lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1812608.77Onv0mZ32@merkaba>
Date:   Tue, 12 Feb 2019 21:36:13 +0100
From:   Martin Steigerwald <martin@...htvoll.de>
To:     Ben Finney <bignose@...ian.org>,
        Martin Steigerwald <Martin.Steigerwald@...act.de>
Cc:     Domenico Andreoli <cavok@...ian.org>, 919356@...s.debian.org,
        Kristian Fiskerstrand <k_f@...too.org>,
        Nadia Yvette Chambers <nyc@...omorphy.com>,
        Arnaldo Carvalho de Melo <acme@...hat.com>,
        "debian-legal@...ts.debian.org" <debian-legal@...ts.debian.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Jens Axboe <jens.axboe@...cle.com>
Subject: Re: Bug#919356: Licensing of include/linux/hash.h

On 2/11/19 11:27 PM, Ben Finney wrote:
> Martin Steigerwald <Martin.Steigerwald@...act.de> writes:
> 
>> Well the file has in its header:
>>
>> /* Fast hashing routine for a long.
>>    (C) 2002 William Lee Irwin III, IBM */
>>
>> /*
>>  * Knuth recommends primes in approximately golden ratio to the 
maximum
>>  * integer representable by a machine word for multiplicative 
hashing.
>>  * Chuck Lever verified the effectiveness of this technique:
>>  * http://www.citi.umich.edu/techreports/reports/citi-tr-00-1.pdf
>>  *
>>  * These primes are chosen to be bit-sparse, that is operations on
>>  * them can use shifts and additions instead of multiplications for
>>  * machines where multiplications are slow.
>>  */
>>
>> It has been quite a while ago. I bet back then I did not regard this
>> as license information since it does not specify a license. Thus I
>> assumed it to be GPL-2 as the other files which have no license boiler
>> plate. I.e.: Check file is it has different license, if not, then
>> assume it has license as specified in COPYING.
>>
>> Not specifying a license can however also mean in this context that 
it
>> has no license as the file contains copyright information from another
>> author.
> 
> If a work (even one file) “has no license”, that means no special
> permissions are granted and normal copyright applies: All rights
> reserved, i.e. not redistributable. So, no license is grounds to
> consider a work non-free and non-redistributable.
> 
> If, on the other hand, the file is to be free software, there would 
need
> to be a clear grant of some free software license to that work.
> 
> Given the confusion over this file, I would consider it a significant
> risk to just assume we have GPLv2 permissions without being told that
> explicitly by the copyright holder. Rather, the reason we are seeking 
a
> clearly-granted free license for this one file, is because we are 
trying
> to replace a probably non-free file with the same code in it.
> 
> It seems we need to keep looking, and in the meantime assume we have 
no
> free license in this file.

FWIW, fio.c includes the following mention:

 * The license below covers all files distributed with fio unless 
otherwise
 * noted in the file itself.

followed by the GPL v2 license. I'll go through and add SPDX headers to
everything to avoid wasting anymore time on this nonsense.
 
-- 
Jens Axboe




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ