| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171122170713.GD12684@amd>
Date: Wed, 22 Nov 2017 18:07:13 +0100
From: Pavel Machek <pavel@....cz>
To: Philippe Ombredanne <pombredanne@...b.com>
Cc: Christoph Hellwig <hch@...radead.org>,
Theodore Ts'o <tytso@....edu>,
Alan Cox <gnomes@...rguk.ukuu.org.uk>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Darrick J. Wong" <darrick.wong@...cle.com>,
Eric Sandeen <sandeen@...hat.com>,
xfs <linux-xfs@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Kate Stewart <kstewart@...uxfoundation.org>
Subject: Re: WTF? Re: [PATCH] License cleanup: add SPDX GPL-2.0 license
identifier to files with no license
Hi!
> Christoph:
>
> I am not speaking for Greg but let me highlight some issues and
> benefits as I chipped in a bit to help:
>
> Some data points in the 4.14.rc7 kernel:
> - there are 64,742 distinct license statements
> ... in 114,597 blocks of text
> ... in 42,602 files
> - license statements represent 480,455 lines of text
> - licenses are worded in 1,015 different ways
> - there are about 85 distinct licenses, the bulk being the GPL
>
> NB: All of these tallies were computed with scancode-toolkit [1]
>
> License text lines represent about 14.7% of all source comments.
> (using a CLOC to count comment lines)
>
> >From an engineering perspective this feels to me as pure madness,
> unless everyone in kernel land is in love with legalese!
>
> I like to think of it this way:
>
> Licensing is important but repetitive long boilerplate in patches and
> in every file is just a noisy distraction from the code substance.
>
> Imagine if the kernel had 500 versions of a printf() function?
> Maintainers would refactor the hell of it to use a few functions.
>
> Replacing the boilerplate with licensing ids is exactly the same:
> a sane refactoring to remove duplicated boilerplate.
>
> In the end and ideally there should be no more than one line of
> licensing info per file, so no more than 70Kish: so there are
> about 400K lines of boilerplate to remove.
>
> The benefits now and later:
> - no distraction with licensing boilerplate cr*p in patches and files
Well... No distraction you say?
> Note also that beside the kernel, U-Boot has adopted the same
> approach for quite a while, and in the application world the Eclipse
Yes, it works nicely for U-Boot.
But someone actually _added_ distraction. Top-level Makefile had no
distraction there and boom, here it is, totally uninteresting and just
at line one.
Lets look at random file in usb:
// SPDX-License-Identifier: GPL-2.0+
/*
* Driver for SMSC USB3503 USB 2.0 hub controller driver
*
* Copyright (c) 2012-2013 Dongjin Kim (tobetter@...il.com)
*/
...
MODULE_LICENSE("GPL");
...do we agree that this is nowhere near distration-free? Ugly //
comment that screams for attention, away from other copyright info, it
hurts your eyes...
This would be improvement:
/*
* Driver for SMSC USB3503 USB 2.0 hub controller driver
*
* Copyright (c) 2012-2013 Dongjin Kim (tobetter@...il.com)
*
* SPDX-License-Identifier: GPL-2.0+
*/
...but what is above is just uuuugly.
...as is MODULE_LICENSE having completely different tags from SPDX.
This would be even better:
/*
* Driver for SMSC USB3503 USB 2.0 hub controller driver
*
* Copyright (c) 2012-2013 Dongjin Kim (tobetter@...il.com)
*/
...
SPDX_MODULE_LICENSE("GPL-2.0+")
So yes, SPDX can be improvement. But in current implementation it is
not.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists