lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Dec 2017 16:00:02 +0100
From:   Krzysztof Kozlowski <krzk@...nel.org>
To:     Philippe Ombredanne <pombredanne@...b.com>
Cc:     Andi Shyti <andi@...zian.org>, Andi Shyti <andi.shyti@...sung.com>,
        Kukjin Kim <kgene@...nel.org>, Mark Brown <broonie@...nel.org>,
        linux-spi@...r.kernel.org, linux-samsung-soc@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] spi: s3c64xx: add SPDX identifier

On Tue, Dec 12, 2017 at 3:48 PM, Philippe Ombredanne
<pombredanne@...b.com> wrote:
> On Tue, Dec 12, 2017 at 2:45 PM, Krzysztof Kozlowski <krzk@...nel.org> wrote:
>> On Tue, Dec 12, 2017 at 2:03 PM, Andi Shyti <andi@...zian.org> wrote:
>>> Hi Krzysztof,
>>>
>>>> > - * Copyright (C) 2009 Samsung Electronics Ltd.
>>>> > - *     Jaswinder Singh <jassi.brar@...sung.com>
>>>> > - *
>>>> > - * This program is free software; you can redistribute it and/or modify
>>>> > - * it under the terms of the GNU General Public License as published by
>>>> > - * the Free Software Foundation; either version 2 of the License, or
>>>> > - * (at your option) any later version.
>>>> > - *
>>>> > - * This program is distributed in the hope that it will be useful,
>>>> > - * but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>> > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>>> > - * GNU General Public License for more details.
>>>> > - */
>>>> > +// SPDX-License-Identifier: GPL-2.0
>>>>
>>>
>>>> Existing license corresponds to GPL-2.0+, not GPL-2.0.
>>>
>>> mmmhhh... isn't it deprecated from 2.0rc2? Current SPDX version
>>> 2.6 doesn't have GPL-2.0+ in the list of licenses.
>>>
>>> https://spdx.org/licenses/
>>>
>>> I can improve the commit log to state it more clearly. Would that
>>> work?
>>
>> No. The license identifier is deprecated, not the license itself.
>> Instead the, the SPDX says: <<This new syntax supports the ability to
>> use a simple “+” operator after a license short identifier to indicate
>> “or later version” (e.g. GPL-2.0+)>>. The spec [1] mentions it again:
>> "An SPDX License List Short Form Identifier with a unary"+" operator
>> suffix to represent the current version of the license or any later
>> version.  For example: GPL-2.0+"
>>
>> Existing kernel sources follow this convention.
>>
>>> BTW, is it really a change of license?
>>
>> Yes, it is. Or maybe not license itself but it terms and specific
>> elements. GPL-2.0 does not say "any later option at your choice". Let
>> me quote:
>> "Each version is given a distinguishing version number. If the Program
>> specifies a version number of this License which applies to it and
>> "any later version", you have the option of following the terms and
>> conditions either of that version or of any later version published by
>> the Free Software Foundation. If the Program does not specify a
>> version number of this License, you may choose any version ever
>> published by the Free Software Foundation." [2]
>>
>> What to add more here? GPL-2.0 only does not allow you to use any
>> later version ever published by FSF.
>>
>>>
>>>> Why changing the comment style?
>>>
>>> That's SPDX, right? by adding the SPDX-License-Identifier the
>>> GPLv2 statement becomes redundant and we can remove some lines.
>>
>> But it does not explain why existing comment has to be rewritten into //.
>>
>> [1] https://spdx.org/spdx-specification-21-web-version
>> [2] https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
>>
>> Best regards,
>> Krzysztof
>
> IMHO you should refer to Thomas doc patches instead of looking for
> details elsewhere [1]
> They are the authoritative doc for the kernel.

I was actually checking this with existing source code (after applying
these patches) and GPLv2.0+any_later was converted to "GPL-2.0+".
Let's look at specific example:
https://lkml.org/lkml/2017/12/4/946
"+ For 'GNU General Public License (GPL) version 2 or any later version' use:
+    SPDX-License-Identifier: GPL-2.0+"

I do not understand then whether you are agreeing or arguing with my point. :)

Best regards,
Krzysztof

>
> CC: Greg Kroah-Hartman
> CC: Thomas Gleixner
>
> [1] https://lkml.org/lkml/2017/12/4/934

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ