jena icon indicating copy to clipboard operation
jena copied to clipboard
verified publisher icon apache

Add SPDX identifier

Open afs opened this issue 1 month ago • 4 comments

Should Jena include the SPDX-License-Identifier tag?

If done in the header for Java files, it would look like:

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 *   SPDX-License-Identifier: Apache-2.0
 */

afs avatar Nov 14 '25 17:11 afs

Yes, it would be a good idea to include SPDX-License-Identifier tag.

neumarcx avatar Nov 14 '25 17:11 neumarcx

@Claudenw - what's your impression of the current best practice across ASF?

A quick search of ASF didn't find many places where it has been adopted wholesale - not surprising - the header already has a URI for the license text in it.

Scanning tools, RAT, github et al., have to-date been working with matching "known text" and that is unlikely to go away.

afs avatar Nov 14 '25 17:11 afs

I don't understand why millions of file headers (including other projects and other licenses) need to be changed when other tools work fine with the current license texts.

Why are the SPDX project and tools placing such a heavy burden on existing projects when they could technically adapt to what already exists?

arne-bdt avatar Nov 19 '25 11:11 arne-bdt

Existing tools are fragile.

  • reformated license text
  • some licenses have text that changes (e.g. BSD, MIT include the copyright holder name)
  • use of modified licenses which take the text of an OSS license and add or change clauses, often making it not OSS
  • imprecise : GPL-2.0 != GPL-3.0 (in fact, they conflict!); "GPL 2 or later".

For modified licenses, humans scan the first part and thinks it an XYZ license when in fact it isn't.

The AL2 header is already great - it has a URI in it!

afs avatar Nov 19 '25 13:11 afs