| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Aug 2018 12:47:57 -0700
From: Joe Perches <joe@...ches.com>
To: Thomas Gleixner <tglx@...utronix.de>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Kate Stewart <kstewart@...uxfoundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Christoph Hellwig <hch@....de>,
Russell King <rmk+kernel@...linux.org.uk>,
Rob Herring <rob.herring@...aro.org>,
Jonas Oberg <jonas@...e.org>,
Andrew Morton <akpm@...uxfoundation.org>,
Jonathan Corbet <corbet@....net>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>
Subject: Re: [PATCH V2] license-rules.rst and LICENSES: Use only spdx
version 3 with -only and -or-later
On Wed, 2018-08-22 at 21:17 +0200, Thomas Gleixner wrote:
> On Wed, 22 Aug 2018, Linus Torvalds wrote:
> > On Wed, Aug 22, 2018 at 11:01 AM Joe Perches <joe@...ches.com> wrote:
> > >
> > > How likely is it that this is applied at rc1?
> >
> > I'm staying out of the crazy license name bikeshedding, so it's going
> > to be up to the people who have decided they care.
> >
> > I think whoever *did* care and argued for the change to the SPDX
> > format is a hopeless wanker. "GPL-2.0{-only,-or-later}" is in no ways
> > better than the "GPL-2.0{,+}" that was in an earlier version of the
> > SPDX spec
> >
> > So I want nothing at all to do with pointless patches. Life is too
> > short to deal with this.
> >
> > Other people disagree, so I expect I will get these kinds of stupid
> > noise patches through the usual channels.
>
> I'm not a great fan of that change either. We have settled on a well
> documented and machine readable format. External tools have to be able to
> deal with SPDX versions anyway and if we do this now, then we have the next
> round of pointless churn in a year when the SPDX folks decide to rename yet
> another license identifier which is used in the kernel.
Whatever best.
If ever there's another SPDX version, the kernel might have to
add support for the style in LICENSES.
Perhaps it's better to stick to a single SPDX version style for
all kernel files.
Right now, there are already several -only and -or-later uses.
$ git grep -P 'SPDX-License-Identifier.*(?:-or-later|-only)'| wc -l
144
So perhaps a patch and a tool to do the reverse conversion:
---
LICENSES/exceptions/Linux-syscall-note | 2 +-
LICENSES/preferred/GPL-2.0 | 6 ------
scripts/update_spdx_v2_licenses.sh | 29 +++++++++++++++++++++++++++++
3 files changed, 30 insertions(+), 7 deletions(-)
create mode 100755 scripts/update_spdx_v2_licenses.sh
diff --git a/LICENSES/exceptions/Linux-syscall-note b/LICENSES/exceptions/Linux-syscall-note
index 9abdad71fafd..6b60b61be4e9 100644
--- a/LICENSES/exceptions/Linux-syscall-note
+++ b/LICENSES/exceptions/Linux-syscall-note
@@ -1,6 +1,6 @@
SPDX-Exception-Identifier: Linux-syscall-note
SPDX-URL: https://spdx.org/licenses/Linux-syscall-note.html
-SPDX-Licenses: GPL-2.0, GPL-2.0+, GPL-1.0+, LGPL-2.0, LGPL-2.0+, LGPL-2.1, LGPL-2.1+, GPL-2.0-only, GPL-2.0-or-later
+SPDX-Licenses: GPL-2.0, GPL-2.0+, GPL-1.0+, LGPL-2.0, LGPL-2.0+, LGPL-2.1, LGPL-2.1+
Usage-Guide:
This exception is used together with one of the above SPDX-Licenses
to mark user space API (uapi) header files so they can be included
diff --git a/LICENSES/preferred/GPL-2.0 b/LICENSES/preferred/GPL-2.0
index ff0812fd89cc..b8db91d3a1cb 100644
--- a/LICENSES/preferred/GPL-2.0
+++ b/LICENSES/preferred/GPL-2.0
@@ -1,7 +1,5 @@
Valid-License-Identifier: GPL-2.0
-Valid-License-Identifier: GPL-2.0-only
Valid-License-Identifier: GPL-2.0+
-Valid-License-Identifier: GPL-2.0-or-later
SPDX-URL: https://spdx.org/licenses/GPL-2.0.html
Usage-Guide:
To use this license in source code, put one of the following SPDX
@@ -9,12 +7,8 @@ Usage-Guide:
guidelines in the licensing rules documentation.
For 'GNU General Public License (GPL) version 2 only' use:
SPDX-License-Identifier: GPL-2.0
- or
- SPDX-License-Identifier: GPL-2.0-only
For 'GNU General Public License (GPL) version 2 or any later version' use:
SPDX-License-Identifier: GPL-2.0+
- or
- SPDX-License-Identifier: GPL-2.0-or-later
License-Text:
GNU GENERAL PUBLIC LICENSE
diff --git a/scripts/update_spdx_v2_licenses.sh b/scripts/update_spdx_v2_licenses.sh
new file mode 100755
index 000000000000..83533f15bc5e
--- /dev/null
+++ b/scripts/update_spdx_v2_licenses.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# This script should update all files in a git tree that use the newer
+# version 3 SPDX license identifiers GPL-x.y-or-later and GPL-x.y-only to use
+# the version 2 SPDX license style used with + or nothing.
+
+# The following styles are intended to be converted
+
+# GPL-1.0-or-later -> GPL-1.0+
+# GPL-2.0-only -> GPL-2.0
+# GPL-2.0-or-later -> GPL-2.0+
+# LGPL-2.0-only -> LGPL-2.0
+# LGPL-2.0-or-later -> LGPL-2.0+
+# LGPL-2.1-only -> LGPL-2.1
+# LGPL-2.1-or-later -> LGPL-2.1+
+
+# GPL variants without \+ that should use -only
+
+spdx_find='(SPDX-License-Identifier:\s[\s\(]*.*\bL?GPL-[12].[01])-only(\s|\)|$)'
+spdx_replace='\1\2'
+git grep -P --name-only "$spdx_find" -- './*' ':(exclude)LICENSES/' | \
+ xargs -r perl -p -i -e "s/$spdx_find/$spdx_replace/"
+
+# GPL variants with \+ that should use -or-later
+
+spdx_find='(SPDX-License-Identifier:\s[\s\(]*.*\bL?GPL-[12].[01])-or-later(\s|\)|$)'
+spdx_replace='\1+\2'
+git grep -P --name-only "$spdx_find" -- './*' ':(exclude)LICENSES/' | \
+ xargs -r perl -p -i -e "s/$spdx_find/$spdx_replace/"
Powered by blists - more mailing lists