| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Nov 2017 09:17:22 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Philippe Ombredanne <pombredanne@...b.com>
Cc: Johan Hovold <johan@...nel.org>, linux-usb@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Kate Stewart <kstewart@...uxfoundation.org>
Subject: Re: [PATCH v2] USB: add SPDX identifiers to all remaining files in
drivers/usb/
On Sun, Nov 05, 2017 at 04:39:22PM +0100, Philippe Ombredanne wrote:
> On Sun, Nov 5, 2017 at 2:51 PM, Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
> > On Sun, Nov 05, 2017 at 01:53:54PM +0100, Philippe Ombredanne wrote:
> >> On Sat, Nov 4, 2017 at 11:40 AM, Greg Kroah-Hartman
> >> <gregkh@...uxfoundation.org> wrote:
> >> > On Fri, Nov 03, 2017 at 05:53:01PM +0100, Johan Hovold wrote:
> >> >> On Fri, Nov 03, 2017 at 11:28:30AM +0100, Greg Kroah-Hartman wrote:
> >> >> > It's good to have SPDX identifiers in all files to make it easier to
> >> >> > audit the kernel tree for correct licenses.
> >> >> >
> >> >> > Update the drivers/usb/ and include/linux/usb* files with the correct
> >> >> > SPDX license identifier based on the license text in the file itself.
> >> >> > The SPDX identifier is a legally binding shorthand, which can be used
> >> >> > instead of the full boiler plate text.
> >> >> >
> >> >> > This work is based on a script and data from Thomas Gleixner, Philippe
> >> >> > Ombredanne, and Kate Stewart.
> >> >> >
> >> >> > Cc: Thomas Gleixner <tglx@...utronix.de>
> >> >> > Cc: Kate Stewart <kstewart@...uxfoundation.org>
> >> >> > Cc: Philippe Ombredanne <pombredanne@...b.com>
> >> >> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> >> >>
> >> >> I noticed several MODULE_LICENSE macros which did not match the headers
> >> >> (e.g. "GPL" being used for version 2 only modules) for which I'll send a
> >> >> follow-up patch.
> >> >>
> >> >> Someone should probably write a script for that once the SPDX
> >> >> identifiers are in.
> >> >
> >> > Yes, I think that someone might have a script for that, it will be much
> >> > easier to detect these things now. The issue is that the "v2" marking
> >> > came after the original "GPL" marking for MODULE_LICENSE() from what I
> >> > remember, so many of those will be wrong.
> >>
> >> If this can help my [1] tool can detect both header-level licenses-in-comments
> >> as well as MODULE_LICENSE macros. Based on that we could reasonably
> >> easily craft a script that scans a file and report discrepancies
> >> between the two.
> >
> > That would be great, as there are going to be a lot of these showing up
> > soon, as we start adding the SPDX identifiers to the files based on the
> > license text and the mis-matches become obvious.
>
> I can run a scancode scan to list modules with a license that does not
> match their MODULE_LICENSE (irrespective of whether they have an SPDX id
> already or not)
> I can then either provide a CSV (or provide an eventually big patch).
> Which do you prefer?
> What should be the tree to run this on: Yours? usb? Linus's?
> tip of the tree or a tag?
To start with, let's work on getting the drivers/usb/ portion of the
tree cleaned up, as that's a nice "simple" area of the kernel to work
with.
Use the usb-next branch of the usb.git tree on git.kernel.org:
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/
> If you prefer a patch, what should be the rationale when licenses do not match?
> I guess update the MODULE_LICENSE to match the license comment?
Yes, the MODULE_LICENSE should be updated to match the license comment,
unless something is really "odd", and if so, we can look at the
exceptions "by hand".
Look at the patch by Johan in my tree that fixed this all up for
drivers/usb/serial/ as an example of what a good changelog text would
be.
thanks,
greg k-h
Powered by blists - more mailing lists