Support adding a license notice using the add-header command

[nicorikken]

I like the idea of adding a license notice on each file, next to the copyright information and SPDX license identifier. I'm not sure how others think about this, whether this is common practice. I have worked around this by creating a custom template that includes the license notice. In case of the Mozilla Public License v2.0 this comes down to:

{% for copyright_line in copyright_lines %}
{{ copyright_line }}
{% endfor %}

{% for expression in spdx_expressions %}
SPDX-License-Identifier: {{ expression }}
{% endfor %}

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at https://mozilla.org/MPL/2.0/.

It would be nice if this would be included in the addheader command, using an --license-notice flag or similar, so the notices will be added corresponding to the licenses.

What do you think about this idea?

[mxmehl]

Thanks for the suggestion. I see these issues:

• The proposed SPDX tags – and license identifiers in particular – frees to from the burden to write these license notices. Many people prefer that so that their file headers look clean.
• In the Linux community, they found a myriad of different notices for the same license. So I wouldn't even know how to identify the correct notice for each of the SPDX licenses, and to my knowledge, there is no such source.

[nicorikken]

The proposed SPDX tags – and license identifiers in particular – frees to from the burden to write these license notices. Many people prefer that so that their file headers look clean.

I wasn't sure about this, that's why I assumed having both would be better. Somehow an SPDX header seems so minimal, which is great and clean and all. I think I just have to get used to it, rather than the more verbose license notice :slightly_smiling_face:

I'll close this issue then, because it can already be achieved as demonstrated, and it is better to keep reuse-tool as simple as possible.

[TechnologyClassroom]

Based on the usage doc, the proper way to handle this would be with a different template file. Would it make sense to ship a new template templates/fullheader.jinja2 with common license headers and enable the new template with --template=fullheader?

The example in the doc is for adding a full header when spdx matches GPL-3.0-or-later. All of the GPL variants are explicitly stated at the bottom of the license.

[mxmehl]

@TechnologyClassroom Thank you for your suggestion. However, I'd prefer not to. We follow the latest SPDX license identifiers and expressions – which is totally crucial – but I would not like us to have us follow different sources of license notice headers thta may do changes without announcing them properly (as I said, just for the GPL-2.0-only there are many of these, and often they came from the same official source).

As written above, SPDX license identifiers are something REUSE pushes for. Shipping notice headers that we actually want to replace by unambiguous information feels a bit... counter-intuitive ;)

[TechnologyClassroom]

Adding an optional command for full headers would not be the default, but it would be a nice feature for those that want to follow the suggestion of their license. I am imagining an and situation instead of an or situation.

This seems like an odd stance to take as the FSFE. I work at the FSF.

[TechnologyClassroom]

According to spdx doc under "Standard license headers":

When a license defines a recommended notice to attach to files under that license (sometimes called a “standard header”), the SPDX project recommends that the standard header be included in the files, in addition to an SPDX ID.

[mxmehl]

I looked for a reliable source for these headers and found that they are actually available in https://github.com/spdx/license-list-data/ (e.g. as standardLicenseHeader in the json format).

That would relief us from maintaining this on our own. Opening again if someone wants to take a shot.

[goneall]

Just adding a note that there are couple different ways to fetch the structured license data from SPDX:

1. from the git repo in JSON format https://github.com/spdx/license-list-data/tree/v3.14/json
2. from the git repo in RDF/XML, RDF/Turttle, and RDF/JSON-LD formats
3. In JSON format over HTTPS at https://spdx.org/licenses/
4. In RDFa format over HTTPS at https://spdx.org/licenses/

If using 1 or 2, I strongly encourage you to use the release tags and not master as the license data is not fully stable until release.

Options 3 and 4 always fetch the latest release version of the license list. To fetch the details using option 3 (my personal favorite option), fetch the JSON file with the URL https://spdx.org/licenses/[SPDXLicenseId].json where [SPDXLicenseId] is the SPDX license ID. You will find a field standardLicenseHeader.