A small literature update and a related tooling note that may be useful here.
Rosen’s Open Source Licensing — a classic — is from 2004. For a more current treatment I would also point to Amanda Brock, ed., Open Source Law, Policy and Practice, 2nd ed., OUP 2022. It covers not only license interpretation, but also open-source governance, business models, compliance, and policy. That seems relevant because many of the questions in this thread are not just “which license text?”, but also “what legal and organisational machinery follows from that choice?”
There is also a tooling angle. A single root LICENSE file is often too coarse once a package contains source files, generated files, documentation, examples, assets, notebooks, CI files, or vendored material under different terms. The REUSE specification, mentioned earlier, addresses this by making copyright and licensing information file-level, machine-readable, and auditable, using SPDX identifiers/expressions, a LICENSES/ directory, and optionally REUSE.toml.
I have opened a PR adding REUSE support for PkgTemplates.jl and would be grateful for review/testing by people who care about package licensing.
Implementation outline
The plugin generates REUSE.toml, populates LICENSES/ with the relevant license texts made available by a snapshot from SPDX License List Data, adds SPDX copyright/license headers, optionally adds a README ## Licensing section, and can wire reuse lint into CI. In particular, it supports SPDX license expressions rather than only single license identifiers, because practical package licensing may involve expressions such as MIT OR Apache-2.0, GPL-3.0-only WITH GPL-3.0-linking-exception or custom LicenseRef-* licenses.
The PR is here:
Add REUSE plugin support by gwr-de · Pull Request #528 · JuliaCI/PkgTemplates.jl · GitHub
The implementation branch in my public fork is here:
GitHub - bslMS/PkgTemplates.jl at feature/reuse-plugin · GitHub
The documentation preview can be found here:
It has the plugin docstring, a section on REUSE-compliant Packages, and some details in the Developer section on updating the SPDX snapshot and SPDXSupport internals.