| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190211072259.GA19224@nouveau>
Date: Mon, 11 Feb 2019 08:22:59 +0100
From: Domenico Andreoli <cavok@...ian.org>
To: Kristian Fiskerstrand <k_f@...too.org>
Cc: Ben Finney <bignose@...ian.org>,
Nadia Yvette Chambers <nyc@...omorphy.com>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
919356@...s.debian.org, debian-legal@...ts.debian.org,
linux-kernel@...r.kernel.org,
Martin Steigerwald <martin.steigerwald@...act.de>,
Jens Axboe <jens.axboe@...cle.com>
Subject: Re: Licensing of include/linux/hash.h
On Mon, Feb 11, 2019 at 12:08:32AM +0100, Kristian Fiskerstrand wrote:
> On 1/23/19 9:50 AM, Domenico Andreoli wrote:
> > Ben Finney <bignose@...ian.org> writes:
> >> Domenico Andreoli <cavok@...ian.org> writes:
[...]
> >>> the only knot left is now the license of hash.h
> >>>
> >>> This file is also present in the kernel [0] with an updated copyright
> >>> but still without license.
[...]
> >> To know that work (that file) is free software, we need a clear grant of
> >> some specific license, for that work.
> >>
> >> If the work is not free, it would be incorrect to have the work in Debian.
> >
> > Is it possible that for the kernel it is instead correct because it is,
> > as whole, covered by its COPYING?
> >
> >> Alternatives, for complying with the Debian Free Software Guidelines with
> >> this package, include:
> >>
> >> * Find a credible grant of license under some GPL-compatible free
> >> license to that exact file. Document that explicit grant in the Debian
> >> package. This demonstrates the work is DFSG-free.
> >>
> >> * Convince ???dwarves-dfsg??? upstream to replace that file with a different
> >> implementation (I don't know whether such an implementation exists)
> >> under a license compatible with the same version of GNU GPL. Document
> >> that explicit grant in the Debian package. This demonstrates the
> >> modified work is DFSG-free.
> >>
> >> * Replace that file in Debian only, with a different implementation as
> >> above. Document that explicit grant in the Debian package. This
> >> demonstrates the modified Debian package is DFSG-free.
> >>
> >> * Move the work to the ???non-free??? area.
> >>
> >> * Remove the work altogether.
> >>
> >> Those are in descending order of (my recommended) preference.
[...]
> It was [pointed out] by one of our license group that [hash.h] is the
> same that has a GPL-2+ in [fio] which has a signed-off-by.
>
> References:
> [pointed out]
> https://bugs.gentoo.org/677586#c1
>
> [hash.h]
> https://git.kernel.org/pub/scm/linux/kernel/git/axboe/fio.git/commit/hash.h?id=bdc7211e190482f0c17c109a0d90834a6611be1c
Yes, the Signed-off-by is from Jens Axboe (in CC) but he's not the
original author, I guess he just copied the file as Arnaldo did. The
file he committed has not any reference to the license.
> [fio]
> https://metadata.ftp-master.debian.org/changelogs/main/f/fio/fio_3.12-2_copyright
I'm afraid that this entry in wrong. I'll seek confirmation with Martin Steigerwald.
Regards,
Domenico
--
3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13
Download attachment "signature.asc" of type "application/pgp-signature" (314 bytes)
Powered by blists - more mailing lists