lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 2 Nov 2017 10:25:07 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc:     Greg KH <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Philippe Ombredanne <pombredanne@...b.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] License cleanup: add SPDX license identifiers to some
 kernel files

On Thu, Nov 2, 2017 at 10:09 AM, Masahiro Yamada
<yamada.masahiro@...ionext.com> wrote:
>
> I am happy to follow the preferred style if any
> for my future patches.  I just want to be sure.

So in general, the _hope_ is that we can just end up replacing
existing boilerplate comments with that single line SPDX comment
(using "//" in *.[ch] files, but obviously some other kinds of files
end up having a different comment character, typically '#').

In scripts, the single-line comment may need to be the second line,
simply due to file format requirements (ie the whole "#!" thing needs
to be the first line).

And it's important to notice that while adding a SPDX line should not
really be controversial (as long as you get the license right, of
course - Greg&co have the CSV files for everything, in case you want
to check things you maintain), before removing the boiler-plate you
really need to feel like you "own" the file.

So while I'd personally love to just get rid of existing (usually
nasty and bad) copyright templates in favor of just the one-liner SPDX
notice, that can generally not be automated without maintainer
permission.

And while this is likely really obvious, I'd like to note that at no
point would we remove the individual and company _names_ from
copyright notices. But the silly repeated boiler-plate that just
states the license itself is certainly redundant when SPDX lines are
added. So that's the part that I would love to see people at least
consider removing.

And yes, feel free to replace block comments with // while at it.

> Several DT files use SPDX.  For example,
> https://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/mediatek/mt7622.dtsi
>
> If SPDX tag at the top line is preferred, should existing files be fixed?

I don't think it's a huge deal, and wouldn't touch existing files
unless you have some other independent reason to do so.

The real reason _I_ personally would like to see at least all the new
SPDX lines to go at the very top of the file is that every time when
we have some kind of ambiguity about placement, we end up with
multiple cases, and then people don't notice when merging, and you end
up having two - or you just end up having unnecessary merge conflicts
because two different people picked two different choices).

So to me, the "just put it as the first syntactically possible line,
and just always use the same comment format" is simply to avoid
unnecessary arguments/conflicts about which of any number of ways you
*could* do it.

We already have something like 700 different versions of the same
silly copyright license boiler-plate due to typos, whitespace
differences, comment style choices, yadda yadda. Let's avoid that mess
by just picking _one_ single format and placement for the SPDX line.

              Linus

Powered by blists - more mailing lists