lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 15 May 2016 00:44:35 +0200
From:	Rafał Miłecki <>
To:	Linux Kernel Mailing List <>
Cc:	"" 
	"" <>,
	Florian Fainelli <>,
	Dan Haab <>, Hauke Mehrtens <>
Subject: Unclear BSD licensing (headers, MODULE_LICENSE, versions)


I recently received a hint that it would be nice/expected to have DTS
files licensed under BSD. I had no experience with BSD, so I started
looking at this and the way kernel parts use it.

Obviously Linux kernel is licensed under GPLv2, so all its code has to
use GPLv2 compatible license. I found 3 BSD licenses in use by kernel
1) BSD 3-clause license
2) BSD 2-clause license
3) Clear BSD license

Unfortunately in many cases (of source files) I wasn't able to clearly
determine used BSD license.

First of all, an accepted ident "Dual BSD/GPL" doesn't specify BSD
version. All I can read in include/linux/module.h is "[GNU Public
License v2 or BSD license choice]". It could mean any (of GPLv2
compatible) BSD versions.

I guess ideally (in current situation) every file using "Dual BSD/GPL"
should specify BSD license version in a header. However this isn't the

1) Some "Dual BSD/GPL" sources mention GPL in a header forgetting about BSD.
Can we treat such files as BSD-licensed at all? Few examples:

2) Some "Dual BSD/GPL" sources don't specify BSD version in a header.
E.g. all you can find in a header is "All rights reserved. Licensed
under dual BSD/GPL license.". Two examples:

Another problem is text of BSD license

1) Some BSD 2-clause licensed sources don't link to its content.

In case of GPLv2 some sources simply mention this license and refer to
COPYING. Few examples:
a) drivers/bcma/main.c
"Licensed under the GNU/GPL. See COPYING for details."
b) drivers/block/umem.c
"This driver is released to the public under the terms of the GNU
c) drivers/mfd/tps6507x.c
"For licencing details see kernel-base/COPYING"

I believe the same could be done for BSD 2-clause license, however
there is no file that can be pointed. It results in some sources
specifying 2-clause license in a header without really providing the
content. Example:

2) Some BSD 3-clause or Clear BSD licensed sources don't provide needed text

Many templates of BSD 3-clause license I found contain <organization>
that should be replaced by a proper organization/company. That makes
me suspect we can't have a generic text of BSD 3-clause or Clear BSD
in any shared file like COPYING. However there are sources that
specify one of above licenses without providing or linking its text.
Few examples:

I'm wondering how we could improve this situation. I got 2 main ideas:

We could add new acceptable entries specifying BSD version. We could
try to improve to look for a full license in a header
(it seems to be required as it has to provide <organization>). Maybe
we could figure out (with some lawyers?) how to treat sources using
"Dual BSD/GPL" mentioning GPL only (without BSD) in their header.

2) Get clear rules on how to write a header
If you find extending MODULE_LICENSE a bad idea, maybe we can simply
help people write proper headers. Explain the problem, provide
examples, maybe add some check in

What do you think about this?


Powered by blists - more mailing lists