Hi all,
I am starting a new thread, summarising a wild idea we've had when discussing how to combine the different ideas and expectations that have been raised in the threads regarding folder.license files and the deprecation of the DEP5 file.
Our suggestion would be to implement a new file: REUSE.yaml.
# Basic concept
The purpose would be quite similar to what we already do with DEP5 files [^1]: communicate copyright/licensing information for a whole (sub)directory, or also just a certain pattern, e.g. all .png files in a directory.
The first downside of DEP5 is that the tags are different from the normal SPDX/REUSE tags, and that it requires some other meta information out of REUSE's scope. The second downside is that the DEP5 file has to be stored in the .reuse/ folder, quite unintuitive and far away from the actual files.
As the name suggests, REUSE.yaml would follow the YAML syntax which is easy to read and write for humans, but it also pretty easy to parse in tools.
Another difference would be that there could be multiple REUSE.yaml files. Each one could only define the directory it is stored in, or also subdirectories or certain file patterns. So it can also serve as an alternative to the suggested folder.license files.
This would make things easier for devs and reusers alike: given that a repo contains a directory with hundreds of binary files (e.g. images), the maintainers could create a REUSE.yaml file in it. This way, copyright and licensing information is close by, but the maintainers would not have to create $file.license files for every single image, or store the bulk-information in a far-away file.
# Syntax
Now, if we went that route, we would need a rather fool-proof and easy way how to mark the REUSE information for a directory, subdirectory, or pattern. Here are four variants how to do that in YAML, but only one should be mandated by REUSE in the end:
1. Short Array: ``` - src/*: SPDX-FileCopyrightText: [ "2020 me", "© 2017 you" ] SPDX-License-Identifier: MIT ```
2. Short List: ``` - src/*: SPDX-FileCopyrightText: - 2020 Me - © 2017 You SPDX-License-Identifier: MIT ```
3. Short String: ``` - src/*: | SPDX-FileCopyrightText: 2020 Me SPDX-FileCopyrightText: © 2017 You SPDX-License-Identifier: MIT ```
4. Long: ``` - src/*: license: SPDX-License-Identifier: MIT copyright: | SPDX-FileCopyrightText: 2020 Me SPDX-FileCopyrightText: © 2017 You ```
Please help us here: what could possibly go wrong with any of these variants? Is there tooling for which you know that it would misbehave? What would make most sense to you as a user?
Also, in general, I would be pleased to learn what you think about a REUSE.yaml file that would be a preferred way how to bulk-license files.
Best, Max
[^1]: See the one of reuse-tool here as an example: https://github.com/fsfe/reuse-tool/blob/master/.reuse/dep5