lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <454ecadc-b4df-ddd9-d29a-18c64b72d1b7@posteo.de>
Date:   Sat, 18 Nov 2017 12:21:16 +0100
From:   Martin Kepplinger <martink@...teo.de>
To:     Greg KH <gregkh@...uxfoundation.org>,
        Jonathan Corbet <corbet@....net>
Cc:     akpm@...ux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] samples: replace outdated permission statement with SPDX
 identifiers

On 2017-11-18 11:17, Greg KH wrote:
> On Fri, Nov 17, 2017 at 03:53:53PM -0700, Jonathan Corbet wrote:
>> On Thu, 16 Nov 2017 12:41:10 +0100
>> Greg KH <gregkh@...uxfoundation.org> wrote:
>>
>>>> I'll fold this in, in the thread here. I guess this change is what Greg
>>>> had in mind? Or would you prefer having including SPDX and removing
>>>> permission statement seperately?  
>>>
>>> I have been doing them in 2 steps, but only because the files I modified
>>> were in different "chunks" (i.e. add missing SPDX identifiers to a bunch
>>> of files in a directory, and then the second patch would remove the
>>> license identifiers for all files in that directory).  As that type of
>>> patch flow doesn't make sense here, I think what you did was just fine.
>>
>> So I'll confess to being a little worried about removing the boilerplate:
>>
>> 	And it's important to notice that while adding a SPDX line should
>> 	not really be controversial (as long as you get the license right,
>> 	of course - Greg&co have the CSV files for everything, in case you
>> 	want to check things you maintain), before removing the
>> 	boiler-plate you really need to feel like you "own" the file.
>> 	— Linus (https://lkml.org/lkml/2017/11/2/715)
>>
>> Are we sure that we're not going to get in trouble with the people who do
>> "own" those files if we rip out the boilerplate?  It would be good to have
>> some clarity on when that can be done.
> 
> I have discussed this with many lawyers, and as SPDX is acknowledged as
> a valid way to specify the license that a file is released under,
> removing the "boilerplate" text is just fine according to all of them.
> 
> As a backup to this, I have verification from at the legal department of
> at least one very large corporate copyright holder in the kernel that
> this is fine with them, and they are glad to see this happen, as now we
> will not have 700+ different ways to say "released under the GPL v2" in
> the tree.  You can see one of the patch series on lkml where I say I got
> their approval as proof.
> 
> So yes, this should be fine, but of course, ask the copyright holder of
> the file when doing this.  I have been cc:ing the owners of the files
> when I do this work, and have gotten no objections so far when doing
> this work.

Ok that's probably important. Even if not strictly necessary, at least
when I get acks from all copyright holder, I feel this is safe to do for
me or anybody.

Thanks. That's annoying work and I appreciate it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ