The issue of file headers and copyright statements is one that comes up from time to time so I figured it was time we standardized on some guidance for .NET Foundation projects. I thought I would kick off a proposal below, but want everyone to weigh in and give some opinions as lots of people here have a lot more experience in with dealing with this in different places than I do.
###Why have a file header?
People (including Wikipedia) sometimes said that US Copyright law no longer requires a copyright notice but regardless it is beneficial to make sure anyone taking a look at a piece of source code knows where the code came from and under what license that code is being provided. A brief file header is the easiest and most conventional way to do this.
Rationale behind Guidance
- Keep file headers as brief as possible and standardized to make it easy to apply the right header
- Minimize the number of times that a file would get touched just to update the header or license text to avoid polluting history in Git
- Minimize the room for error in a file header being incorrect by getting out of date over time and as code is refactored.
- Make sure we give proper credit to the awesome contributions given by the many passionate people involved in each project
- Make sure we have a way to clearly identify the copyright holders who originally submitted a contribution into the .NET Foundation project.
- Also, make sure we have a way to give credit to the shoulders on which we stand by properly attributing other open source included in our projects and bringing that attribution front and center to ensure people understand what open source is included in a project.
Copyright and License Notice Guidance (Proposal)
At a convenient time to the project, committers should move to a standardized file header in all non-generated source files such as the following example from C# source code:
// // Copyright (c) .NET Foundation. All rights reserved. // Licensed under the ##LICENSENAME##. See LICENSE file in the project root for full license information. //
// // Copyright (c) .NET Foundation. All rights reserved. // Licensed under the MIT License. See LICENSE file in the project root for full license information. //
Projects must have a file at the root of the repository called LICENSE (or LICENSE.md or LICENSE.txt) that contains the full license statement of the project. Within that license the copyright holder should be listed as “.NET Foundation” and no year is required in the copyright notice.
Projects should have a CONTRIBUTORS (or CONTRIBUTORS.md) file at the root of their repository that lists the authors and copyright holders that have made non-trivial contributions to that project source code. The format of that file is as follows:
Contributors -------------- This is the official list of the ##PROJECTNAME## project contributors. Names of the original copyright holders (individuals or organizations) should be listed with a '*' in the first column. People who have contributed from an organization can be listed under the organization that actually holds the copyright for their contributions (see the Microsoft organization for an example). Those individuals should have their names indented and be marked with a '-' * Contoso - Egon Andersson - Zdenek Broz * Marius Carlsson * Microsoft - Sofie Hellstrom - Pontus Lindberg - Nada Lukic - Milun Radic - Frantiska Spackova - Kaari Suutari-Jaasko - Jaroslav Tomek
If a project contains any other open source code from another source then this the original location should be noted in the file comments with-in the file. If a method or snippet from a file is used than the beginning and end of that snippet should be clearly identified with attribution in source so that the attribution can easily move with the code during refactors. In addition a reference to the source project and the full license the code was provided under should be included in a NOTICES (or NOTICES.md / NOTICES.txt) file at the root of the project at the time the code is added.
- There is no year provided in the copyright statement on the file nor in the copyright statement in the LICENSE file. This is a deliberate simplification to avoid unnecessary churn in the code base.
- When containing non-ASCII characters, the CONTRIBUTORS file should be encoded in UTF-8 with no BOM (as opposed to CP-1252 / ANSI). Same goes for the LICENSE and NOTICES file.
- The CONTRIBUTORS file is a deliberate hybrid between a list of the copyright holders who have contributed to the project and the individuals actually contributing often on behalf of the organization. The idea is that the original copyright holders can be identified but we can also ensure all contributors get kudos for their contributions. This prevents individual file headers getting added to over time (and then accidentally getting copy/pasted or lost as code is refactored around the codebase over time). The major downside of this format is that is would mean that an individual may be listed multiple times (for example if they contributed as an individual then went to work for a company that then paid them to contribute to the project).
The guidance above is based on best practises seen in a number of communities, but outside of the .NET Foundation projects the following guidance was influencial in coming up with our recommendations:
- Apache Foundation Guidance: http://www.apache.org/legal/src-headers.html
- Eclipse Foundation Guidance: https://eclipse.org/legal/copyrightandlicensenotice.php
- Angular Project Guidance: https://github.com/google/angle/blob/master/doc/ContributingCode.md
As well as get feedback on this proposal, I want to pull together some examples for the NOTICES and LICENSE section before finalizing. Ideally pointing to current live projects for a model example, but when I started looking I was finding lots of inconsistencies which is one of the reasons I started writing this forum post). I’m also digging into SPDX to see what we can do there.
If any projects wanted to pilot implementing something like this so we can learn from that then feel free (but bear in mind that this guidance is in early draft and is likely to change based on feedback)
While heavily inspired by Angular, Apache and Eclipse - the guidance above is a little original which always worries me. I’d rather have been able to point to another community and say “do it like X” but I didn’t find one I was entirely happy with. However if you know of examples you think are best of breed then let me know.
Let me know what you think.