format necessary or helpful, when there is a bog-standard license file in its normal location at
LICENSE? - The inclusion of the Apache2 licence in
LICENCES, when it is already included inLICENSE. Isn't this confusing to everybody trying to figure out pretalx's licensing? - Your newly included Apache2 licence (see above) contains the blanket "Copyright [yyyy] [name of copyright owner]" line. Why?
- The inclusion of a GitHub URL. GitHub is absolutely incidental to pretalx, and including a GitHub URL in every pretalx source file (!) would tie us to the platform to an uncomfortable degree. Why is that necessary?
- The inclusion of the contributor graph in the license identifier text – currently, our
LICENSEfile says "Copyright 2017 Tobias Kunze r@rixx.de. Licensed under the Apache License", etc. Isn' this … implicit relicensing, while pointing at a changeable data source owned by GitHub, who could put there what and who they want? - Naming 2023 as year in every single file. Assuming that we do not have to update that year (do we?), isn't his still a relicensing, when pretalx has already been licensed for many years?
- Assuming that the SPDX header is required; is the empty line between entries required? Why?
- Assuming that the SPDX header is required; is the FileCopyrightText line required? Why?
- The inclusion of the SPDX header in files that are not original to pretalx, such as vendored JavaScript files. I do not believe that this is a) proper and b) good practice, especially as this would require manual intervention with any update of vendored data.
I can see how making image licensing more clear is a good idea, and licensing the images under some version of CC (not necessarily CC0) the most practical step. However, I don't think that adding a .license file to every image seems like it's overdoing things and also brittle to future image addition, rather than noting a blanket license for self-created image assets.
|
In conclusion: thank you for your effort; however, I'll have to consider the matter further, and I don't believe the PR as it stands is a good fit for pretalx. Thank you, however, for raising the matter of image licensing, as I'll think about including proper image licensing guideline in the repo. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
By way of introduction, I am Jithendra with the Free Software Foundation Europe, a consortium member of the NGI0 Initiative, of which you have signed pretalx up for participation and funding. Part of what is offered with your involvement with NGI0 is help from us with your project on your copyright and license management.
After a quick check on your repository, I would like to propose some updates regarding copyright and licensing information in your files. Our REUSE specification (https://reuse.software) intends to make licensing easier with best practices to display legal information through comment headers on source files that can be easily human and machine readable. The REUSE tool makes the process of applying licenses to files and compliance checking much easier.
Instructions on how to install the REUSE tool can be found here: https://reuse.readthedocs.io/en/stable/readme.html#install
You can also check out this screencast for more instructions on how to use the REUSE tool: https://download.fsfe.org/videos/reuse/screencasts/reuse-tool.gif
The changes in this pull request have also been made for you to understand the basic ideas behind REUSE, and how adopting the REUSE practices would look like within your repository.
REUSE Features:
• SPDX copyright and license comment headers for relevant files.
• LICENSES directory with licenses used in the repository
• Associating copyright/licensing information through a DEP5 file in large directories.
Files Missing Copyright and Licensing Information
I've noticed that several files in your repository already contain information about the copyright and license information for the code in that particular file. That's great! Nevertheless, the idea behind REUSE is that every single file in your repository should have a header that includes this information.
To serve as an example, I added the SPDX headers with copyright and license information to the copyrightable files in a few of the directories (namely all the ".py" files in the /src/pretalx folders). This should give you an idea of how comment headers should look like in a REUSE compliant repository, and how they should be added to the other source code files in your repository.
Please also check if the personal information in these headers are correct and consistent to your knowledge. In the event that there are more copyright holders, please include them in these comment headers.
LICENSES Directory in the Root of the Project Repository
The LICENSES Folder should contain the license text of every license applicable in your repository. I included in this directory the file that contained the Apache 2.0 and CC0 licenses.
Additionally, I included in this folder the text for the CC0 license. This is because you have files in your project that are not copyrightable, for example configuration files such as .gitignore. As the fundamental idea of REUSE is that all of your files will clearly have their copyright and licensing marked, I have applied the CC0 license to .gitignore, which is functionally identical to putting the file into the public domain.
Image files
Image Files
Additionally, I noticed that you have two image files ".svg" ".png" in the /assets folder. For image files, we recommend creating a .license file, where you can include the comment headers for the license and copyright information. We've added comment headers to all the .svg files in images folder and listed the project petalx contributors as the copyright holders. Please feel free to modify and update this to your needs.
I hope that you find this useful. Feel free to adopt in case you feel REUSE may help your project with copyright and licensing management. Please feel free to contact me directly at jithendra@fsfe.org if you have any questions.
Best,
Jithendra
(Free Software Foundation Europe)