search

fsfe / reuse-tool

reuse is a tool for compliance with the REUSE recommendations.
https://reuse.software
376 stars 144 forks source link

How to lint files that only contain copyrights (but no license)? #955

Closed sschuberth closed 3 months ago

sschuberth commented 4 months ago

Some files, like a flavor of NOTICE files, deliberately only contain copyright statements, like

Copyright (C) 2022-2023 Bosch.IO GmbH
Copyright (C) 2024 Double Open Oy
Copyright (C) 2024 Robert Bosch GmbH

Now, reuse lint flags this file as

The following files have no licensing information:
* NOTICE

But if I add the following to .reuse/dep5:

Files: NOTICE
Copyright: 2022 The ORT Server Authors (See <https://github.com/eclipse-apoapsis/ort-server/blob/main/NOTICE>)
License: Apache-2.0

then reuse lint complains with

~/.local/lib/python3.12/site-packages/reuse/project.py:286: PendingDeprecationWarning: Copyright and licensing information for 'NOTICE' has been found in both 'NOTICE' and in the DEP5 file located at '.reuse/dep5'. The information for these two sources has been aggregated. In the future this behaviour will change, and you will need to explicitly enable aggregation. See <https://github.com/fsfe/reuse-tool/issues/779>. You need do nothing yet. Run with `--suppress-deprecation` to hide this warning.

So I tried to omit the Copyright: line from the .reuse/dep5 entry, but then I get

usage: reuse [-h] [--debug] [--suppress-deprecation] [--include-submodules] [--include-meson-subprojects] [--no-multiprocessing] [--root PATH] [--version]
             {annotate,download,init,lint,spdx,supported-licenses,supported-licences} ...
reuse: error: '.reuse/dep5' could not be parsed. We received the following error message: Files paragraph missing Copyright field

How am I supposed to solve this without getting any warnings / errors and without suppressing anything when running reuse lint?

nicorikken commented 4 months ago

Thanks for reporting.

For now you could add a license expression to the notice file. I wouldn't go the dep5 route.

For the future I think we should adjust reuse-tool to not check for license information in the notice file, as is it is already legal metadata. We wouldn't check the copyright and license of the dep5 file either. Let's check what others think of this.

Some relevant documentation on notice files https://www.apache.org/legal/src-headers.html#notice

sschuberth commented 4 months ago

Another simple solution would be to allow .reuse/dep5 entries that just add a license, but no copyright. That would allow to nicely just complements what's not already in the file. Unfortunately, at least to me the dep5 spec is not clear about whether the Copyright: field is mandatory to have or not, but I guess it's not.

carmenbianca commented 3 months ago

@sschuberth #779 will address this need.

Closing as duplicate. Thanks for the issue. It validates that the many many hours of work put into #863 answer a valid real-world problem.