lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABGGiswvTExoeQHro_ctpTEhdxf6_VQXdZJDbDvBhG6QndG04A@mail.gmail.com>
Date:   Wed, 8 Nov 2017 17:07:46 -0600
From:   Rob Herring <rob.herring@...aro.org>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Philippe Ombredanne <pombredanne@...b.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] License cleanup: add SPDX license identifiers to some
 kernel files

On Thu, Nov 2, 2017 at 10:16 AM, Greg KH <gregkh@...uxfoundation.org> wrote:
> [resend without the full diffstat as lkml and some email systems didn't
>  like to see emails with 12k lines...]
>
> Hi,
>
> As discussed at the Maintainers Summit last week, here is a pull request
> that adds some SPDX license identifiers to three different classes of
> files:
>         - files with no license identifiers at all, but not uapi files
>         - uapi files with no license identifiers at all
>         - uapi files with existing license identifiers
>
> This "only" touched 1/6 of the files in the tree.  The remaining files
> will be dealt with on a subsystem-by-subsystem basis over the next few
> kernel releases.
>
> The full methodology of how these files were determined, and how the
> work was done is down below in the signed tag, and in the first commit
> of the series.
>
> These patches have a "new" timestamp, a few hours old, only because we
> have revised and rewritten the changelog text many times based on lots
> of people's inputs (lawyers included.)  The patches themselves are not
> "new" at all and were auto-generated as described below and are based on
> 4.14-rc6.
>
> Note, we had to use /* */ as the comment marker for the .h files, as
> there are just too many .h files being included into .S files to be able
> to try to identify which is which, so we could not use //, unlike the .c
> files.
>
> These have been through 0-day testing with no reported problems, as well
> as my build system and Thomas's build system.

I have some concerns about adding the SPDX tag on the dts/dtsi files.
These files are generally either GPL2 or dual GPL/MIT. The license
should normally be decided per platform and generally we don't have
cross-platform includes. So I'd think there could be some cases where
the intent was to match the rest of the platform's dts files, but the
license was omitted by mistake.

In any case, the platform maintainers should have a chance to comment
on their platforms and it seems this was rushed.

Rob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ