[00:00.000 --> 00:07.000]  Next up, review.
[00:07.000 --> 00:18.000]  Hello everybody, can everybody hear me okay in the back?
[00:18.000 --> 00:28.000]  Then I'll speak up like this, okay?
[00:28.000 --> 00:30.000]  Okay, perfect.
[00:30.000 --> 00:32.000]  So I'm going to give a talk about reuse.
[00:32.000 --> 00:33.000]  I'm Linus.
[00:33.000 --> 00:37.000]  I work for the Free Software Foundation Europe as a CIS admin
[00:37.000 --> 00:43.000]  and I'm also one of the maintainers of the reuse tool.
[00:43.000 --> 00:49.000]  And so this tool, so since this is the S-bomb deaf room,
[00:49.000 --> 00:52.000]  I need to relate what we do with reuse to S-bomb somehow.
[00:52.000 --> 00:55.000]  And I think the catchphrase or what I want you to take away
[00:55.000 --> 01:00.000]  from this presentation today is that if you want to have nice S-bomb
[01:00.000 --> 01:04.000]  downstream, you should push everybody to use reuse upstream
[01:04.000 --> 01:07.000]  because it makes everything else much, much easier.
[01:07.000 --> 01:11.000]  Or just how reuse makes everybody's life a bit easier.
[01:11.000 --> 01:15.000]  So typically with free and open source software,
[01:15.000 --> 01:20.000]  you have compliance issues when it comes to license and copyright.
[01:20.000 --> 01:25.000]  There's missing information about license and copyright holders
[01:25.000 --> 01:28.000]  of your own code and of third party code
[01:28.000 --> 01:30.000]  that you might use in your application.
[01:30.000 --> 01:34.000]  There's license ambiguity, so for example if there's just,
[01:34.000 --> 01:37.000]  it says GPL but you don't know which version.
[01:37.000 --> 01:41.000]  And often when there's somebody taking the time to put
[01:41.000 --> 01:44.000]  all the information there, it's stored in a silo
[01:44.000 --> 01:47.000]  and it's not actually where the code is.
[01:47.000 --> 01:52.000]  And often another thing is that when you change something
[01:52.000 --> 01:56.000]  in the code you should or you have a new contributor coming on,
[01:56.000 --> 01:58.000]  then you need to change everything again.
[01:58.000 --> 02:02.000]  Developers also need a lot of training if there's custom solutions
[02:02.000 --> 02:07.000]  and there might also be conflicting compliance practices.
[02:07.000 --> 02:13.000]  So we thought like why can't we solve these issues here
[02:13.000 --> 02:17.000]  up the stream so that when the water flows down
[02:17.000 --> 02:20.000]  to everybody else who's consuming license and copyright information
[02:20.000 --> 02:26.000]  of source code has just an easier time digesting them.
[02:26.000 --> 02:30.000]  So reuse is based on a couple of principles.
[02:30.000 --> 02:35.000]  It should be easy for copyright and licensing information.
[02:35.000 --> 02:37.000]  Everybody should be able to find this easily,
[02:37.000 --> 02:40.000]  so it should be in the file that it applies to
[02:40.000 --> 02:43.000]  if that's possible, like of course with a binary file
[02:43.000 --> 02:45.000]  that's not possible, but if it's plain text
[02:45.000 --> 02:48.000]  that's possible and then it should go in there.
[02:48.000 --> 02:52.000]  Silo's should be avoided and all the licensing copyright
[02:52.000 --> 02:55.000]  information should be stored in the repo.
[02:55.000 --> 02:59.000]  And that info should be readable by humans and machines alike.
[02:59.000 --> 03:03.000]  We also do not want to reinvent the wheel if we don't have to,
[03:03.000 --> 03:09.000]  so yeah, we try to be compatible, as compatible as possible.
[03:09.000 --> 03:14.000]  And also licensing should be easy and fun.
[03:14.000 --> 03:23.000]  And yeah, so we try to do that.
[03:23.000 --> 03:27.000]  You can decide whether we manage, but at least we try.
[03:27.000 --> 03:29.000]  So there's three simple steps to using reuse.
[03:29.000 --> 03:32.000]  First you choose and provide the license.
[03:32.000 --> 03:36.000]  Reuse does it with a nice little dialogue for you
[03:36.000 --> 03:40.000]  when you start it up the first time, I can show you later.
[03:40.000 --> 03:42.000]  Then you add copyright and licensing information,
[03:42.000 --> 03:45.000]  preferably to every file.
[03:45.000 --> 03:49.000]  And then we have a range of tooling that allows you
[03:49.000 --> 03:51.000]  to confirm this reuse compliance,
[03:51.000 --> 03:53.000]  either in a pre-commit hook, in CI,
[03:53.000 --> 03:57.000]  and of course locally on your machine.
[03:57.000 --> 04:00.000]  So I'll go through this quick.
[04:00.000 --> 04:01.000]  Maybe just a quick show of hands.
[04:01.000 --> 04:04.000]  Who has heard of reuse before?
[04:04.000 --> 04:06.000]  Okay, so I'm preaching to the choir.
[04:06.000 --> 04:08.000]  Who has used it before?
[04:08.000 --> 04:11.000]  There's plenty of people on it before.
[04:11.000 --> 04:17.000]  Okay, so I'll go through this rather quickly.
[04:17.000 --> 04:20.000]  One thing that we do is we save license text
[04:20.000 --> 04:23.000]  in a licenses directory.
[04:23.000 --> 04:27.000]  I'll make a quick shout out to GitHub later about this.
[04:27.000 --> 04:32.000]  Then reuse names after the SPDX license identifier,
[04:32.000 --> 04:36.000]  and then they're stored in the licenses repository.
[04:36.000 --> 04:41.000]  Then the copyright and license information is added to every file.
[04:41.000 --> 04:45.000]  Then it looks roughly like that.
[04:45.000 --> 04:49.000]  And then if you have uncommentable files,
[04:49.000 --> 04:55.000]  binary files, images, or executables or whatever,
[04:55.000 --> 04:57.000]  then you can do a separate license file,
[04:57.000 --> 04:59.000]  which is a plain text file,
[04:59.000 --> 05:01.000]  which refers back to that uncommentable file,
[05:01.000 --> 05:04.000]  which then contains this information.
[05:04.000 --> 05:11.000]  And also you can use a.deb5 file in.reuse directory.
[05:11.000 --> 05:13.000]  This is about to change soon, hopefully,
[05:13.000 --> 05:16.000]  because we are going to develop our own reuse YAML,
[05:16.000 --> 05:19.000]  which sits at the root of the repository,
[05:19.000 --> 05:23.000]  where you can define this type of information
[05:23.000 --> 05:26.000]  for uncommentable files or for whole directories,
[05:26.000 --> 05:29.000]  much easier than with.deb5.
[05:29.000 --> 05:32.000]  And then the third step is you confirm
[05:32.000 --> 05:36.000]  that you're actually compliant with reuse.
[05:36.000 --> 05:40.000]  What are the components of reuse?
[05:40.000 --> 05:46.000]  One thing is a spec where we pretty clearly try to state
[05:46.000 --> 05:49.000]  how licensing information and copyright information
[05:49.000 --> 05:51.000]  should be added to source code.
[05:51.000 --> 05:56.000]  Then there's a helper tool, the reuse tool,
[05:56.000 --> 05:59.000]  the reuse CLI tool.
[05:59.000 --> 06:01.000]  Then there's a very good tutorial in FAQ
[06:01.000 --> 06:05.000]  that you can look into to answer very basic questions
[06:05.000 --> 06:08.000]  about licensing, but also some advanced stuff.
[06:08.000 --> 06:11.000]  And then there's an API where you can sign up your project
[06:11.000 --> 06:16.000]  and then get a nice badge who doesn't like badges.
[06:16.000 --> 06:20.000]  So I've already said that we store the licenses in a
[06:20.000 --> 06:23.000]  licenses directory, so the UI of GitHub, for example,
[06:23.000 --> 06:25.000]  still doesn't pick that up properly.
[06:25.000 --> 06:27.000]  That would be very cool if that happens.
[06:27.000 --> 06:29.000]  It's not very hard.
[06:29.000 --> 06:34.000]  And the rest of that, in the interest of time,
[06:34.000 --> 06:36.000]  I'll skip over that.
[06:36.000 --> 06:41.000]  So now I'll just show you really, really quick,
[06:41.000 --> 06:46.000]  because I have five minutes left, I think,
[06:46.000 --> 06:51.000]  how this works, how this looks in practice.
[06:51.000 --> 06:55.000]  So here is the text size OK for everybody in the back.
[06:55.000 --> 06:58.000]  So here I'm in a non-compliant repo,
[06:58.000 --> 07:02.000]  and I can run reuse lint to confirm that I'm not compliant.
[07:02.000 --> 07:04.000]  I have 6,000 in this repo, and none of them
[07:04.000 --> 07:06.000]  have any copyright or licensing information.
[07:06.000 --> 07:07.000]  That's not cool.
[07:07.000 --> 07:10.000]  So I can just run reuse in it.
[07:10.000 --> 07:13.000]  And now I'm asked to provide licenses,
[07:13.000 --> 07:20.000]  so usually I use something like CCO 1.0.
[07:20.000 --> 07:27.000]  For just configuration files and stuff like that,
[07:27.000 --> 07:36.000]  then we could set GPL.
[07:36.000 --> 07:47.000]  And then did you mean IRGP?
[07:47.000 --> 07:50.000]  And then just call that example.
[07:50.000 --> 07:53.000]  That doesn't matter.
[07:53.000 --> 07:55.000]  So now we see it downloaded the licenses
[07:55.000 --> 07:57.000]  and it created that file file for us.
[07:57.000 --> 07:59.000]  Like I said, this will change.
[07:59.000 --> 08:04.000]  And now I can start adding license information
[08:04.000 --> 08:06.000]  to certain files.
[08:06.000 --> 08:09.000]  So for example, now I can add the license CC0
[08:09.000 --> 08:12.000]  to my gitignore file, for example.
[08:12.000 --> 08:15.000]  I can run reuse lint to see what's changed.
[08:15.000 --> 08:20.000]  And I see now I have one file with correct copyright information.
[08:20.000 --> 08:24.000]  And I could now continue doing that for the rest of the files.
[08:24.000 --> 08:29.000]  But I hope you get the idea that it's a tool
[08:29.000 --> 08:31.000]  that really simplifies this process.
[08:31.000 --> 08:33.000]  And then you can put the reuse lint checks
[08:33.000 --> 08:35.000]  in your pre-commit hooks.
[08:35.000 --> 08:37.000]  They're very terse.
[08:37.000 --> 08:42.000]  They basically look like this.
[08:42.000 --> 08:46.000]  That's all you have to do.
[08:46.000 --> 08:48.000]  And then run pre-commit install.
[08:48.000 --> 08:52.000]  And then before you commit, it does the reuse lint check.
[08:52.000 --> 08:54.000]  So it's very, very simple.
[08:54.000 --> 08:58.000]  It's very straightforward.
[08:58.000 --> 09:00.000]  I had to jump through this a little bit
[09:00.000 --> 09:01.000]  because I don't have that much time.
[09:01.000 --> 09:03.000]  I just realized.
[09:03.000 --> 09:06.000]  So the ongoing development is, of course, the tool.
[09:06.000 --> 09:09.000]  And it's all free and open source.
[09:09.000 --> 09:12.000]  And so you can contribute as much as you like.
[09:12.000 --> 09:15.000]  And we are very happy about everybody who contributes.
[09:15.000 --> 09:19.000]  And then there's an API, which is all fully open source
[09:19.000 --> 09:21.000]  and free software.
[09:21.000 --> 09:24.000]  We have a specification which will be extended
[09:24.000 --> 09:27.000]  with reuse YAML really, really soon.
[09:27.000 --> 09:30.000]  We hope that we can do some better integration,
[09:30.000 --> 09:33.000]  especially with Git forages in the future,
[09:33.000 --> 09:35.000]  that the UI shows you which licenses you have
[09:35.000 --> 09:37.000]  in the repository right away.
[09:37.000 --> 09:39.000]  And we want to spread.
[09:39.000 --> 09:41.000]  And you can, of course, help us with that.
[09:41.000 --> 09:43.000]  So who uses reuse?
[09:43.000 --> 09:47.000]  At the moment, we have over 1,400 projects signed up
[09:47.000 --> 09:51.000]  that use our API that have cumulatively more than 80,000
[09:51.000 --> 09:54.000]  stars on GitHub.
[09:54.000 --> 09:57.000]  Then there's stuff that lives on other forages like KDE
[09:57.000 --> 10:00.000]  and the framework that uses reuse.
[10:00.000 --> 10:03.000]  CURL became reuse compliant as WebLate,
[10:03.000 --> 10:06.000]  a really cool translation product that recently became
[10:06.000 --> 10:07.000]  compliant.
[10:07.000 --> 10:09.000]  GNU Health Project, which is an awesome project,
[10:09.000 --> 10:12.000]  the Corona 1 app in Germany.
[10:12.000 --> 10:15.000]  And the Linux kernel is trying to become reuse compliant.
[10:15.000 --> 10:18.000]  We'll take a while.
[10:18.000 --> 10:23.000]  And yeah, so feel free to check this.
[10:23.000 --> 10:26.000]  I will upload the slides, and then you have all the links.
[10:26.000 --> 10:30.000]  If you want to participate, sign up to the mailing list,
[10:30.000 --> 10:35.000]  ask questions, create issues, make one of your own projects
[10:35.000 --> 10:36.000]  reuse compliant.
[10:36.000 --> 10:37.000]  It's really easy.
[10:37.000 --> 10:40.000]  Integrate reuse into your community and compliance
[10:40.000 --> 10:41.000]  policies.
[10:41.000 --> 10:43.000]  Help others adopt reuse.
[10:43.000 --> 10:46.000]  Here, I linked the developer section of the website,
[10:46.000 --> 10:49.000]  which is really the best way to get started really,
[10:49.000 --> 10:50.000]  really quickly.
[10:50.000 --> 10:54.000]  And yeah, I don't know, do I have time for questions?
[10:54.000 --> 10:55.000]  Two minutes.
[10:55.000 --> 10:56.000]  Two minutes.
[10:56.000 --> 10:57.000]  Maybe I can take one.
[10:57.000 --> 10:59.000]  I also just a quick note.
[10:59.000 --> 11:00.000]  Carmen is here.
[11:00.000 --> 11:04.000]  She's one of the main creators of reuse.
[11:04.000 --> 11:08.000]  So we'll also be happy to answer questions afterwards.
[11:08.000 --> 11:10.000]  I'll take one now.
[11:10.000 --> 11:13.000]  What does bad license mean in the Linux app?
[11:13.000 --> 11:14.000]  A bad license?
[11:14.000 --> 11:15.000]  Yes.
[11:15.000 --> 11:19.000]  The linter shows in the header the first one is bad licenses.
[11:19.000 --> 11:20.000]  I think.
[11:20.000 --> 11:21.000]  It's not an SPDX license.
[11:21.000 --> 11:22.000]  Ah, yeah.
[11:22.000 --> 11:26.000]  It's not an SPDX license.
[11:26.000 --> 11:28.000]  What does bad license mean?
[11:28.000 --> 11:33.000]  And it means that it's not an actual SPDX license.
[11:33.000 --> 11:35.000]  Yeah, but just on, yeah.
[11:35.000 --> 11:37.000]  How do you handle custom licenses?
[11:37.000 --> 11:38.000]  Yes.
[11:38.000 --> 11:41.000]  I don't think we handle them at all.
[11:41.000 --> 11:42.000]  Yeah.
[11:42.000 --> 11:46.000]  You can make a custom license, license ref.
[11:46.000 --> 11:47.000]  Ah, OK.
[11:47.000 --> 11:48.000]  Yeah.
[11:48.000 --> 11:52.000]  So you can make a custom license ref within SPDX.
[11:52.000 --> 11:54.000]  So that SPDX allows you to do that.
[11:54.000 --> 11:59.000]  And then the reuse tool follows that.
[11:59.000 --> 12:00.000]  Yeah.
[12:00.000 --> 12:01.000]  Sorry.
[12:01.000 --> 12:02.000]  Only 15 minutes.
[12:02.000 --> 12:03.000]  Sorry.