Legal¶
Caution
This document is not a legal advice. Consult a professional for legal questions.
This document outlines the legal aspects of opentemplate.
Compliance and fixes¶
REUSE compliance¶
Repositories created from this template follow REUSE ⧉ framework, meaning:
- Every file includes an SPDX ⧉ header with
licenseand copyright details. - Headers are either language-specific comments or
<filename>.licensefiles when comments aren't supported.
Important
Each contributor will be added to the SPDX headers. See SPDX-FileContributor ⧉ for more details.
- The
pre-commithook automatically adds missing headers (fix-legalinpyproject.toml). check-legalinpyproject.tomlensures compliance and runs afterfix-legal.
License compliance¶
google/osv-scanner ⧉ checks dependency licenses. Allowed licenses (subject to change):
MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, Unlicense, Zlib, OFL-1.1, 0BSD, PSF-2.0
Adjustments¶
Changing license¶
- Run
pdm run reuse download <LICENSE-SPDX>and link the/LICENSE.mdfile to appropriate file inlicenses/. - Change
licenseinpyproject.tomlto the new SPDX identifier.
Modifying license compliance¶
Important
Adjust project licensing as needed.
To update allowed licenses for osv-scanner:
- Modify
.pre-commit-config.yaml(id: osv-scanner) for local changes. - Update
.github/workflows/reusable-security-osv-scanner.ymlfor CI.
Documents¶
/LICENSE.md(Apache-2.0 by default) should be a symbolic link to the actual license file inlicenses/.LICENSES/folder contains all project licenses (e.g.,pdm.lockisCC0-1.0⧉).CODE_OF_CONDUCT.mdfollows the Contributor Covenant ⧉.DCO.md(Developer Certificate of Origin) must remain unchanged; all commits must be signed off (details ⧉).GOVERNANCE.mdoutlines project governance.CITATION.cffprovides citation details
Tip
See GitHub guide ⧉ for more information.
Code Sources¶
pyproject.toml.github/workflows/legal*.yml