Switching to SPDX license identifiers in Qt sources

A Qt source file traditionally starts with a comment containing copyright statements and the full license text. Luckily, programmers aren't bothered by this wall of text - their code editors do a good job of hiding it. Still, there are certain problems with traditional license headers, and this article explores how we address these
issues.

It is of course somewhat inelegant to have countless copies of the same license text in the source tree, but there are more pressing problems than that.

There is no easy way to tell under which licenses a Qt repository can be used. We are missing a central place where all the licenses are stored.

The text for a license can potentially differ, depending on when the license text was copied and pasted. Files that are available under multiple licenses contain multiple license texts glued together.

It's not straightforward to verify whether the license headers are consistently used or correct. Tooling is difficult.

We addressed these problems in the past by marking the license text with identifiers. The GNU Lesser General Public License is marked with QT_BEGIN_LICENSE:LGPL, for instance. But this is a Qt-internal
convention - there's a more established way by now: SPDX.

SPDX (Software Package Data Exchange) is an open standard that is used by many popular projects like the Linux kernel or KDE, and now Qt is also in the process of switching to it.

The 38 lines traditional license header of qpointer.cpp are reduced to just two lines:

// Copyright (C) 2016 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only

The existing copyright lines are still there, but the license blob is now an SPDX expression that states the file is available under four different licenses. SPDX license identifiers, for example GPL-3.0-only, can be combined with OR and AND.

Licenses that are unknown to the SPDX specifications are prefixed with LicenseRef-.

Amendments to existing licenses can be specified using the WITH operator, for example GPL-3.0-only WITH Qt-GPL-exception-1.0.

Outlook

Based on SPDX, the REUSE specification aims at providing a standardized method for declaring copyright and licensing software. There's a compliance checker available: the REUSE Tool which we could use in the future to ensure our copyright and licenses are sound. This could replace our Perl-based license checker that is run in CI.

We cannot do this right away, because we're not fully REUSE compliant, the biggest offender being third-party libraries. We cannot change license headers in source code that is not ours. Currently, we annotate
third-party libraries with qt_attribution.json files. The REUSE-compliant way would be to create a DEP5 file, which is a machine-readable file with copyright and license information for different parts of the source tree.

Also, REUSE requires that all files are annotated with license identifiers. An image foo.png would have to be accompanied by a foo.png.license file. We're not sure yet whether we want to go there.

There will be a session about this topic on the upcoming Qt contributor's summit. In the meantime, I hope you'll enjoy the reduced clutter at the top of your source files. Use the freed disk space wisely.