Description
Proposal
While the majority of the rust-lang/rust codebase is licensed under the MIT OR Apache-2.0 license, it also contains parts licensed under different licenses, both individual files and whole projects (like LLVM). There is some documentation about that right now in the COPYRIGHT file, but that documentation is neither machine-readable nor easy to keep up to date.
This MCP proposes to add machine-readable licensing metadata using REUSE, a license metadata management tool written by FSFE, and to add metadata to our repository by adopting the metadata maintained by Debian (cc @sylvestre). The COPYRIGHT file at the root of the repository will be removed once the metadata is merged.
Having machine-readable metadata would allow to generate a list of all open-source licenses used in the Rust distribution, or to provide a list of licenses users of the Rust standard library need to adhere to. It would also simplify the work of distribution maintainers. Implementing uses of the metadata is out of scope for this MCP.
Metadata format
REUSE allows defining metadata in two ways. One is to add comments at the top of each file:
// SPDX-License-Identifier: MIT OR Apache-2.0
// SPDX-FileCopyrightText: Rust Project contributors (see https://thanks.rust-lang.org)
Another option is to add glob patterns to the .reuse/dep5 file, which follows Debian's debian/copyright file syntax:
Files: src/llvm-project/*
Copyright: LLVM contributors
Copyright: University of Illinois at Urbana-Champaign
License: NCSA AND (Apache-2.0 WITH LLVM-exception)
To reduce clutter in the repository we'll use .reuse/dep5 for annotations in most places. If a file is expected to be changed by contributors inside rust-lang/rust and uses a different license, explicit annotations will be allowed to alert the person making the change a different license applies to their change.
Initial metadata import
The initial metadata will be created using the information in:
- The
COPYRIGHTfile at the root of the repository. - The licensing annotations maintained by the Debian project.
- Issues about licensing found in the repository.
Validating the metadata
We'll add a step on CI to verify REUSE compliance. The step should not affect existing PRs as explicit annotations on each file are not required. Note that REUSE is a Python 3 tool, so checking license compliance will require the tool to be installed.
Demo
I have prepared a branch containing REUSE annotations in ferrocene:pa-reuse.
Prior art
Before December 2018, license annotations were present on top of every file in the repository, but those were removed in rust-lang/rust#57108 because they didn't serve any purpose. The decision to remove them was made in rust-lang/rust#43498.
I believe that having machine-readable annotations is beneficial for the Rust project, and this proposal reduces the clutter by concentrating most of the licensing information in a single file.
Mentors or Reviewers
If you have a reviewer or mentor in mind for this work, mention then
here. You can put your own name here if you are planning to mentor the
work.
Process
The main points of the Major Change Process are as follows:
- File an issue describing the proposal.
- A compiler team member or contributor who is knowledgeable in the area can second by writing
@rustbot second.- Finding a "second" suffices for internal changes. If however, you are proposing a new public-facing feature, such as a
-C flag, then full team check-off is required. - Compiler team members can initiate a check-off via
@rfcbot fcp mergeon either the MCP or the PR.
- Finding a "second" suffices for internal changes. If however, you are proposing a new public-facing feature, such as a
- Once an MCP is seconded, the Final Comment Period begins. If no objections are raised after 10 days, the MCP is considered approved.
You can read more about Major Change Proposals on forge.
Comments
This issue is not meant to be used for technical discussion. There is a Zulip stream for that. Use this issue to leave procedural comments, such as volunteering to review, indicating that you second the proposal (or third, etc), or raising a concern that you would like to be addressed.