From kde-community Wed Nov 18 19:49:21 2020 From: Andreas Cord-Landwehr Date: Wed, 18 Nov 2020 19:49:21 +0000 To: kde-community Subject: Re: [OT] Opinions about licensing approach for permissive/weak-copyleft projects Message-Id: <3352735.44csPzL39Z () weatherwax> X-MARC-Message: https://marc.info/?l=kde-community&m=160572898431180 On Dienstag, 17. November 2020 19:27:32 CET Filipe Saraiva wrote: > Dear kommunity, > > I am on the reviewing process of a paper submission about open source > licensing, and one of the reviewers has one concern that I would like to > discuss it a bit further with you. The paper is not directly related to > KDE, but I am writing to this mailing list to get some opinions from my > KDE friends, in particular, due to your experience with open source > licensing. > > The reviewer proposes an approach for software licensing. In summary, > s/he believes that if the project is using exclusively permissive or > weak copyleft licenses, there is no need to put a license for the entire > project. > > On his/her words: "You don't need to specify a package-level license. > What you can do is put a "default" license to your package which would > mean that in the absence of a license in a file, that file would be > under this license. This allows not having to specify the license in all > files (although that is the recommended way of doing things). Note that > this default license should be permissive or weak copyleft." > > I understand that his/her suggestions make sense (this would allow novel > tools to improve license visualization, like that color bar that GitHub > uses for programming languages could be used), but I also wonder > whether this would make sense in practice (this would require that all > source code files are properly licensed). > > I have my own opinions, but I would like to hear the kommunity about > your feelings on that proposal and possible advantages/disadvantages. Hi Filipe, in my opinion the main question is: How can the distributor of the packages, which are created out of the source code, select a compatible outbound license for the project artifacts? I think it is crucial that the documented licenses of the individual sources can be interpret in a way that allows deducing such an outbound license. This could be achieved by using a default license and stating explicitly that only deviations to the default license are marked (note that we are doing this differently by following the https://reuse.software spec and recommendations to state a license for any source file). But still, you have to do any statements regardless if the project is permissive, weak copyleft or copyleft, in order to give the user of the package guidance for their legal obligations. However, in many KDE projects we are in the process of removing the COPYING files, because they often give a misleading understand to package users, that it is the outbound license. Instead, we use a LICENSES/ folder with a collection of all licence tests of licenses in the project (also according to the REUSE spec). Still, what would be a major gain for the future, would be a simple, machine-readible and standardized way to state outbound licenses... Cheers, Andreas