lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 09 Nov 2017 07:39:23 -0800
From:   Joe Perches <joe@...ches.com>
To:     Rob Herring <robh@...nel.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Andy Whitcroft <apw@...onical.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] checkpatch.pl: Add SPDX license tag check

On Thu, 2017-11-09 at 07:47 -0600, Rob Herring wrote:
> On Wed, Nov 8, 2017 at 8:10 PM, Joe Perches <joe@...ches.com> wrote:
> > On Wed, 2017-11-08 at 19:10 -0600, Rob Herring wrote:
> > > Add a check warning if SPDX-License-Identifier tags are not used in
> > > newly added files.
> > 
> > If this is to be done, and I think it's not a great idea,
> 
> Which part? SPDX tags or checking new files or just using checkpatch for this?

SPDX tags in all files.

There's no real way to check a patch for this.

You have to check the entire file.

checkpatch could, as you've done, scan for new files
against /dev/null, but a single patch can add
multiple files and each newly added file should have
a missing SPDX indicator check.

My concern is that there are ~50,000 files in the
kernel source tree and, after that scripted patch
adding the tags, only about a quarter of them have
an SPDX tag.

So which files actually _need_ a SPDX tag?

files in -next with an SPDX tag:

$ git grep --name-only -i -P "spdx-licen[cs]e-identifier" | \
  while read file ; do basename $file ; done | \
  sed -r -e 's/^.*(\..*)/\1/' | \
  sort | uniq -c | sort -rn | head -10
   7514 .h
   3435 .c
   1193 Makefile
    486 .S
    221 .dts
    186 Kconfig
    185 .dtsi
     97 .sh
     34 .tc
     24 .debug

vs all files in -next (not Documentation/)

$ git ls-files | grep -v "^Documentation/" | \
  while read file ; do basename $file ; done | \
  sed -r -e 's/^.*(\..*)/\1/' | \
  sort | uniq -c | sort -rn | head -10
  25946 .c
  20360 .h
   2437 Makefile
   1454 .S
   1442 .dts
   1380 Kconfig
   1099 .dtsi
    207 .json
    204 .gitignore
    194 .sh

Powered by blists - more mailing lists