lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 2 Feb 2018 14:57:59 -0600
From:   Rob Herring <robh@...nel.org>
To:     Joe Perches <joe@...ches.com>
Cc:     Igor Stoppa <igor.stoppa@...wei.com>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Andy Whitcroft <apw@...onical.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Philippe Ombredanne <pombredanne@...b.com>,
        Jonathan Corbet <corbet@....net>
Subject: Re: [PATCH v6] checkpatch.pl: Add SPDX license tag check

On Fri, Feb 2, 2018 at 1:06 PM, Joe Perches <joe@...ches.com> wrote:
> On Fri, 2018-02-02 at 12:27 -0600, Rob Herring wrote:
>> On Fri, Feb 2, 2018 at 9:49 AM, Igor Stoppa <igor.stoppa@...wei.com> wrote:
>> > On 02/02/18 17:40, Rob Herring wrote:
>> > > Add SPDX license tag check based on the rules defined in
>> >
>> > Shouldn't it also check that the license is compatible?
>> >
>>
>> Perhaps we shouldn't try to script legal advice.
>
> True.
>
> I believe what was meant was that the
> entry was a valid SPDX License entry
> that already exists as a specific file
> in the LICENSES/ path.
>
> So that entry must be some combination of:
>
> $ git ls-files LICENSES/ | cut -f3- -d'/' | sort
> BSD-2-Clause
> BSD-3-Clause
> BSD-3-Clause-Clear
> GPL-1.0
> GPL-2.0
> LGPL-2.0
> LGPL-2.1
> Linux-syscall-note
> MIT
> MPL-1.1
>
> From my perspective, it'd be better if the
> various + uses had their own individual
> license files in the LICENSES/ path.
>
> Right now, there are many missing licenses
> that are already used by various existing
> SPDX-License-Identifier: entries.
>
>
> APACHE-2.0

Given that Apache 2.0 is not compatible with GPL 2, that would pretty
much mean anything with Apache license is dual licensed and it would
be the other license that applies. Do we really want/need license
texts for all the other possible licenses that don't apply to kernel
files? If so, this should all just be scripted to sync LICENSES/ with
found SPDX tags in the kernel.

> BSD
> CDDL
> CDDL-1.0
> ISC
> GPL-1.0+
> GPL-2.0+
> LGPL-2.1+
> OpenSSL

ISC and OpenSSL are only in license-rules.rst as examples. We should
just fix those examples to something else.

Rob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ