lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Dec 2017 14:45:12 +0100
From:   Krzysztof Kozlowski <krzk@...nel.org>
To:     Andi Shyti <andi@...zian.org>
Cc:     Andi Shyti <andi.shyti@...sung.com>, Kukjin Kim <kgene@...nel.org>,
        Mark Brown <broonie@...nel.org>, linux-spi@...r.kernel.org,
        linux-samsung-soc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] spi: s3c64xx: add SPDX identifier

On Tue, Dec 12, 2017 at 2:03 PM, Andi Shyti <andi@...zian.org> wrote:
> Hi Krzysztof,
>
>> > - * Copyright (C) 2009 Samsung Electronics Ltd.
>> > - *     Jaswinder Singh <jassi.brar@...sung.com>
>> > - *
>> > - * This program is free software; you can redistribute it and/or modify
>> > - * it under the terms of the GNU General Public License as published by
>> > - * the Free Software Foundation; either version 2 of the License, or
>> > - * (at your option) any later version.
>> > - *
>> > - * This program is distributed in the hope that it will be useful,
>> > - * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> > - * GNU General Public License for more details.
>> > - */
>> > +// SPDX-License-Identifier: GPL-2.0
>>
>
>> Existing license corresponds to GPL-2.0+, not GPL-2.0.
>
> mmmhhh... isn't it deprecated from 2.0rc2? Current SPDX version
> 2.6 doesn't have GPL-2.0+ in the list of licenses.
>
> https://spdx.org/licenses/
>
> I can improve the commit log to state it more clearly. Would that
> work?

No. The license identifier is deprecated, not the license itself.
Instead the, the SPDX says: <<This new syntax supports the ability to
use a simple “+” operator after a license short identifier to indicate
“or later version” (e.g. GPL-2.0+)>>. The spec [1] mentions it again:
"An SPDX License List Short Form Identifier with a unary"+" operator
suffix to represent the current version of the license or any later
version.  For example: GPL-2.0+"

Existing kernel sources follow this convention.

> BTW, is it really a change of license?

Yes, it is. Or maybe not license itself but it terms and specific
elements. GPL-2.0 does not say "any later option at your choice". Let
me quote:
"Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Program does not specify a
version number of this License, you may choose any version ever
published by the Free Software Foundation." [2]

What to add more here? GPL-2.0 only does not allow you to use any
later version ever published by FSF.

>
>> Why changing the comment style?
>
> That's SPDX, right? by adding the SPDX-License-Identifier the
> GPLv2 statement becomes redundant and we can remove some lines.

But it does not explain why existing comment has to be rewritten into //.

[1] https://spdx.org/spdx-specification-21-web-version
[2] https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ