| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.21.1905290645490.2940@nanos.tec.linutronix.de>
Date: Wed, 29 May 2019 06:51:12 -0700 (PDT)
From: Thomas Gleixner <tglx@...utronix.de>
To: Alexandre Belloni <alexandre.belloni@...tlin.com>
cc: Greg KH <gregkh@...uxfoundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org, linux-spdx@...r.kernel.org
Subject: Re: [GIT PULL] SPDX update for 5.2-rc1 - round 1
Alexandre,
On Wed, 29 May 2019, Alexandre Belloni wrote:
> Hello,
>
> On 21/05/2019 15:32:57+0200, Greg KH wrote:
> > - Add GPL-2.0-only or GPL-2.0-or-later tags to files where our scan
>
> I'm very confused by those two tags because they are not mentioned in
> the SPDX 2.1 specification or the kernel documentation and seem to just
> be from https://spdx.org/ids-howi which doesn't seem to be versionned
> anywhere.
https://spdx.org/licenses/
is versioned. It's at version 3.5 and the -only/-or-later tags have been
introduced in version 3.0. See
https://spdx.org/licenses/GPL-2.0
> While I understand the rationale behind those, I believe the correct way
> of introducing them would be first to add them in the spec and
> documentation and then make use of them.
Well, the problem was that people started to use them and argued that they
are the new standard, which is true. So we decided to allow both. See:
9376ff9ba298 ("LICENSES/GPL2.0: Add GPL-2.0-only/or-later as valid identifiers")
> Now, what should we do with all the GPL-2.0 and GPL-2.0+ tags that we
> have?
Nothing. Leave them alone. Both are valid and tools have to deal with them
anyway.
Thanks,
tglx
Powered by blists - more mailing lists