@how thanks for bringing it up here, you get met thinking…
Having recently used GitHub Insights and having experience using software packages, it is clear to me that the default is to have a single license per ‘artifact’, whether git repository (or rather its contents) or software package. This assumption is used by many software solutions, like Snyk (also used for LF Insights), GitHub and GitLab, and probably more. This assumption is used to provide insight in licenses of software projects, dependencies and in transient dependencies.
So as @max.mehl experiences, trying to instill the idea that more licenses might be involved is rowing against the tide. There are more and more software solutions using this assumption of a single license, so changing that base assumption will only get more difficult. Accepting this as the default, there is practical value in providing a single license per ‘artifact’ in that it would work well with existing software, this besides the theoretical value of having a neat summary on how to deal with the software.
Now to REUSE, is there a way to deal with this. Like @max.mehl I too believe a simple ‘select top license’ is not the right way. In a code repository you might have some code combined and some documentation to go with it: say
Apache-2.0 licensed code together with
GPL-3.0-or-later and some documentation licensed
GFDL-1.3-or-later. It would make sense to select the
GPL-3.0-or-later as the ‘main’ license (ignoring the adopted code which has a compatible license and ignoring the documentation license) and put it in the
LICENSE file. Not because it is the all-encompassing truth, but because it is a convenient summary for practical use.
I can see REUSE doing 2 things:
- Make sure that the license used in
LICENSE is actually represented in the code, and not an entirely different license. (I think it would already be difficult to apply an entirely different license, but I’m not entirely sure how all edge-cases are currently handled).
- Offer a prompt to the user to select one of the found licenses and apply it as the main
LICENSE. This would be similar to adding a license property to the library file, like a
But to keep things simple and preventing feature creep, REUSE could also explain in words that there is value in having a
LICENSE file, but it being out of scope for the REUSE tool.