| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Dec 2017 15:48:15 +0100
From: Philippe Ombredanne <pombredanne@...b.com>
To: Krzysztof Kozlowski <krzk@...nel.org>
Cc: Andi Shyti <andi@...zian.org>, Andi Shyti <andi.shyti@...sung.com>,
Kukjin Kim <kgene@...nel.org>, Mark Brown <broonie@...nel.org>,
linux-spi@...r.kernel.org, linux-samsung-soc@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] spi: s3c64xx: add SPDX identifier
On Tue, Dec 12, 2017 at 2:45 PM, Krzysztof Kozlowski <krzk@...nel.org> wrote:
> On Tue, Dec 12, 2017 at 2:03 PM, Andi Shyti <andi@...zian.org> wrote:
>> Hi Krzysztof,
>>
>>> > - * Copyright (C) 2009 Samsung Electronics Ltd.
>>> > - * Jaswinder Singh <jassi.brar@...sung.com>
>>> > - *
>>> > - * This program is free software; you can redistribute it and/or modify
>>> > - * it under the terms of the GNU General Public License as published by
>>> > - * the Free Software Foundation; either version 2 of the License, or
>>> > - * (at your option) any later version.
>>> > - *
>>> > - * This program is distributed in the hope that it will be useful,
>>> > - * but WITHOUT ANY WARRANTY; without even the implied warranty of
>>> > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>>> > - * GNU General Public License for more details.
>>> > - */
>>> > +// SPDX-License-Identifier: GPL-2.0
>>>
>>
>>> Existing license corresponds to GPL-2.0+, not GPL-2.0.
>>
>> mmmhhh... isn't it deprecated from 2.0rc2? Current SPDX version
>> 2.6 doesn't have GPL-2.0+ in the list of licenses.
>>
>> https://spdx.org/licenses/
>>
>> I can improve the commit log to state it more clearly. Would that
>> work?
>
> No. The license identifier is deprecated, not the license itself.
> Instead the, the SPDX says: <<This new syntax supports the ability to
> use a simple “+” operator after a license short identifier to indicate
> “or later version” (e.g. GPL-2.0+)>>. The spec [1] mentions it again:
> "An SPDX License List Short Form Identifier with a unary"+" operator
> suffix to represent the current version of the license or any later
> version. For example: GPL-2.0+"
>
> Existing kernel sources follow this convention.
>
>> BTW, is it really a change of license?
>
> Yes, it is. Or maybe not license itself but it terms and specific
> elements. GPL-2.0 does not say "any later option at your choice". Let
> me quote:
> "Each version is given a distinguishing version number. If the Program
> specifies a version number of this License which applies to it and
> "any later version", you have the option of following the terms and
> conditions either of that version or of any later version published by
> the Free Software Foundation. If the Program does not specify a
> version number of this License, you may choose any version ever
> published by the Free Software Foundation." [2]
>
> What to add more here? GPL-2.0 only does not allow you to use any
> later version ever published by FSF.
>
>>
>>> Why changing the comment style?
>>
>> That's SPDX, right? by adding the SPDX-License-Identifier the
>> GPLv2 statement becomes redundant and we can remove some lines.
>
> But it does not explain why existing comment has to be rewritten into //.
>
> [1] https://spdx.org/spdx-specification-21-web-version
> [2] https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
>
> Best regards,
> Krzysztof
IMHO you should refer to Thomas doc patches instead of looking for
details elsewhere [1]
They are the authoritative doc for the kernel.
CC: Greg Kroah-Hartman
CC: Thomas Gleixner
[1] https://lkml.org/lkml/2017/12/4/934
--
Cordially
Philippe Ombredanne
Powered by blists - more mailing lists