Checking open license texts

Here are two tools for checking license texts if you have some legal text and you want to confirm that it has been correctly reproduced and is indeed legitimate.

SPDX stands for Software Package Data Exchange and is a project for expressing information about software packages, including the public licenses they carry. The project defines standard SPDX identifiers for these licenses, for example Apache‑2.0. The project maintains a list of such licenses – which also cover data, content, and hardware in addition to software:

Some license auditors recommend using the first tool first and accepting a 100% match. And if for some reason, the match is only partial, using the second tool to obtain a yes/no confirmation.

SPDX License Diff

The first tool is a browser plugin where you highlight the text of a license and the plugin will look for the closest match contained the aforementioned SPDX License List. The tool is normally quite fast. The tool is designed to implement the SPDX Matching Guidelines, which means that complete matches should be secure. Partial matches can then be evaluated by the user, given they have sufficient knowledge of licensing practices. So unlike the tool below, this plugin will show close matches:

SPDX Check License

The second tool is an online tool where you can paste the text of a license and it attempts to match it against all the licenses and exceptions on the SPDX License List, fully implementing the SPDX Matching Guidelines. This tool may take time to get an answer due to its thoroughness and will simply tell you if there is a match or not:

Interesting, thanks @robbie.morrison !

What do you think about FSFE’s REUSE tool?

The use cases and application is slightly different.

What it does it allows for automatic download of all licenses with SPDX identifiers (thus kind of avoiding the problem if wrongly-copied files). It can also add SPDX identifiers to files and check whether all files inside a project are REUSE-compliant, i.e. have an associated SPDX license identifier.

We really like it, as it can be used in conjunction with Python’s pre-commit package and thus easily included into continuous integration workflows.

See e.g. our atlite repository.

Hi @johannes.hampp I have watched the development of the Free Software Foundation Europe REUSE project for some time and think version 3.0 is excellent.

There is one very minor point on which I do not align with the FSFE. The FSFE say the copyright notices in the codebase need not be maintained because these notices will carry next‑to‑no weight in court. While that is probably true, I think these notices should be maintained because they provide social information — or they should be removed altogether to minimize confusion.

By the way, the FSFE just released a childrens book on software licensing (in German, english translation in progress) — so if your employer or funder or 6 year‑old up needs some assistance with these concepts …

  • Kirschner, Matthias and Sandra Brandstätter (2021). Ada und Zangemann: Ein Märchen über Software, Skateboards und Himbeereis [Ada and Zangemann: a fairy tale about software, skateboards, and blackberries] (in German). Sebastopol, California, USA: O’Reilly. ISBN 978-396009190-5. Paperback. CC-BY-SA-3.0-DE license.

An illustration from the book (CC‑BY‑SA‑3.0‑DE):

Text and images licensed under CC BY 4.0Data licensed under CC0 1.0Code licensed under MITSite terms of serviceOpenmod mailing listOpenmod wiki.