Problem Statement
The current licensing state of the project on upstream/main is not compliant with the REUSE specification. While the project contains a standard LICENSE file, individual source files lack standardized, machine-readable license and copyright headers.
This creates confusion for potential downstream forks, as they must handle copyright attribution themselves, since individual file-level licensing is not declared.
Besides that, as the project grows and gains more traction from external contributors, the copyright claim in the LICENSE file has become stale — it only credits DeviceLab as the sole copyright owner. Attributing contributions to their authors is generally the right approach.
Proposed Solution
- Make the repository fully compliant with the REUSE specification. This involves:
- Adding
SPDX-FileCopyrightText and SPDX-License-Identifier tags to the headers of all source files.
- Creating
.license or REUSE.toml files for binary assets or files where headers cannot be added.
- Creating a
LICENSES/ directory and placing the correct license files there.
- Setting up a CI workflow to run
reuse lint on all pull requests to prevent regressions.
- Change the scope of copyright owners in the
LICENSE file.
- Optionally bump the year range in the copyright statements to reflect the addition of new code.
Use Case
- Adopting the REUSE specification makes it trivial for developers, downstream users, and automated compliance tools to accurately determine the copyright and licensing status of every single file in the project. This is especially important for enterprise adoption and maintaining clear open-source provenance.
- Adding the contributors to the copyright statements allows proper attribution and motivates contributors to help maintaining the project in the future.
- Bumping the year range for copyright claims keeps the files up to date
Example
The inline headers should look like this in a Go file:
// SPDX-FileCopyrightText: 2026 DeviceLab and the Project Contributors
//
// SPDX-License-Identifier: LicenseRef-maestro-runner
As for the files that cannot be easily tagged, a REUSE.toml file is acceptable:
[[annotations]]
path = [
"drivers/android/appium-uiautomator2-server-debug-androidTest.apk",
"drivers/android/appium-uiautomator2-server-v9.11.1.apk",
]
SPDX-FileCopyrightText = "JS Foundation and other contributors, https://js.foundation"
SPDX-License-Identifier = "LicenseRef-appium-uiautomator2-server"
Alternatives Considered
Continuing with the current licensing approach, which relies on downstream developers manually reading and inferring the licensing of individual files. This is prone to errors, harder to track programmatically, and many problems as described above.
Additional Context
Current reuse lint summary from the latest commit on upstream/main (heavily trimmed due to the sheer number of files):
# MISSING COPYRIGHT AND LICENSING INFORMATION
The following files have no copyright and licensing information:
* .github/ISSUE_TEMPLATE/bug_report.md
* .github/ISSUE_TEMPLATE/feature_request.md
*
* <Lots of files here>
*
* pkg/uiautomator2/testing.go
* pkg/uiautomator2/types.go
The following files have no licensing information:
* drivers/ios/DevicelabIOSRunner/DevicelabIOSRunnerUITests/PrivateHeaders/XCTest/XCPointerEventPath.h
* drivers/ios/DevicelabIOSRunner/DevicelabIOSRunnerUITests/PrivateHeaders/XCTest/XCSynthesizedEventRecord.h
*
* <Lots of files here>
*
* drivers/ios/WebDriverAgent/WebDriverAgentTests/UnitTests/XCUIElementHelpersTests.m
* drivers/ios/WebDriverAgent/WebDriverAgentTests/UnitTests_tvOS/Doubles/XCUIElementDouble.h
# SUMMARY
* Bad licenses: 0
* Deprecated licenses: 0
* Licenses without file extension: 0
* Missing licenses: 0
* Unused licenses: 0
* Used licenses: 0
* Read errors: 0
* Invalid SPDX License Expressions: 0
* Files with copyright information: 419 / 783
* Files with license information: 0 / 783
Unfortunately, your project is not compliant with version 3.3 of the REUSE Specification :-(
# RECOMMENDATIONS
* Fix missing copyright/licensing information: For one or more files, the tool
cannot find copyright and/or licensing information. You typically do this by
adding 'SPDX-FileCopyrightText' and 'SPDX-License-Identifier' tags to each
file. The tutorial explains additional ways to do this:
<https://reuse.software/tutorial/>
Problem Statement
The current licensing state of the project on
upstream/mainis not compliant with the REUSE specification. While the project contains a standardLICENSEfile, individual source files lack standardized, machine-readable license and copyright headers.This creates confusion for potential downstream forks, as they must handle copyright attribution themselves, since individual file-level licensing is not declared.
Besides that, as the project grows and gains more traction from external contributors, the copyright claim in the
LICENSEfile has become stale — it only creditsDeviceLabas the sole copyright owner. Attributing contributions to their authors is generally the right approach.Proposed Solution
SPDX-FileCopyrightTextandSPDX-License-Identifiertags to the headers of all source files..licenseorREUSE.tomlfiles for binary assets or files where headers cannot be added.LICENSES/directory and placing the correct license files there.reuse linton all pull requests to prevent regressions.LICENSEfile.Use Case
Example
The inline headers should look like this in a Go file:
As for the files that cannot be easily tagged, a
REUSE.tomlfile is acceptable:Alternatives Considered
Continuing with the current licensing approach, which relies on downstream developers manually reading and inferring the licensing of individual files. This is prone to errors, harder to track programmatically, and many problems as described above.
Additional Context
Current
reuse lintsummary from the latest commit onupstream/main(heavily trimmed due to the sheer number of files):