fix Qubes source code copyright / licensing declaration, machine readable copyright, use SPDX License Identifier

[adrelanos]

There are various issues with Qubes source code licensing declaration.

• Each source file needs a copyright header. I've asked FSF about that ~9 years ago by private e-mail and they said yes. Nowadays FSFE is recommending the same. Also GPL-2 license file is saying that. [1]
• rpm_spec/package-name.spec(.in) is using License: GPL instead of License: GPLv2+.
  • GPL is inot a valid license Short License identifier as per Fedora licensing guidelines ("RPM Spec"). Quote https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License:_field

  • The License: field must be filled with the appropriate license Short License identifier(s) from the "Good License" tables on the Fedora Licensing page.

• Each file debian/copyright must be duplicated to file COPYRIGHT in repository root file. (I'd suggest having a test that makes sure that these files always match.) (Must not be a symlink.)

https://www.qubes-os.org/doc/license/ is not defining the copyright for each Qubes source file either. It says nothing about the source code for repositories by Qubes.

No need to take my word for it. You could try e-mailing licensing@fsf.org (was helpful for me years ago) for confirmation or see https://reuse.software/ by FSFE.

---

On Debian, for Debian packages the linter tool lintian --pedantic is helpful to identify source code licensing / not machine readable issues.

---

[1] Quote GPLv2 license:

(File /usr/share/common-licenses/GPL-2 on Debian systems.)

            How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

  To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

[andrewdavidwong]

CC @mfc

[adrelanos]

Created https://github.com/QubesOS/qubes-doc/pull/1145 as a stopgap to clarify licensing just now.

Changed:

Qubes is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2.

to:

Qubes OS is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2.

Did that for consitency because the title above said Qubes OS. Since this is legally important, it should be consistent. Otherwise Qubes and Qubes OS could be something different, unless defined.

Added:

The source code of Qubes OS (all repositories listed on the @QubesOS account on github) is made available under the same license, unless a file LICENSE in the root of the repoistory specifies a different license.

Did that because some repositories have a LICENSE file. qubes-core-admin's LICENSE file specifies a different license, LGPG v2.1. Most repositories don't have a LICENSE file.

License clarification on the website is a good stopgap since updating at time of writing 151 repositories would be quite some work, even if just adding a LICENSE file. Let alone other things mentioned in the original issue post.

[mfc]

shall we apply to this to get help?

https://reuse.software/booster/