6

I am planning to release my code under the terms of the Universal Permissive License (UPL), Version 1.0. According to UPL's FAQ, it is recommended that I include the entire text of the license at the beginning of every file that I release under the UPL. Since that is just a recommendation and the license text is rather long, I would prefer something shorter like this:

/*
 * Copyright (c) 2022 Acme Corporation
 * SPDX-License-Identifier: UPL-1.0
 */

Is the SPDX ID a sufficient replacement for the full text of the license? If not, I could add a human-readable line like this:

/*
 * Copyright (c) 2022 Acme Corporation
 * Licensed under the Universal Permissive License v1.0.
 * SPDX-License-Identifier: UPL-1.0
 */

Can I also use a similar technique for other file-based licenses such as the MIT license or BSD license? e.g.

/*
 * Copyright (c) 2022 Acme Corporation
 * SPDX-License-Identifier: BSD-3-Clause
 */

or

/*
 * Copyright (c) 2022 Acme Corporation
 * Licensed under the 3-Clause BSD License.
 * SPDX-License-Identifier: BSD-3-Clause
 */
Flux
  • 703
  • 4
  • 16
  • 1
    Many licences require the full text to be placed alongside the work. Some also accept “or in the accompanying documentation” or something like it. So, no, you cannot generally use just a licence identifier. (To do this on other media is… interesting. I place the short identifier into the copyright footer on my sheet music and the full text into the PDF metadata, as pdfattach(1)ed file; I don’t add an extra A4 sheet to the PDF so everyone does not need to print the licence when they print out the score on physical paper. As licensor, I can do that, but not for stuff I licence from others.) – mirabilos Aug 29 '22 at 15:08

2 Answers2

5

The license language states:

The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must be included in all copies or substantial portions of the Software.

In addition it says:

When referring to the license, you may link to it at https://oss.oracle.com/licenses/upl or you may also find a copy on the Open Source Initiative web site at https://opensource.org/licenses/UPL.

So no, just mentioning the SPDX license identifier is not enough to fulfill the requirements of this license. I recommend you put the SPDX identifier into each file and you add an additional LICENSE file to the project, which includes the entire language of the license.

Martin_in_AUT
  • 7,205
  • 10
  • 37
  • "I recommend you put the SPDX identifier into each file and you add an additional LICENSE file to the project, which includes the entire language of the license" — Does this mean that I can avoid having to write the full license text in every file as long as I add the SPDX identifier to every file and place a LICENSE file in the project root directory that contains the full text of the license? – Flux Aug 28 '22 at 14:17
  • @Flux Yes, this is how it is commonly done. However, if there are multiple different copyright notices in each of the files, then they need to stay where they are in each file. You should not combine those into one file. But for the full license language itself you can save the space by only having it once and have the SPDX identifier in each file. – Martin_in_AUT Aug 28 '22 at 15:23
  • 1
    "ust mentioning the SPDX license identifier is not enough to fulfill the requirements of this license" – The OP is the author. They don't need to fulfill the requirements of the license. – Jörg W Mittag Aug 28 '22 at 20:22
  • 1
    I would follow the recommendation of the FSFE to have a directory LICENSES/ with a file for each license instead of putting all of them into the same file. They even provide a tool that automates this based on the SPDX identifiers used in source files, such that you can be sure that you did not forget a license. – Philipp Wendler Aug 29 '22 at 05:58
  • 1
    @JörgWMittag From the question it is not entirely clear if the OP is the sole author of the entire code, and the OP obviously asked for recommendation how to comply with the license terms. Even if it was not strictly necessary, why would an author want to save a few bytes by not including a LICENSE file with a URL, as this would trigger an issue as soon as the code was shared or forked? – Martin_in_AUT Aug 29 '22 at 07:31
  • @Flux something important to understand is that the law is not a computer - a license header is not like a semicolon - missing one doesn't make the compiler complain at you and make the whole program stop working. If there's a copyright lawsuit, the judge(s) will look at what is in the program and try to figure out the intent, or something like that (I am not a lawyer and this is not legal advice). There are certain usual ways of writing license headers that are supposed to make the intent clear, but it's not like "violate this and your copyright is void" – user253751 Aug 29 '22 at 17:10
  • 1
    @JörgWMittag Technically, that's true, as the author, you can "violate" your license by failing to follow one or more requirements, since the license doesn't really constrain you as the author/copyright holder. However, if you do this intentionally, you're basically make your code unusable as open source, since as soon as someone tries to do something simple, such as copy and redistribute the software unmodified (required by the Open Source definition), then that redistributor has unwittingly violated the license (because the unmodified version didn't follow all the requirements). – Brandin Sep 01 '22 at 07:47
2

The text at https://oss.oracle.com/licenses/upl/#faq-7 specfically addresses when/how to use a short form:

... If using the UPL for JavaScript or other circumstances in which space is at a premium, you may use a reference to the license...

It goes on to give this example:

/*
** MyWidget version 1.0.
**
** Copyright (c) 2015 WidgetCo, Inc.
** Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
*/

You could add the SPDX tag if needed.

For completeness, I'd put the full license text in your LICENSE file.

Roger Lipscombe
  • 121
  • 2
  • 1
    Must the "reference to the license" be exactly like the example given by Oracle, or can it just be a copyright line followed by an SPDX ID line? – Flux Aug 29 '22 at 02:18
  • According to my reading of the text, you must use either the long form or the suggested short form. Just a copyright and an SPDX ID (i.e. leaving out the text) doesn't seem to be allowed. – Roger Lipscombe Aug 29 '22 at 15:52
  • Personally, I think file headers are stupid and I'd have just a single LICENSE file for the whole package, but it is what it is. – Roger Lipscombe Aug 29 '22 at 15:52
  • SPDX tags in file headers are valuable support for OSS license compliance, especially when large projects utilize 100s of libraries and developers work in line with OpenChain and likely with highly automated processes. – Martin_in_AUT Aug 30 '22 at 07:19