| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Feb 2019 21:34:49 +0100
From: Martin Steigerwald <martin@...htvoll.de>
To: debian-legal@...ts.debian.org
Cc: Jens Axboe <axboe@...nel.dk>, Ben Finney <bignose@...ian.org>,
Martin Steigerwald <Martin.Steigerwald@...act.de>,
Domenico Andreoli <cavok@...ian.org>, 919356@...s.debian.org,
Kristian Fiskerstrand <k_f@...too.org>,
Nadia Yvette Chambers <nyc@...omorphy.com>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Jens Axboe <jens.axboe@...cle.com>
Subject: Re: Bug#919356: Licensing of include/linux/hash.h
Jens Axboe - 12.02.19, 17:16:
> On 2/11/19 11:27 PM, Ben Finney wrote:
> > Martin Steigerwald <Martin.Steigerwald@...act.de> writes:
> >> Well the file has in its header:
> >>
> >> /* Fast hashing routine for a long.
> >>
> >> (C) 2002 William Lee Irwin III, IBM */
> >>
> >> /*
> >>
> >> * Knuth recommends primes in approximately golden ratio to the
> >> maximum * integer representable by a machine word for
> >> multiplicative hashing. * Chuck Lever verified the effectiveness
> >> of this technique:
> >> * http://www.citi.umich.edu/techreports/reports/citi-tr-00-1.pdf
> >> *
> >> * These primes are chosen to be bit-sparse, that is operations on
> >> * them can use shifts and additions instead of multiplications for
> >> * machines where multiplications are slow.
> >> */
> >>
> >> It has been quite a while ago. I bet back then I did not regard
> >> this
> >> as license information since it does not specify a license. Thus I
> >> assumed it to be GPL-2 as the other files which have no license
> >> boiler plate. I.e.: Check file is it has different license, if
> >> not, then assume it has license as specified in COPYING.
> >>
> >> Not specifying a license can however also mean in this context that
> >> it has no license as the file contains copyright information from
> >> another author.
> >
> > If a work (even one file) “has no license”, that means no special
> > permissions are granted and normal copyright applies: All rights
> > reserved, i.e. not redistributable. So, no license is grounds to
> > consider a work non-free and non-redistributable.
> >
> > If, on the other hand, the file is to be free software, there would
> > need to be a clear grant of some free software license to that
> > work.
> >
> > Given the confusion over this file, I would consider it a
> > significant
> > risk to just assume we have GPLv2 permissions without being told
> > that
> > explicitly by the copyright holder. Rather, the reason we are
> > seeking a clearly-granted free license for this one file, is
> > because we are trying to replace a probably non-free file with the
> > same code in it.
> >
> > It seems we need to keep looking, and in the meantime assume we have
> > no free license in this file.
>
> FWIW, fio.c includes the following mention:
>
> * The license below covers all files distributed with fio unless
> otherwise * noted in the file itself.
>
> followed by the GPL v2 license. I'll go through and add SPDX headers
> to everything to avoid wasting anymore time on this nonsense.
Thank you, Jens, for settling this. I did not remember that one. It may
very well be that I have seen this note as I initially packaged fio as my
first package for Debian about 10 years ago.
I forwarded your mail and the one from Domenico with the SPDX patch to
Debian bug
#922112 fio: hash.h is not DFSG compliant
https://bugs.debian.org/922112
which I closed before as you told already that hash.c is GPL-2.
Thanks,
--
Martin
Powered by blists - more mailing lists