lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Dec 2017 16:24:21 +0100
From:   Philippe Ombredanne <pombredanne@...b.com>
To:     Krzysztof Kozlowski <krzk@...nel.org>
Cc:     Andi Shyti <andi@...zian.org>, Andi Shyti <andi.shyti@...sung.com>,
        Kukjin Kim <kgene@...nel.org>, Mark Brown <broonie@...nel.org>,
        linux-spi@...r.kernel.org, linux-samsung-soc@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] spi: s3c64xx: add SPDX identifier

Dear Krzysztof,

On Tue, Dec 12, 2017 at 4:00 PM, Krzysztof Kozlowski <krzk@...nel.org> wrote:
> On Tue, Dec 12, 2017 at 3:48 PM, Philippe Ombredanne
> <pombredanne@...b.com> wrote:
>> On Tue, Dec 12, 2017 at 2:45 PM, Krzysztof Kozlowski <krzk@...nel.org> wrote:
>>> On Tue, Dec 12, 2017 at 2:03 PM, Andi Shyti <andi@...zian.org> wrote:
>>>> Hi Krzysztof,
>>>>
>>>>> > - * Copyright (C) 2009 Samsung Electronics Ltd.
>>>>> > - *     Jaswinder Singh <jassi.brar@...sung.com>
>>>>> > - *
>>>>> > - * This program is free software; you can redistribute it and/or modify
>>>>> > - * it under the terms of the GNU General Public License as published by
>>>>> > - * the Free Software Foundation; either version 2 of the License, or
>>>>> > - * (at your option) any later version.
>>>>> > - *
>>>>> > - * This program is distributed in the hope that it will be useful,
>>>>> > - * but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>>>> > - * GNU General Public License for more details.
>>>>> > - */
>>>>> > +// SPDX-License-Identifier: GPL-2.0
>>>>>
>>>>
>>>>> Existing license corresponds to GPL-2.0+, not GPL-2.0.
>>>>
>>>> mmmhhh... isn't it deprecated from 2.0rc2? Current SPDX version
>>>> 2.6 doesn't have GPL-2.0+ in the list of licenses.
>>>>
>>>> https://spdx.org/licenses/
>>>>
>>>> I can improve the commit log to state it more clearly. Would that
>>>> work?
>>>
>>> No. The license identifier is deprecated, not the license itself.
>>> Instead the, the SPDX says: <<This new syntax supports the ability to
>>> use a simple “+” operator after a license short identifier to indicate
>>> “or later version” (e.g. GPL-2.0+)>>. The spec [1] mentions it again:
>>> "An SPDX License List Short Form Identifier with a unary"+" operator
>>> suffix to represent the current version of the license or any later
>>> version.  For example: GPL-2.0+"
>>>
>>> Existing kernel sources follow this convention.
>>>
>>>> BTW, is it really a change of license?
>>>
>>> Yes, it is. Or maybe not license itself but it terms and specific
>>> elements. GPL-2.0 does not say "any later option at your choice". Let
>>> me quote:
>>> "Each version is given a distinguishing version number. If the Program
>>> specifies a version number of this License which applies to it and
>>> "any later version", you have the option of following the terms and
>>> conditions either of that version or of any later version published by
>>> the Free Software Foundation. If the Program does not specify a
>>> version number of this License, you may choose any version ever
>>> published by the Free Software Foundation." [2]
>>>
>>> What to add more here? GPL-2.0 only does not allow you to use any
>>> later version ever published by FSF.
>>>
>>>>
>>>>> Why changing the comment style?
>>>>
>>>> That's SPDX, right? by adding the SPDX-License-Identifier the
>>>> GPLv2 statement becomes redundant and we can remove some lines.
>>>
>>> But it does not explain why existing comment has to be rewritten into //.
>>>
>>> [1] https://spdx.org/spdx-specification-21-web-version
>>> [2] https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
>>>
>>> Best regards,
>>> Krzysztof
>>
>> IMHO you should refer to Thomas doc patches instead of looking for
>> details elsewhere [1]
>> They are the authoritative doc for the kernel.
>
> I was actually checking this with existing source code (after applying
> these patches) and GPLv2.0+any_later was converted to "GPL-2.0+".
> Let's look at specific example:
> https://lkml.org/lkml/2017/12/4/946
> "+ For 'GNU General Public License (GPL) version 2 or any later version' use:
> +    SPDX-License-Identifier: GPL-2.0+"
>
> I do not understand then whether you are agreeing or arguing with my point. :)
>
> Best regards,
> Krzysztof
>
>>
>> CC: Greg Kroah-Hartman
>> CC: Thomas Gleixner
>>
>> [1] https://lkml.org/lkml/2017/12/4/934

Here, this should be as a top line:

// SPDX-License-Identifier: GPL-2.0+


So I agree with the SPDX id but also pointing to the use of the C++ //
comment style as requested by Linus [1]

[1] https://lkml.org/lkml/2017/11/25/133
[2] https://lkml.org/lkml/2017/11/25/125
[3] https://lkml.org/lkml/2017/11/2/715
[4] https://lkml.org/lkml/2017/11/2/805

-- 
Cordially
Philippe Ombredanne

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ