linux-kernel - Re: [patch V2 02/11] LICENSES: Add the GPL 2.0 license

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:   Tue, 21 Nov 2017 09:27:28 +0100
From:   Jonas Oberg <jonas@...e.org>
To:     Alan Cox <gnomes@...rguk.ukuu.org.uk>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Charlemagne Lasse <charlemagnelasse@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        LKML <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...uxfoundation.org>,
        Jonathan Corbet <corbet@....net>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Philippe Ombredanne <pombredanne@...b.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Christoph Hellwig <hch@....de>,
        Russell King <rmk+kernel@...linux.org.uk>,
        Rob Herring <rob.herring@...aro.org>,
        Joe Perches <joe@...ches.com>,
        linux-xfs <linux-xfs@...r.kernel.org>,
        Carmen Bianca Bakker <carmenbianca@...e.org>
Subject: Re: [patch V2 02/11] LICENSES: Add the GPL 2.0 license

Hi Alan,

> Which raises another question. If there are multiple GPL 2.0 texts which
> are *supposedly* legally identical but this has never been tested in law
> -that implies SPDX is wrong in tagging them identically in case they turn
> out not to be...

For the cases, and the differences we're talking about now, I believe the
current approach is fine. In the general case though, the FSFE's REUSE
recommendations are that for situations where the license in use differ
from the one included in SPDX, you make use of a local reference to the
license file instead of the SPDX identifier.

This is sometimes the case with the umpteen versions of the BSD licenses.
The way we recommend doing this is you define an identifier of the form
LicenseRef-<unique_code> (consistent with the SPDX specification).
Source code files would be marked up with:

   SPDX-License-Identifier: LicenseRef-MyBSD4

and the corresponding license file in LICENSES/ with:

   Valid-License-Identifier: LicenseRef-MyBSD4
   License-Text:
     ...

Best,

-- 
Jonas Öberg
Executive Director

FSFE e.V. - keeping the power of technology in your hands. Your
support enables our work, please join us today http://fsfe.org/join