Copyright

Licence Notices

A licence notice states the SPDX identifier of the licence that governs the file.

Format:

SPDX-License-Identifier: <SPDX-identifier>

Complete example for an Apache-2.0-licensed Python source file:

# SPDX-FileCopyrightText: 2024 Centre for Research and Technology Hellas (CERTH)
# SPDX-License-Identifier: Apache-2.0

This machine-readable format enables automated licence compliance verification by tools such as reuse lint and third-party scanners used by downstream integrators.

Placement in Source Files

Place SPDX tags in a comment block at the very top of each source file, before any other content including imports or package declarations. For file formats that do not support inline comments (e.g., images, binary assets, or certain data formats shipped with the software), use a companion .license sidecar file with the same base name:

my-asset.svg          ← the asset
my-asset.svg.license  ← contains the SPDX tags

Bulk Licence Documentation

In addition to per-file notices, every project must include:

  • A LICENSES/ directory at the repository root, containing the full licence text for each licence used (e.g., LICENSES/Apache-2.0.txt)
  • A REUSE.toml file (or legacy .reuse/dep5) for files that cannot carry inline notices, mapping file globs to their copyright and licence information

Verifying Compliance

Run the REUSE linter locally before publishing:

pip install reuse
reuse lint

A passing reuse lint confirms that every file in the repository has an unambiguous copyright owner and licence. The CERTH OSPO can assist with initial setup and interpreting results.