lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 9 Nov 2017 14:40:49 +0100
From:   Greg KH <>
To:     Rob Herring <>
Cc:     Linus Torvalds <>,
        Andrew Morton <>,
        Kate Stewart <>,
        Philippe Ombredanne <>,
        Thomas Gleixner <>,
        Linux Kernel Mailing List <>
Subject: Re: [GIT PULL] License cleanup: add SPDX license identifiers to some
 kernel files

On Wed, Nov 08, 2017 at 05:07:46PM -0600, Rob Herring wrote:
> On Thu, Nov 2, 2017 at 10:16 AM, Greg KH <> wrote:
> > [resend without the full diffstat as lkml and some email systems didn't
> >  like to see emails with 12k lines...]
> >
> > Hi,
> >
> > As discussed at the Maintainers Summit last week, here is a pull request
> > that adds some SPDX license identifiers to three different classes of
> > files:
> >         - files with no license identifiers at all, but not uapi files
> >         - uapi files with no license identifiers at all
> >         - uapi files with existing license identifiers
> >
> > This "only" touched 1/6 of the files in the tree.  The remaining files
> > will be dealt with on a subsystem-by-subsystem basis over the next few
> > kernel releases.
> >
> > The full methodology of how these files were determined, and how the
> > work was done is down below in the signed tag, and in the first commit
> > of the series.
> >
> > These patches have a "new" timestamp, a few hours old, only because we
> > have revised and rewritten the changelog text many times based on lots
> > of people's inputs (lawyers included.)  The patches themselves are not
> > "new" at all and were auto-generated as described below and are based on
> > 4.14-rc6.
> >
> > Note, we had to use /* */ as the comment marker for the .h files, as
> > there are just too many .h files being included into .S files to be able
> > to try to identify which is which, so we could not use //, unlike the .c
> > files.
> >
> > These have been through 0-day testing with no reported problems, as well
> > as my build system and Thomas's build system.
> I have some concerns about adding the SPDX tag on the dts/dtsi files.
> These files are generally either GPL2 or dual GPL/MIT. The license
> should normally be decided per platform and generally we don't have
> cross-platform includes. So I'd think there could be some cases where
> the intent was to match the rest of the platform's dts files, but the
> license was omitted by mistake.

If you feel we got a license incorrect, please fix it up.  But as it
was, there was 11000 files with no explicit license, so the license for
them was implicitly GPLv2, which we preserved with this SPDX mark.

So we didn't change anything here, except draw attention to where some
files were licensed under a different license than the original author
expected it to be :)


greg k-h

Powered by blists - more mailing lists