 Welcome to FOS North. This morning we will start with Gabriel who will talk about the reuse project. So Gabriel, the stage is yours. Yeah, thank you, Iran. So thanks for having me here online. I hope everyone is staying healthy and keeping safe. To give you an introduction, my name is Gabriel. I am the legal coordinator for the Free Software Foundation Europe, EFSFE, here in Berlin. Full disclosure, I am not a developer. I am a lawyer. So my interest when working with free software is to try to ensure that the rights of individuals, both developers and users are upheld when they participate in a digital society. So the more technical aspects of coding and programming will tend to escape me and yeah, I apologize for that. The EFSFE, we are a non-profit organization that empowers users to control technology. More specifically, we advocate for the use of free software to do that. So today I would like to talk to you about two of the projects that the EFSFE is currently working on. The first project is called Reuse and this Reuse project is also a big part of the second project that I will talk about called the Next Generation Internet. So what is Reuse? Basically, Reuse is an initiative of the EFSFE that aims to make reusing software code easier for everyone. Right, so if we were all in Gothenburg right now, at this point, I would have asked for a show of hands on some questions, but since that's not really possible right now, I'm going to make some assumptions here about you all instead. So first, I'm going to assume that almost all of you have programmed code before. My second assumption is that many of you here have had the experience of releasing some code as free software before. And my final assumption is that almost everyone here has at some point or another been confused about how to properly license their free software code. Now on this third point, the fact that it's difficult for people to easily grasp how to properly license their code is a bit of a problem. Yeah, in order to maintain a thriving ecosystem of free software, in order to make sure that we are able to share our work to ensure that users of your software get to enjoy the four freedoms of free software to use, study, share, and improve, we need to make sure that your software is properly licensed. So what does this mean? This basically means that license and copyright information must be freely available for other developers to find, to understand, and to comply with when they inspect and when they want to reuse your code. And yeah, this becomes a hindrance or it becomes a roadblock to properly reusing code. And for generally just the spread of free software, when people are unsure or unaware of how to properly do this, how to properly, you know, license your code, and how to properly find this information to comply with how to properly communicate this information basically. So some of the common difficulties that people face when they try to do their free software licensing. If you look at my slide here, as you can see, my first point is where to put the information about the license that you've chosen for your software project. Now, the license that you've chosen for your software represents a freedom that you've exercised. Yeah, this is the freedom of choosing the terms on which other people can use your software. And yeah, if you've taken the effort to make this choice, if you've made the effort to pick a license, you would want to make sure that users of your software know about these terms. But where do you put this information about the license that you've chosen, so that people can easily find it, so that people can easily understand these terms that you've chosen? So do you put the full license of the full license text into your repo? Do you put it in a readme file? What exactly do you do with it? Many people are not aware of what the best thing to do here is, and it's also not immediately apparent what the best thing to do here. The next problem that people come across is what they should do if they have multiple licenses in their project. So let's take an example. Let's say that you've decided to place your code or your software project under the GPL3 license. But now you also have some documentation that's licensed under, say, a Creative Commons license. So now in your project there are two licenses. So how should you convey this information in your repo? Should you now have two license files? So the next problem, how can you make sure that people who intend to reuse your code are aware of the license that you have chosen? So if we take another example, let's say that you have used a copy left license to cover your code. Again, let's say this is the GPL3 license. This puts some obligations on a person who is reusing your code because the idea of copy left, if we put it very simply and very hastily, the idea of copy left is that someone who releases a modified version of your work has to ensure that this modified work has the same rights preserved. And so it's important that the person reusing your software has the information that your software is licensed under a copy left license so that they are informed about your choice, so that they know that they have to release a modified version of your work under the same terms that you chose it. And the last point I have on my slide here is which license does an external resource have? An external resource that you're using and who has its copyright, who owns its copyright? So being able to reuse code freely is great because we do not have to try to solve every problem ourselves. We're able to build upon solutions that others have already found. This cooperation is in the lifeblood of free software, I guess. It forms the backbone of free software, so to speak. So if you're facing a problem and you found out that another developer has already written code to solve this issue, yeah, it's a no-brainer that you would want to reuse this code solution in your own program and free software enables you to do this. But now in order to do this properly, you need to find out what license the other developer has chosen. You need to find out the terms that they've selected for their code that you now want to use in your own program. So the reuse initiative came about because we at FSFE looked at the problems that developers are facing and it's clear that there needs to be a way to make this all easier for everyone. So reuse is basically an initiative to help you free software developers. The idea behind it is to solve the problem of messy or inadequate software licensing at the very source. So this means that instead of storing copyright and licensing information somewhere else, we want to store this information as close as possible to the source file themselves. If this is the case, then it would be really difficult for someone, or a developer who wants to reuse your code, it would be very difficult for them to ignore your licensing choices and your copyright information. Now when we say storing this information close to the source, ideally this means storing the information in every file. Practically, this means that in every source code file you have your repo, you would have something like a comment header with all the practical information about your license and copyright information that you need to display. So this makes it very easy to find this information. So to achieve this, you can accomplish this in the following three simple steps. First, you choose and you provide your license. You make a conscious decision about which license you want to have to apply to your program and store the full license text inside your repo. The second step is to add your copyright and licensing information to every file. Usually that would mean that you add a comment header to every source code file containing the relevant copyright and licensing information. So files where this is not possible, for example, image files or binary files, there are alternatives to do this that we have in our reuse specifications and our reuse FAQs that you can look into. But the underlying idea is the same. It's to provide information for these files as close to the source as possible and as transparently as possible. And the last step is to confirm reuse compliance. Now this is made simple with a reuse helper tool that we have available. The tool can help to check your repository and to verify whether you have the information available for every file. Now, so right now I want to talk a little bit about the second step that I mentioned, which is adding copyright and licensing information. So as I mentioned earlier under the reuse initiative, we recommend adding a comment header containing the relevant copyright and licensing information to every source code file. So many of you might be asking, what does a comment header with this information look like then and how you should display this? So on my slide here, we have an example of a comment header which you can place in the top of your file of every file. This is an example of a good license notice and a copyright statement. So from this we can see the relevant information that you need to provide. First is your license information. So if you take a look at it, using an SPDX license identifier is a very good way to unambiguously communicate the license of your code or the code or the license that covers the code of this particular source file. So you can get this easily from the SPDX website. They have an extensive database of the licenses and their corresponding license identifiers. So just pick the one for the license that you've chosen and include the identifier in your comment header. In the example here, I again chosen the identifier for the GPL3. So the SPDX license identifier would be GPL3.0 or later and then you mark it or tag it with the phrase SPDX license identifier. The next thing you want to do is to display your copyright information. So this informs you of who the copyright holder is. Now why do we need to display this information? So copyright statements like the one that's shown, they're not always required by law, but in practice it's always very useful as proof or an indicator at least of what the copyright situation of that work is. I mean additionally, most licenses will also explicitly call for you to do this anyway to include copyright statement. On a more practical side of things, if you look at it from a more practical aspect, this also allows for easy traceability of the code. Sometimes you or others who are studying your program, you might want to reach out to the original author of the code for legal or technical reasons and so yeah this information makes it easy. So a good copyright statement should consist of the following information. Start off with the copyright sign, the C with the circle around it, and then the year of the first publication of the copyrighted text. This would be the year in which you created the file and have not modified it since. Then you include the name of the copyright holder. Typically this would mean the author, but it can also be your employer depending on the kind of agreements that you may have in place about who owns copyright of the work. So for example, if you have it in your employment contract, that anything you produce in the course of your employment, the copyright then belongs to your employer, then yeah your employer is the copyright holder and this is an important bit of information that you need to tell others about. And finally a valid contact to the copyright owner. Now a contact is not required by copyright law, but as mentioned before it's extremely useful for practical reasons. So maybe someone needs to ask the author how the code works, you might have a fix for the author that you might want to send to them, yeah so basically questions or feedback. Yeah there are many different reasons for needing to contact the author. Much of communication on the internet today still hinges on email. So the copyright holder's email address should be the first option to go to here. However, as long as the contact is easily accessible and in use for the long term, another form of contact information here would also be valid. But email is generally the best option, yeah whatever you feel most comfortable with also works. Yes. So storing this information makes sense. If there's ever a need to find the original upstream of a particular file in your code base and there are no names, there are no links, licenses etc, you know in it, then it becomes a huge pain and can get very costly. And yeah the saying is that prevention is better than cure. That's very relevant today in the current health situation, but it's also relevant for free software. It's much better to put in a little bit of effort up front to keep things transparent and accountable and most importantly orderly. Yeah it's much better to do all this stuff now than to have to do some serious digging later on when the need for it arises. So to help you apply these best practices, we've developed several components of reuse. Yeah so we have a helper tool, a helper tool that you can run to see and to check if you are reuse compliant. Not only that, the helper tool can also help you to download the full text of the license you need so you don't have to go around digging the internet for it. It also helps you to add copyright and licensing information to file hitters and contains a linter tool to help you identify problems. Of course we also work on the educational side of things. So we have a tutorial that helps you understand the how and why of reuse. So our materials basically help you help guide you through an example repository and from there you can learn how to make a repo reuse compliant while understanding the principles of reuse. We also have an FAQ that's not just for reuse and the reuse principles but also for basic licensing questions. So if you ever have a need feel like you want to understand more about software legal licensing then you know the FAQs would help you out there. Another component we have is the best practices that we've developed. These are available as formal specifications to make to try to make reuse a standard so that all free software projects can apply and follow reuse. Yeah regardless of the size of the free software project. And last but not least we also have a reuse API and with this you can quickly register your project so it's any Git repository whether it's on GitHub, GitLab or an independent Git platform you can see if it is reuse compliant. If it is it will generate a dynamic batch that you can include in your readme file so people can know that you are reuse compliant. So who's already using reuse then? Of course the FSF's repos are all reuse compliant but we've also had some multinationals that are already making use of reuse. They're setting it as the best practice for their developers and for their projects. We also have the Linux kernel which is right now 60 to 70 percent reuse compliant already. So Linux has added the license and copyright information as headers already to about 60 to 70 percent of their files. And also one of the things that we're quite happy with is that we've also introduced reuse to a large number of free software projects funded by the European Commission. These projects are funded as part of the next generation internet or the NGI initiative. So yeah if if I could just go off a little bit on a tangent here I'll talk quickly about the next generation internet initiative. So yeah this is an initiative launched by the European Commission. It aims to shape what the internet will be in the coming years. Basically what it hopes to achieve is to ensure that the internet must be a platform that embodies values that we hold dear and free in that we hold dear in a free and open society. Yeah so these values that we're talking about are values like openness, inclusivity, transparency, privacy, cooperation, security and yeah protection of data. The idea is that with these values in place the internet can be a platform that supports human rights, democracy and a more progressive and enlightened society. And I think these are very inspirational goals indeed. So how does the NGI initiative intend to do this? What it does is to provide financial and technical assistance to individual researchers and developers who are working on new technologies or software projects that have the potential to contribute to the values that I previously mentioned to these values of this new internet. At the end of the involvement with NGI the software will be made available as free software. So there are currently two actions in NGI that the FSFB is involved in, nicknamed NGI0 pet and NGI0 discovery. So the pet project it assists projects that are developing privacy and trust enhancing technologies and for the search and discovery project it assists softwares that enhance user access to search for and discover information on the internet. So it's about software that helps in consolidating databases, improving search engine capabilities, stuff like that. So how does this work for a developer of free software then? So what happens is if you're a developer of a new piece of software and you feel that your project, your software fits into the requirements of the pet or discovery programs, if you feel that it upholds these values and can improve the internet in a way that improves the respect of these values that I previously mentioned, then you can apply to join the program. Every two months the programs will evaluate the applications and accept a new batch of approved software projects. If your project is accepted then you qualify to receive funding as well as assistance from the NGI0 consortium. So it's basically a consortium of a bunch of NGOs of which the FSFB is one of the members and the other partners we have in this consortium assist with things like accessibility, security, language, translations, things like that. So what is our role and what do we assist them with? So for the FSFB our involvement is basically to provide assistance with free software licensing. In particular we want to make sure that all the successful applicants that their license information is accurate, that their licenses are compatible with one another and that they're presented in a manner that is in accordance with the best practices as established by our reuse initiative. So reuse compliance. Yeah so if you're working on a project that fits this criteria please do apply. Yeah or if you know of any developers who are working on software that fits the profiles of one of these programs please do encourage them to apply. If you know of anyone who fits the bill help spread the word about this opportunity for funding and assistance and encourage them to apply as well. I've just noticed that I've not included the website here. I do apologize for that. If you're interested please I do have my email at the end of this presentation. Please feel free to email me directly to get more information about how you can apply for this for this program. Yeah so yes let's get back off from that tangent back on to reuse. So yeah reuse is free software naturally and as such you know you can look you can inspect it you can try to improve on it. We look forward to your bug reports and your full requests if you try it out. You can also give us feedback on our specifications and our FAQs. So yeah please help us to become better and to help to help it become easier for everyone to properly do their free software licensing and yeah help us to spread the word. If you like it tell your friends tell your coworkers tell your employers yeah reuse gets stronger the more people adopt it. Yeah and the more people adopt it the easier it is the simpler it is for copyright and licensing for everyone yeah. So yes that is my presentation. If you have any questions please feel free to contact me directly here or contact us at this general contact. Thank you very much. Thank you Gabriel can you hear me? Yes I can hear you. Lovely lovely okay so I have a couple of questions here. Are you ready? Yes. Okay so the first one is there are lots of compliance tools out there like scan code, facility, ORT doing different parts of the compliance job. Where on the compliance tool map is reuse? Yeah so I guess I would say reuse isn't trying to completely replace all these other scanning tools. Now what reuse is trying to do is just to make sure that the information is displayed in a manner that is accessible to everybody. So it's trying to simplify how you should properly display your your licensing information and to put it in a manner that it's easy for everyone to understand. So it's not so much a scanning tool in and of in itself it's more a set of best practices that you should apply in order to make everything else easier for everyone else. So we do have a helpful tool that helps with making sure that you apply these best practices but the tool itself is just a way to facilitate the best practices that we're that we're talking about. So I hope that answers the question. I hope so too. Can I add two licenses to my project source code using reuse? I figure it's about do licensing a project. Yes yes you can absolutely because the idea is that in your repo when you apply the reuse best practices then you have all your licensing information conveniently available in your repo. So if you have multiple licenses then as mentioned before the licensing information is supposed to go directly as close as possible to the source. So what happens then is if you have certain aspects different parts of your repo that are licensed under different licenses then the licensing information for separate files might be different and the yeah so the idea is to make sure that each individual file has its own license commentators with the licensing information. So if you have multiple licenses in your in your repo then that is possible. It's just that it's displayed in a manner where people know exactly which aspects or which segments of your of your project are licensed under different licenses. Okay how do you recommend adding years to mark the latest copyright period comma or comma separated or using a range and does reuse support this? Generally I would say the idea of having multiple years in your copyright information is it's a common practice but to make things easier the the year in which the the last change was made would be the one that we would recommend you to do. I think that it supports having multiple years but of course that complicates things for for someone who is reusing the information and as as mentioned before the year in which you stopped modifying the the file and the year in which you have the most up-to-date version out there that should be the one that you know you put in your copyright information. So marketing probably done by proprietary compliance tools providers or service companies focus on risks of using force rather than the benefits so probably with that in mind have you gotten any negative feedback from anyone? Not so much I mean I think reuse hasn't really been as as widespread as we would like it to be so a lot of our adopters and a lot of the feedback that we get at the moment are from people who are already predisposed or inclined to be using free software which is why yeah which is why at the end of my presentation I sort of asked you to help spread the word because we would like this to become a bigger deal a bigger standard than it is yeah we haven't really heard that much from any proprietary adopters but generally the feedback that we have received from those who are already you know inclined to use free software has been positive so I I'm sorry I don't have much more for you on that one okay copyright and license scanner takes forever how quick is reuse in doing it scan? It really depends on the size of your repo so we we've had scans so we've had we've run scans on repos that have thousands of files before and that takes upwards of an hour or so but at the same time you know it it also really depends on how how well the the the repo is licensed because if every file has its comment hitters sort of there it it sort of generates and scans quite quickly I would say yeah and it depends on the size of your repository. Okay so a first one note here is that I'm using both fosology and scan code in my work and it takes quite a long time and I'm not saying that it depends on the quality of neither of the tools but reuse is doing quite a bit less than both scan code and fosology are doing so it must be quicker I figure yeah yeah it is much quicker I mean maybe maybe I shouldn't have brought up the repos of thousands of files so on a standard repo that we've been scanning five minutes three minutes it's a matter of of minutes it won't take up the better part of your day so okay and that's it for the questions so I'm leaving the mic to you one yeah and I would just like to say a big thank you to to Gabriel the the next speaker will be on at 10 so so we will have a small pause here and and we'll see you back then thank you thank you thank you