Licensing LSST DM source code and content¶

This page provides background information to help you appropriately license source code, documentation, and other types of content that is produced on behalf of LSST Data Management.

Choosing a source code license¶

All source code created by LSST DM is publicly-available open source. As such, LSST DM code must carry an Open Source Initiative (OSI)-approved license.

Stack packages¶

A substantial amount of DM development is in the EUPS-managed “Stack,” including the LSST Science Pipelines, Qserv, and DAX. Stack packages are licensed under the GNU Public License version 3.0 (GPL-3.0) license. Because of the interconnected nature of the Stack and how the GPL-3.0 license works, you cannot create a new Stack package distributed with EUPS that is licensed under a different license.

Standalone projects¶

If your project is not part of the Stack, you have flexibility to choose a different OSI-approved license.

For example, PyPI-distributed Python packages made by SQuaRE are licensed under the simpler and more-flexible MIT and Apache 2.0 licenses.

To choose a license, you’ll want to consider the norms of the open source community your project resides in. The choosealicense site is useful for understanding the important qualities of different open source licenses.

Always consult with your manager before setting the license for a project to ensure it aligns with the project’s goals.

Choosing a documentation license¶

Documentation is often licensed differently from source code to make it easier to adapt and reuse in non-code contexts.

In general, all DM user documentation and technical notes are licensed under the Creative Commons Attribution 4.0 International (CC-BY-4.0). This license balances the need for LSST DM to get attribution for content, while allowing the community to freely reproduce and adapt the information.

Applying a license to a repository¶

When you create a new repository on GitHub you have the option of adding a LICENSE in the initial set up. You can also add a license later through the GitHub UI. Not all OSI-approved licenses are available through the GitHub UI, though.

Alternatively, you can always apply a license by manually creating and committing a LICENSE file in the root of the source code repository. The content of the LICENSE file should be the license text itself, without additions or alterations.

The easiest way to get the content of a license is by going to choosealicense, finding the license’s page, and clicking the Copy license text to clipboard button.

Some licenses include a copyright section. See Copyrights for LSST DM work and the COPYRIGHT file for details on how to properly record copyrights for DM software.

The package management ecosystems for many languages, including PyPI and NPM, provide metadata fields for recording license information. These aren’t legally binding, but you should make sure the package metadata are consistent with the LICENSE file.

GitHub also includes license metadata for repositories that is determined automatically from the content of the LICENSE file. See Details on GitHub’s license detection, below, for more information.

Details on GitHub’s license detection¶

GitHub can detect a repository’s license by matching the content of the LICENSE file to known licenses in the choosealicense corpus. When GitHub confidently detects a license, it displays the license on the repository’s page.

Not only is this license badge a nice feature for the community, it also helps us validate our LICENSE files to be sure that the LICENSE we publish is in fact the license we think it is. If the LICENSE file is modified, aside from copyright lines, GitHub will not positively identify the license and will not show a license badge on the repository homepage.

If you have a repository where GitHub is not detecting a license, you can debug it by running GitHub’s detection software on your own computer. Install licensee and follow the documentation to run it against your repository.

Note

licensee looks at multiple files, including COPYRIGHT, when it detects a license. If these files have conficting information, GitHub will not positively detect a license. Be aware of this issue when working with repositories that have both COPYRIGHT and LICENSE files.

Note

GitHub may not properly detect the LICENSE in repositories that have multi-institution COPYRIGHT files. SQuaRE is aware of this issue and is working to resolve it. See licensee issue #285 for background.