Hi all,

At REUSE, we found some time to wrap our brains around this issue again.

~ Gary O'Neall [2020-06-05 19:58 +0200]:

You could use the SPDX term "LicenseInfoInSnippet" since you are
including the license information directly in the copied snippet.
I've always treated this similar to the declared license for packages.

In terms of marking the start and end of the snippet, I don't know of
any existing SPDX tags that would help. Within the SPDX document, we
use a byte range. This would be rather impractical within the file
containing the snippets. The proposal in the referenced thread of
using a tag at the start and end of the snippet range looks like it
would work.

Thanks for the suggestions. I think what we need is a consensus on 1.
how to mark the begin/end of a snippet, 2. how to mark copyright, and
3. how to mark the license of this snippet [^1].

1. We would both be fine with REUSE-Snippet-Begin, REUSE-SnippetBegin,
SPDX-Snippet-Begin or SPDX-SnippetBegin, and Snippet(-)End
respectively. Would SPDX want to introduce such a tag as an addition
to the existing Snippet information in the near future, or should
REUSE take the initiative here?

2. For copyright, we would prefer SPDX-SnippetCopyrightText as an
equivalent to SPDX-FileCopyrightText

3. For license, we would prefer SPDX-License-Identifier. This is the tag
people use for declaring licensing of their files, but it could be
applicable for snippets as well, so in their enclosed context.

SPDX-LicenseInfoInSnippet might be the "official" way how to do it,
but to be brutally honest, I find this counter-intuitive and very
hard to memorise. I know that License-Identifier has become the
unloved child for a few people because of the lack of CamelCase and
clear context e.g. to files, but it's already out there, well-known,
and accepted. So I would suggest to use it for snippets as well.


Another question was raised regarding nesting of snippets, so the
strange case when a third-party code that I would like to use as a
snippet would contain a third-party snippet already. In this case, to
also be compatible with the current SPDX info on snippets, we would
suggest to not allow nested snippets but instead mandate that a snippet
has to end in order for the next snippet to be able to begin. Would you
agree?


Looking forward to your replies and a constructive discussion!

Best,
Max



[^1]: To James' concerns: I would like to ignore the potential license
compliance problems with snippets carrying incompatible licenses for
this thread. Let's discuss first how devs can actually communicate that
they've used a third-party snippet and under which conditions, before we
think about how compliance might have to be handled in various (edge)
cases.

--
Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom: https://fsfe.org/join