lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Dec 2017 16:35:53 +0100
From:   Krzysztof Kozlowski <krzk@...nel.org>
To:     Philippe Ombredanne <pombredanne@...b.com>
Cc:     Andi Shyti <andi@...zian.org>, Andi Shyti <andi.shyti@...sung.com>,
        Kukjin Kim <kgene@...nel.org>, Mark Brown <broonie@...nel.org>,
        linux-spi@...r.kernel.org, linux-samsung-soc@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] spi: s3c64xx: add SPDX identifier

On Tue, Dec 12, 2017 at 4:24 PM, Philippe Ombredanne
<pombredanne@...b.com> wrote:
> Dear Krzysztof,
>
> On Tue, Dec 12, 2017 at 4:00 PM, Krzysztof Kozlowski <krzk@...nel.org> wrote:
>> On Tue, Dec 12, 2017 at 3:48 PM, Philippe Ombredanne
>> <pombredanne@...b.com> wrote:
>>> On Tue, Dec 12, 2017 at 2:45 PM, Krzysztof Kozlowski <krzk@...nel.org> wrote:
>>>> On Tue, Dec 12, 2017 at 2:03 PM, Andi Shyti <andi@...zian.org> wrote:
>>>>> Hi Krzysztof,
>>>>>
>>>>>> > - * Copyright (C) 2009 Samsung Electronics Ltd.
>>>>>> > - *     Jaswinder Singh <jassi.brar@...sung.com>
>>>>>> > - *
>>>>>> > - * This program is free software; you can redistribute it and/or modify
>>>>>> > - * it under the terms of the GNU General Public License as published by
>>>>>> > - * the Free Software Foundation; either version 2 of the License, or
>>>>>> > - * (at your option) any later version.
>>>>>> > - *
>>>>>> > - * This program is distributed in the hope that it will be useful,
>>>>>> > - * but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>>> > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>>>>> > - * GNU General Public License for more details.
>>>>>> > - */
>>>>>> > +// SPDX-License-Identifier: GPL-2.0
>>>>>>
>>>>>
>>>>>> Existing license corresponds to GPL-2.0+, not GPL-2.0.
>>>>>
>>>>> mmmhhh... isn't it deprecated from 2.0rc2? Current SPDX version
>>>>> 2.6 doesn't have GPL-2.0+ in the list of licenses.
>>>>>
>>>>> https://spdx.org/licenses/
>>>>>
>>>>> I can improve the commit log to state it more clearly. Would that
>>>>> work?
>>>>
>>>> No. The license identifier is deprecated, not the license itself.
>>>> Instead the, the SPDX says: <<This new syntax supports the ability to
>>>> use a simple “+” operator after a license short identifier to indicate
>>>> “or later version” (e.g. GPL-2.0+)>>. The spec [1] mentions it again:
>>>> "An SPDX License List Short Form Identifier with a unary"+" operator
>>>> suffix to represent the current version of the license or any later
>>>> version.  For example: GPL-2.0+"
>>>>
>>>> Existing kernel sources follow this convention.
>>>>
>>>>> BTW, is it really a change of license?
>>>>
>>>> Yes, it is. Or maybe not license itself but it terms and specific
>>>> elements. GPL-2.0 does not say "any later option at your choice". Let
>>>> me quote:
>>>> "Each version is given a distinguishing version number. If the Program
>>>> specifies a version number of this License which applies to it and
>>>> "any later version", you have the option of following the terms and
>>>> conditions either of that version or of any later version published by
>>>> the Free Software Foundation. If the Program does not specify a
>>>> version number of this License, you may choose any version ever
>>>> published by the Free Software Foundation." [2]
>>>>
>>>> What to add more here? GPL-2.0 only does not allow you to use any
>>>> later version ever published by FSF.
>>>>
>>>>>
>>>>>> Why changing the comment style?
>>>>>
>>>>> That's SPDX, right? by adding the SPDX-License-Identifier the
>>>>> GPLv2 statement becomes redundant and we can remove some lines.
>>>>
>>>> But it does not explain why existing comment has to be rewritten into //.
>>>>
>>>> [1] https://spdx.org/spdx-specification-21-web-version
>>>> [2] https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
>>>>
>>>> Best regards,
>>>> Krzysztof
>>>
>>> IMHO you should refer to Thomas doc patches instead of looking for
>>> details elsewhere [1]
>>> They are the authoritative doc for the kernel.
>>
>> I was actually checking this with existing source code (after applying
>> these patches) and GPLv2.0+any_later was converted to "GPL-2.0+".
>> Let's look at specific example:
>> https://lkml.org/lkml/2017/12/4/946
>> "+ For 'GNU General Public License (GPL) version 2 or any later version' use:
>> +    SPDX-License-Identifier: GPL-2.0+"
>>
>> I do not understand then whether you are agreeing or arguing with my point. :)
>>
>> Best regards,
>> Krzysztof
>>
>>>
>>> CC: Greg Kroah-Hartman
>>> CC: Thomas Gleixner
>>>
>>> [1] https://lkml.org/lkml/2017/12/4/934
>
> Here, this should be as a top line:
>
> // SPDX-License-Identifier: GPL-2.0+
>
>
> So I agree with the SPDX id but also pointing to the use of the C++ //
> comment style as requested by Linus [1]

Thanks for the reference. I see that Linus prefers converting entire
comment into // style. I was not arguing about SPDX line but entire
existing copyright comment which follows it:

> +//
> +// Copyright (c) 2009 Samsung Electronics Co., Ltd.
> +//      Jaswinder Singh <jassi.brar@...sung.com>

Best regards,
Krzysztof

>
> [1] https://lkml.org/lkml/2017/11/25/133
> [2] https://lkml.org/lkml/2017/11/25/125
> [3] https://lkml.org/lkml/2017/11/2/715
> [4] https://lkml.org/lkml/2017/11/2/805
>
> --
> Cordially
> Philippe Ombredanne

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ