Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support REUSE Specification #362

Open
cmeessen opened this issue Oct 14, 2022 · 5 comments
Open

Support REUSE Specification #362

cmeessen opened this issue Oct 14, 2022 · 5 comments

Comments

@cmeessen
Copy link

We have been applying the REUSE Specification to the Research Software Directory to indicate copyright and individual licenses on a per-file basis. Unfortunately, howfairis does not detect licenses when they are specified according to the REUSE specification and fails.

We were wondering whether it is planned to add support for the REUSE specification?

Details about the specification can be found on their webpage under Specification.
@cmeessen cmeessen mentioned this issue Oct 14, 2022
Closed
@ChristianTackeGSI ChristianTackeGSI mentioned this issue Dec 11, 2023
Merged
@juhannc
Copy link

juhannc commented Sep 19, 2024
edited
Loading

I would also endorse supporting REUSE as it is a strong step towards clear licensing, something FAIR stands for.
R1.1 says:

(Meta)data are released with a clear and accessible data usage license.

as well as

Software and its associated metadata have independent, clear and accessible usage licenses compatible with the software dependencies.

Both guidelines can be easily achieved using REUSE instead of having a single license file.

I can understand, that checking for REUSE compliance is harder than just scaning for a single LICENSE file. But maybe it would be enough (for the beginning) to check for signs of REUSE, i.e., a LICENSES folder, a REUSE.toml, etc. In general it will probably best to offload the actual compliance check to REUSE itself, either by using their web-based check or their CLI tool reuse lint.

@fdiblen
Copy link
Member

fdiblen commented Oct 16, 2024

Thank you both for your suggestions. After reviewing the specifications, I believe the best approach is to check the REUSE.toml file for support.

@juhannc
Copy link

juhannc commented Oct 17, 2024

I believe the best approach is to check the REUSE.toml file for support.

Unfortunately, you cannot just check for the REUSE.toml file, as it is optional according to the REUSE Spec:

Licensing Information MAY be associated with a file through a REUSE.toml file

A project can be fully licensed according to the REUSE spec with just the LICENSES/ folder and all license information in the file headers. Thus, you should at least also check for the LICENSES/ folder and possibly also the DEP5 file. Still, this only indicates, that a project tries to be REUSE compliant, not that it actually is.

https://reuse.software/spec-3.2/

@cmeessen
Copy link
Author

Great to see that this issue is being picked up.

I suggest to check the error code of reuse lint when running it in the root directory of the repository. If the error code is 0, the repository is reuse compliant.

@juhannc
Copy link

juhannc commented Oct 17, 2024

Yes, that would obviously be the best solution but also require integrating reuse in this project. Calling reuse lint via a subprocess is not a very nice solution, it's not very pythonic and could create new security issues. Instead I think a minimal reimplementation of their cli would probably be the best solution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fdiblen @cmeessen @juhannc