Skip to content

[LICENSE] Make repository REUSE-compliant and improve copyright attribution #105

Description

@PhenChua29

Problem Statement

The current licensing state of the project on upstream/main is not compliant with the REUSE specification. While the project contains a standard LICENSE file, individual source files lack standardized, machine-readable license and copyright headers.

This creates confusion for potential downstream forks, as they must handle copyright attribution themselves, since individual file-level licensing is not declared.

Besides that, as the project grows and gains more traction from external contributors, the copyright claim in the LICENSE file has become stale — it only credits DeviceLab as the sole copyright owner. Attributing contributions to their authors is generally the right approach.

Proposed Solution

  • Make the repository fully compliant with the REUSE specification. This involves:
    1. Adding SPDX-FileCopyrightText and SPDX-License-Identifier tags to the headers of all source files.
    2. Creating .license or REUSE.toml files for binary assets or files where headers cannot be added.
    3. Creating a LICENSES/ directory and placing the correct license files there.
    4. Setting up a CI workflow to run reuse lint on all pull requests to prevent regressions.
  • Change the scope of copyright owners in the LICENSE file.
  • Optionally bump the year range in the copyright statements to reflect the addition of new code.

Use Case

  • Adopting the REUSE specification makes it trivial for developers, downstream users, and automated compliance tools to accurately determine the copyright and licensing status of every single file in the project. This is especially important for enterprise adoption and maintaining clear open-source provenance.
  • Adding the contributors to the copyright statements allows proper attribution and motivates contributors to help maintaining the project in the future.
  • Bumping the year range for copyright claims keeps the files up to date

Example

The inline headers should look like this in a Go file:

// SPDX-FileCopyrightText: 2026 DeviceLab and the Project Contributors
//
// SPDX-License-Identifier: LicenseRef-maestro-runner

As for the files that cannot be easily tagged, a REUSE.toml file is acceptable:

[[annotations]]
path = [
  "drivers/android/appium-uiautomator2-server-debug-androidTest.apk",
  "drivers/android/appium-uiautomator2-server-v9.11.1.apk",
]
SPDX-FileCopyrightText = "JS Foundation and other contributors, https://js.foundation"
SPDX-License-Identifier = "LicenseRef-appium-uiautomator2-server"

Alternatives Considered

Continuing with the current licensing approach, which relies on downstream developers manually reading and inferring the licensing of individual files. This is prone to errors, harder to track programmatically, and many problems as described above.

Additional Context

Current reuse lint summary from the latest commit on upstream/main (heavily trimmed due to the sheer number of files):

# MISSING COPYRIGHT AND LICENSING INFORMATION

The following files have no copyright and licensing information:
* .github/ISSUE_TEMPLATE/bug_report.md
* .github/ISSUE_TEMPLATE/feature_request.md
*
* <Lots of files here>
*
* pkg/uiautomator2/testing.go
* pkg/uiautomator2/types.go

The following files have no licensing information:
* drivers/ios/DevicelabIOSRunner/DevicelabIOSRunnerUITests/PrivateHeaders/XCTest/XCPointerEventPath.h
* drivers/ios/DevicelabIOSRunner/DevicelabIOSRunnerUITests/PrivateHeaders/XCTest/XCSynthesizedEventRecord.h
*
* <Lots of files here>
*
* drivers/ios/WebDriverAgent/WebDriverAgentTests/UnitTests/XCUIElementHelpersTests.m
* drivers/ios/WebDriverAgent/WebDriverAgentTests/UnitTests_tvOS/Doubles/XCUIElementDouble.h

# SUMMARY

* Bad licenses: 0
* Deprecated licenses: 0
* Licenses without file extension: 0
* Missing licenses: 0
* Unused licenses: 0
* Used licenses: 0
* Read errors: 0
* Invalid SPDX License Expressions: 0
* Files with copyright information: 419 / 783
* Files with license information: 0 / 783

Unfortunately, your project is not compliant with version 3.3 of the REUSE Specification :-(


# RECOMMENDATIONS

* Fix missing copyright/licensing information: For one or more files, the tool
  cannot find copyright and/or licensing information. You typically do this by
  adding 'SPDX-FileCopyrightText' and 'SPDX-License-Identifier' tags to each
  file. The tutorial explains additional ways to do this:
  <https://reuse.software/tutorial/>

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions