lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 9 Nov 2017 00:53:24 -0800
From:   Christoph Hellwig <>
To:     Greg Kroah-Hartman <>
Cc:     Christoph Hellwig <>,
        Philippe Ombredanne <>,
        Theodore Ts'o <>,
        Alan Cox <>,
        "Darrick J. Wong" <>,
        Eric Sandeen <>,
        xfs <>,
        LKML <>,
        Kate Stewart <>,
        Thomas Gleixner <>
Subject: Re: WTF? Re: [PATCH] License cleanup: add SPDX GPL-2.0 license
 identifier to files with no license

On Thu, Nov 09, 2017 at 09:23:35AM +0100, Greg Kroah-Hartman wrote:
> The documentation of this process is lagging the patches, as usually
> happens, sorry about that.

In cases like this the documentation is the most important part.
Without documentation it is completely pointless.

> Thomas is working on a document to describe the process, and what a file
> should contain, based on the work he has been doing.  This was discussed
> at the kernel summit, and sorry for it not getting out wider than that
> audience, things take time, which is why I was only touching my
> subsystems with the "general license cleanups" at the moment until his
> document was ready.
> Hopefully a draft of it will go out today, Thomas?

It would help to Cc him, I've done that. 

> SPDX is an industry-wide accepted set of tags for all licenses, some
> projects have been using it for years (like Uboot).  These are not going
> to change randomly, and again, the document that Thomas has will
> describe these in detail.

It is not an 'industry-wide accepted set of tags' (did you get a company
discount on buzzwords).  Yes, it it a scheme someone can up with (seems
like an industry consortium that happens to employ you, what a
coincidence), and from a quick look it even seems like a pretty reasonable
scheme.  But without backing it with an explanation of those tags in
the tree, and explaining people how to use them and how they are
relevant it is absolutely useless.

And to come up with a scheme we need to have a broad discussion on
what we are doing.

> sorry for the confusion, it was not intended at all, but it what happens
> in time with distributed developers, all working at different rates on
> different parts of the tree.

Sorry but I call bullshit on this.  We have absolutely no problem
working together if we try.  You clearly did not even try to cooperate
with anyone - the clear indicator is that no RFC was posted, no
questions were asked but you just sent a pull requests right before
the end of the merge window.

Powered by blists - more mailing lists