SPDX and the KDE FLA
KDE repositories are switching over to SPDX identifiers following the REUSE.software specifications. This machine-readable form of licensing information pushes for more consistency in licensing and licensing information.
Long, long ago I wrote some kind of license-checker for KDE sources, as part of the English Breakfast Network. The world has moved on since then, and supply-chains increasingly want to know licensing details: specifically, what exact license is in use (avoiding variations in wording that have cropped up) and what license-performative actions are needed exactly (like in the BSD license family, “reproduce the Copyright notice above”).
Andreas Cord-Landwehr has been chasing license information in KDE source code recently, and has re-done tooling and overall made things better. So there’s now changes – via merge requests on our GitLab instance KDE invent – showing up.
There is one minor thing of note which I’ve discussed with him, and which bears upon the Fiduciary License Agreement (FLA) that KDE e.V. has.
The FLA is a voluntary license agreement that individual contributors can enter into, which assigns such rights (remember, Free Software leverages Copyright!) as are assignable, to the fiduciary, and the fiduciary grants a broad license back. This leverages Copyright laws again, to ensure that the fiduciary can act as copyright holder, while leaving the original contributor with (almost) all the original possibilities for using and sharing the contribution.
I’ll be giving a short talk about the FLA at this year’s online KDE Akademy, so I’ll skip a bunch of general background information.
Since I signed the FLA quite some time ago, with the intent that KDE e.V. is the fiduciary – and therefore the holder of my Copyrights in a bunch of KDE code – Andreas has been converting my statements of copyright like this:
SPDX-FileCopyrightText: 2010 KDE e.V. <kde-ev-board@kde.org>
SPDX-FileContributor: 2010 Adriaan de Groot <groot@kde.org>
I don’t hold this copyright: the KDE e.V. does. But I’m still morally the author and contributor in this file, so my name is in the file.This is a combination of SPDX tags you’ll probably see more of in the (gradual) conversion of KDE sources to using SPDX tags.
Many other projects also used SPDX statements and follow the REUSE specification: Calamares (a non-KDE project where I’m the maintainer) is slowly switching over, and I have some other projects elsewhere that are following suit. In greenfields (new) code it’s easy to stick to REUSE from the start, but retro-fitting it to an existing codebase can lead to a lot of tedious busywork, so none of my other projects have gone whole-hog over – none of them are “REUSE compliant”, so to speak.
I admire, and salute, Andreas for his dedication to improving the quality of KDE’s codebase in this (tedious and busyworky) way.
Edit 2020-06-29: salute the right name