lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Feb 2014 14:01:25 -0500 From: Theodore Ts'o <tytso@....edu> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: Michal Simek <monstr@...str.eu>, Felipe Balbi <balbi@...com>, Subbaraya Sundeep Bhatta <subbaraya.sundeep.bhatta@...inx.com>, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, Subbaraya Sundeep Bhatta <sbhatta@...inx.com>, devicetree@...r.kernel.org, Wolfgang Denk <wd@...x.de> Subject: Re: SPDX-License-Identifier On Fri, Feb 21, 2014 at 09:57:20AM -0800, Greg Kroah-Hartman wrote: > > But shouldn't we at least write somewhere > > that it has connection to spdx.org where you can find out that licenses. > > Why? Are these licenses so unknown that no one knows what they are? > And, as part of the kernel-as-a-whole-work, they all resolve to GPLv2 > anyway, and we have that license in the source tree, so nothing else > should be needed. Note that not all lawyers are in agreement about this, so if this is a driver being developed by a company, you may want to ask your corporate counsel if they have an opinion about this. I've received advice of the form that it's not obvious that regardless of whether or not us *engineers* understand what all of the licensing terms mean, what's important is whether someone who is accused of "borrowing" GPL'ed code and dropping it in a driver for some other OS can convince a judge whether or not it's considered "obvious" from a legal perspective what an SPDX header means, and what is implied by an SPDX license identifer. Also note that with the advent of web sites that allow people to do web searches and turn up a singleton file via some gitweb interface, the fact that the full license text is distributed alongside the tarball might or might have as much legal significance as it once had. But of course, I'm not a lawyer, and if your company has is paying for the development of the driver, the Golden Rule applies (he who has the Gold, makes the Rules), and each of our respective corporate lawyers may have different opinions about what might happen if the question was ever to be adjudicated in court. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists