lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d0d292a4d9637c1a94eb40abd8a4ee2dd1f0d823.camel@perches.com>
Date:   Wed, 22 Aug 2018 12:47:57 -0700
From:   Joe Perches <joe@...ches.com>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Christoph Hellwig <hch@....de>,
        Russell King <rmk+kernel@...linux.org.uk>,
        Rob Herring <rob.herring@...aro.org>,
        Jonas Oberg <jonas@...e.org>,
        Andrew Morton <akpm@...uxfoundation.org>,
        Jonathan Corbet <corbet@....net>,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>
Subject: Re: [PATCH V2] license-rules.rst and LICENSES: Use only spdx
 version 3 with -only and -or-later

On Wed, 2018-08-22 at 21:17 +0200, Thomas Gleixner wrote:
> On Wed, 22 Aug 2018, Linus Torvalds wrote:
> > On Wed, Aug 22, 2018 at 11:01 AM Joe Perches <joe@...ches.com> wrote:
> > > 
> > > How likely is it that this is applied at rc1?
> > 
> > I'm staying out of the crazy license name bikeshedding, so it's going
> > to be up to the people who have decided they care.
> > 
> > I think whoever *did* care and argued for the change to the SPDX
> > format is a hopeless wanker. "GPL-2.0{-only,-or-later}" is in no ways
> > better than the "GPL-2.0{,+}" that was in an earlier version of the
> > SPDX spec
> > 
> > So I want nothing at all to do with pointless patches. Life is too
> > short to deal with this.
> > 
> > Other people disagree, so I expect I will get these kinds of stupid
> > noise patches through the usual channels.
> 
> I'm not a great fan of that change either. We have settled on a well
> documented and machine readable format. External tools have to be able to
> deal with SPDX versions anyway and if we do this now, then we have the next
> round of pointless churn in a year when the SPDX folks decide to rename yet
> another license identifier which is used in the kernel.

Whatever best.

If ever there's another SPDX version, the kernel might have to
add support for the style in LICENSES.

Perhaps it's better to stick to a single SPDX version style for
all kernel files.

Right now, there are already several -only and -or-later uses.

$ git grep -P 'SPDX-License-Identifier.*(?:-or-later|-only)'| wc -l
144

So perhaps a patch and a tool to do the reverse conversion:
---
 LICENSES/exceptions/Linux-syscall-note |  2 +-
 LICENSES/preferred/GPL-2.0             |  6 ------
 scripts/update_spdx_v2_licenses.sh     | 29 +++++++++++++++++++++++++++++
 3 files changed, 30 insertions(+), 7 deletions(-)
 create mode 100755 scripts/update_spdx_v2_licenses.sh

diff --git a/LICENSES/exceptions/Linux-syscall-note b/LICENSES/exceptions/Linux-syscall-note
index 9abdad71fafd..6b60b61be4e9 100644
--- a/LICENSES/exceptions/Linux-syscall-note
+++ b/LICENSES/exceptions/Linux-syscall-note
@@ -1,6 +1,6 @@
 SPDX-Exception-Identifier: Linux-syscall-note
 SPDX-URL: https://spdx.org/licenses/Linux-syscall-note.html
-SPDX-Licenses: GPL-2.0, GPL-2.0+, GPL-1.0+, LGPL-2.0, LGPL-2.0+, LGPL-2.1, LGPL-2.1+, GPL-2.0-only, GPL-2.0-or-later
+SPDX-Licenses: GPL-2.0, GPL-2.0+, GPL-1.0+, LGPL-2.0, LGPL-2.0+, LGPL-2.1, LGPL-2.1+
 Usage-Guide:
   This exception is used together with one of the above SPDX-Licenses
   to mark user space API (uapi) header files so they can be included
diff --git a/LICENSES/preferred/GPL-2.0 b/LICENSES/preferred/GPL-2.0
index ff0812fd89cc..b8db91d3a1cb 100644
--- a/LICENSES/preferred/GPL-2.0
+++ b/LICENSES/preferred/GPL-2.0
@@ -1,7 +1,5 @@
 Valid-License-Identifier: GPL-2.0
-Valid-License-Identifier: GPL-2.0-only
 Valid-License-Identifier: GPL-2.0+
-Valid-License-Identifier: GPL-2.0-or-later
 SPDX-URL: https://spdx.org/licenses/GPL-2.0.html
 Usage-Guide:
   To use this license in source code, put one of the following SPDX
@@ -9,12 +7,8 @@ Usage-Guide:
   guidelines in the licensing rules documentation.
   For 'GNU General Public License (GPL) version 2 only' use:
     SPDX-License-Identifier: GPL-2.0
-  or
-    SPDX-License-Identifier: GPL-2.0-only
   For 'GNU General Public License (GPL) version 2 or any later version' use:
     SPDX-License-Identifier: GPL-2.0+
-  or
-    SPDX-License-Identifier: GPL-2.0-or-later
 License-Text:
 
 		    GNU GENERAL PUBLIC LICENSE
diff --git a/scripts/update_spdx_v2_licenses.sh b/scripts/update_spdx_v2_licenses.sh
new file mode 100755
index 000000000000..83533f15bc5e
--- /dev/null
+++ b/scripts/update_spdx_v2_licenses.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# This script should update all files in a git tree that use the newer
+# version 3 SPDX license identifiers GPL-x.y-or-later and GPL-x.y-only to use
+# the version 2 SPDX license style used with + or nothing.
+
+# The following styles are intended to be converted
+
+# GPL-1.0-or-later	->	GPL-1.0+
+# GPL-2.0-only		->	GPL-2.0
+# GPL-2.0-or-later	->	GPL-2.0+
+# LGPL-2.0-only		->	LGPL-2.0
+# LGPL-2.0-or-later	->	LGPL-2.0+
+# LGPL-2.1-only		->	LGPL-2.1
+# LGPL-2.1-or-later	->	LGPL-2.1+
+
+# GPL variants without \+ that should use -only
+
+spdx_find='(SPDX-License-Identifier:\s[\s\(]*.*\bL?GPL-[12].[01])-only(\s|\)|$)'
+spdx_replace='\1\2'
+git grep -P --name-only "$spdx_find" -- './*' ':(exclude)LICENSES/' | \
+    xargs -r perl -p -i -e "s/$spdx_find/$spdx_replace/"
+
+# GPL variants with \+ that should use -or-later
+
+spdx_find='(SPDX-License-Identifier:\s[\s\(]*.*\bL?GPL-[12].[01])-or-later(\s|\)|$)'
+spdx_replace='\1+\2'
+git grep -P --name-only "$spdx_find" -- './*' ':(exclude)LICENSES/' | \
+    xargs -r perl -p -i -e "s/$spdx_find/$spdx_replace/"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ