From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) by sourceware.org (Postfix) with ESMTPS id DF9593858D20 for ; Fri, 11 Aug 2023 18:23:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DF9593858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=Shaw.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=shaw.ca Received: from shw-obgw-4004a.ext.cloudfilter.net ([10.228.9.227]) by cmsmtp with ESMTP id ULm5qttEb6NwhUWnWqKqjJ; Fri, 11 Aug 2023 18:23:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=shaw.ca; s=s20180605; t=1691778222; bh=/DEHGyQUS5ky+WTd+MSI7H58MwFxcEXisRyDOgVh3s0=; h=Date:Reply-To:Subject:To:References:Cc:From:In-Reply-To; b=jCYWyLXiaJOJpa+PTDU0PdioS8uu6ry5zoLl30LsdXYHXNXgSMqnbQWrSFI/dad45 k+Dd3HWweWVlP//IU+VXGGdtZI/v3XKXVbDWmCG/gRFx5qbnZx7zmCMX6GIEvDqPUr E6P9SzHhJbF4r8OCdXInib0/BOejdfpdVouTGYpZdvuDjSgrY2wos3SysQHVgbACwX fBpJQMnbJ8JPkz1XlfgIRRx3a7sFp+5QP0f4uWHASPcLp1hSXU865uZLidaRZezFZd F1klDjptH13tPk7a/8C1/LQXlnZT4XiF1e5vlv11wqPE2tFW2/cRmLpbePaBJMwZAq onz/j4+o2b/xg== Received: from [10.0.0.5] ([184.64.102.149]) by cmsmtp with ESMTP id UWnVqoM8P3fOSUWnVqruVL; Fri, 11 Aug 2023 18:23:42 +0000 X-Authority-Analysis: v=2.4 cv=J8G5USrS c=1 sm=1 tr=0 ts=64d67cae a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17 a=IkcTkHD0fZMA:10 a=aSdD7ybR7hlyKNPvUnIA:9 a=QEXdDO2ut3YA:10 Message-ID: Date: Fri, 11 Aug 2023 12:23:41 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 Reply-To: newlib@sourceware.org Subject: Re: (was: Newlib copyright review) and SPDX tagging to REUSE spec RFC Content-Language: en-CA To: newlib@sourceware.org References: Cc: John Scott From: Brian Inglis Organization: Inglis In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfMF22s0xadrrE5BzGwj9n7DUDIFB4hEAcskOlAce2P6eVGIMTrzgqVgK0/yp6Czb15TFu4bK3jyvgcHiEjetN/kmXuCUmFIr6+LbD4FcBb6nCqS4hikv hGWfKtubvvyo27oIJLGyicVLVueQbpT+X3D6uDCkfmCqOu+9RVXiA1pynTjbNOI25xC/CkXi9PE/2WiVxDzq91aZCXe/pDwuA/x31+P5lAvWG8NfI0QRoAkM X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-08-11 06:14, John Scott wrote: > I'm re-doing the packaging of Newlib for Debian, and that means I'm doing a full-blown copyright review where I'm recording the copyright holders and license terms for every last file. It would be a shame if folks in other distros had to duplicate my effort. I was thinking, if I'm going to be doing this anyway perhaps I can upstream my efforts and make Newlib comply with the REUSE specification? > > If you haven't heard of it, REUSE uses SPDX-FileCopyrightText and SPDX-License-Identifier to make all the copyright and license information machine-readable. It's a specification from the Free Software Foundation Europe. If you're okay with me doing this, please let me know whether you want these tags to replace the existing copyright and license notices, or to be in addition to them and tagged on to what's already there. > > If you're not interested, please let me know so I know to resume my efforts in Debian. But I'm offering to put in all of the work and since Newlib has so many different copyright holders and licenses it seems like you could really benefit. You may want to resend this as a newlib RFC, similar to my subject change, adding some of the info below. You could provide a few links to REUSE (try web searching that!) and SPDX materials to explain what you are doing to those who have not yet encountered the REUSE and SPDX projects and tools. REUSE specifies the outdated 7 year old SPDX 2.1 spec: will newer versions (currently 2.3) be allowed and supported? [SPDX are still discussing Data License which is a bone of contention for commercial contributors, of which there are many in newlib.] Are you okay with providing your changes, including any REUSE and SPDX cataloguing documents you may create which apply to the project, under some non-GPL licence attribution, that allows the library to continue to be used by contributing and other corps for their commercial purposes? Could you please outline any changes that you contemplate making to the document tree, such as LICENSES, REUSE, SPDX, etc. directory additions and likely contents? Are you using one of the SPDX tools to match the licence texts, as the variations in BSD, MIT, and Verbatim licences can be confusing, and even when it states a name, it may be called something else by SPDX? Could you please document the sources of these tools and how you intend to use them? What do you plan to do about uncatalogued licence texts: submit them to SPDX for review and (re-)naming, and/or just create a LicenseRef-Debian-NAME or (preferably?) LicenseRef-newlib-NAME or ExceptionRef-newlib-NAME placeholder? Any other considerations from those involved in licensing and cataloguing? Would probably be okay if you just added any SPDX-License-Identifier: ... below the existing licence text, then folks can see how it goes. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry