reuse-tool
tern
Our great sponsors
reuse-tool | tern | |
---|---|---|
10 | 1 | |
342 | 930 | |
3.2% | 0.3% | |
9.1 | 3.2 | |
8 days ago | about 1 month ago | |
Python | Python | |
- | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
reuse-tool
-
Releasing AGPL3 project: SPDX vs full notice text and other questions
The SPDX header is due to a project called REUSE, which is spearheaded by the FSF Europe. You can read more about the project here. Basically you just have to add the copyright header in the format
-
License of the input data
I do add my personalized input data into the public repository where I upload my solutions. I add complete reuse-compatible licensing information to my files.
-
How to license my code if a component is gpl?
For projects that include vendored libraries under different licenses, it is becoming common to use Debian's copyright file format to describe which licenses apply to which source files. The data is usually placed in a file called /.reuse/dep5 (see the FSFE's Reuse Software project). If you want to enable fine-grained license checks, you can also include a machine-readable SPDX-License-Identifier line in each file.
- REUSE SOFTWARE – make licensing easy for humans and machines alike
-
Should I put license notices in all my source code files?
Check out https://reuse.software
- LwESP library for ESP32 and ESP8266
- Reuse Software Licensing
- Reuse: Make licensing easy for humans and machines alike
-
README/HACKING.md does not specify license and copyright terms
Putting the copyright and licensing information in every file was very common, and FSFEs reuse has some interesting specifications if compliance is an issue (e.g. I do not fully understand what the OpenSSL license included in the app-ios/tutanota/include folder covers, which also includes a APL-licensed files) - but thats a different topic.
-
Should I go with GPLv3?
No, but it's a good idea to mention the license you're using. You can use REUSE (https://github.com/fsfe/reuse-tool).
tern
-
Learn by reading code: Python standard library design decisions explained
A project you may want to look into adding is Tern [0]. I've had a good time reading through the code over the past couple of weeks, and have found it to be at least not "bad" code, and pretty easy to understand.
Specifically how they are untarring each container layer and creating a chroot jail to run commands inside is fairly self-contained and interesting.
What are some alternatives?
spdx-license-matcher - A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.
cdxgen - Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
degiro-trading-tracker - Simplified tracking of your investments
ort - A suite of tools to automate software compliance checks.
awesome-security-GRC - Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
spdx-spec - The SPDX specification in MarkDown and HTML formats.
goodcode - A curated collection of annotated code examples from prominent open-source projects
import-linter - Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.
deferred-import - Lazy import and install on demand Python packages
scancode-toolkit - :mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
openRiskScore - A python framework for risk scoring