lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 20 Nov 2017 15:42:33 +0000
From:   Russell King - ARM Linux <linux@...linux.org.uk>
To:     Alan Cox <gnomes@...rguk.ukuu.org.uk>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Charlemagne Lasse <charlemagnelasse@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        LKML <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...uxfoundation.org>,
        Jonathan Corbet <corbet@....net>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Philippe Ombredanne <pombredanne@...b.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Christoph Hellwig <hch@....de>,
        Rob Herring <rob.herring@...aro.org>,
        Jonas Oberg <jonas@...e.org>, Joe Perches <joe@...ches.com>,
        linux-xfs <linux-xfs@...r.kernel.org>,
        Carmen Bianca Bakker <carmenbianca@...e.org>
Subject: Re: [patch V2 02/11] LICENSES: Add the GPL 2.0 license

On Mon, Nov 20, 2017 at 03:31:05PM +0000, Alan Cox wrote:
> On Sat, 18 Nov 2017 11:14:00 -0800
> Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> 
> > You may be confusing things because of a newer version.
> > 
> > On Sat, Nov 18, 2017 at 11:03 AM, Charlemagne Lasse
> > <charlemagnelasse@...il.com> wrote:
> > >
> > > That should be "GNU Lesser General Public" and not "GNU Library General Public"  
> > 
> > That's just FSF revisionism.
> > 
> > It used to be called "Library" over "Lesser", in the original GPL2.
> > 
> > I suspect your other issues are similar "there's been different
> > versions over time" things. the address being one of them.
> > 
> > We've actually taken some of the FSF updates over the years ("19yy" ->
> > "<year>", and the address change) but the main COPYING file still
> > calls the LGPL the "GNU Library General Public License".
> > 
> > I refuse to change the original copyright wording due to idiotic
> > internal FSF politics that tried to change history.
> 
> Do we have any files which had the later LGPL text attached to them - if
> so then they should be keeping that header.
> 
> Which raises another question. If there are multiple GPL 2.0 texts which
> are *supposedly* legally identical but this has never been tested in law
> -that implies SPDX is wrong in tagging them identically in case they turn
> out not to be...

There are also licenses that have been amended (sometimes incorrectly)
to convert them from GPL2+ to GPL2 only, and in the process messing up
the wording.  My understanding is that, even though it's obvious that
the wording is wrong, only the author(s) have the authority to correct
it for exactly the reason you give.

I have some DTS files that are blocked from being merged into the kernel
because of the license wording being messed up - but as I'm not the
author, I can't do anything about it.  People have tried sending me
patches to fix the license text, but I can't merge them because... I'm
not the author.  I've tried to get the author to ack them, but to no
success.

So, since many of us have contributed code under the exact license
given in the top-level "COPYING" file, this is the license text that
applies, and not any other text that someone else happens to call
"GPL 2".

This is exactly why I'm so concerned about the SPDX stuff, and I'm
glad that Thomas is trying to address the concerns that I've raised
with it by including the corresponding license texts with the kernel,
thereby making the kernel independent of the SPDX website.

I haven't been able to fully review Thomas' patches, but they're
definitely a step in the right direction - provided there's a
statement which indicates which is the authoritive reference for the
SPDX tags used in code merged into the kernel.  Without such a
statement, I can see lawyers arguing over that point.

-- 
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 8.8Mbps down 630kbps up
According to speedtest.net: 8.21Mbps down 510kbps up

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ