lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 31 May 2019 07:02:09 -0700
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-spdx@...r.kernel.org
Subject: Re: [GIT PULL] SPDX update for 5.2-rc3 - round 1

On Fri, May 31, 2019 at 03:51:18PM +0200, Geert Uytterhoeven wrote:
> Hi Greg,
> 
> On Fri, May 31, 2019 at 3:24 PM Greg KH <gregkh@...uxfoundation.org> wrote:
> > On Fri, May 31, 2019 at 09:17:06AM +0200, Geert Uytterhoeven wrote:
> > > On Fri, May 31, 2019 at 3:49 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> > > > The following changes since commit cd6c84d8f0cdc911df435bb075ba22ce3c605b07:
> > > >
> > > >   Linux 5.2-rc2 (2019-05-26 16:49:19 -0700)
> > > >
> > > > are available in the Git repository at:
> > > >
> > > >   git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git tags/spdx-5.2-rc3-1
> > > >
> > > > for you to fetch changes up to 96ac6d435100450f0565708d9b885ea2a7400e0a:
> > > >
> > > >   treewide: Add SPDX license identifier - Kbuild (2019-05-30 11:32:33 -0700)
> > > >
> > > > ----------------------------------------------------------------
> > > > SPDX update for 5.2-rc3, round 1
> > > >
> > > > Here is another set of reviewed patches that adds SPDX tags to different
> > > > kernel files, based on a set of rules that are being used to parse the
> > > > comments to try to determine that the license of the file is
> > > > "GPL-2.0-or-later" or "GPL-2.0-only".  Only the "obvious" versions of
> > > > these matches are included here, a number of "non-obvious" variants of
> > > > text have been found but those have been postponed for later review and
> > > > analysis.
> > > >
> > > > There is also a patch in here to add the proper SPDX header to a bunch
> > > > of Kbuild files that we have missed in the past due to new files being
> > > > added and forgetting that Kbuild uses two different file names for
> > > > Makefiles.  This issue was reported by the Kbuild maintainer.
> > > >
> > > > These patches have been out for review on the linux-spdx@...r mailing
> > > > list, and while they were created by automatic tools, they were
> > > > hand-verified by a bunch of different people, all whom names are on the
> > > > patches are reviewers.
> > > >
> > > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > >
> > > I'm sorry, but as long[*] as this does not conform to
> > > Documentation/process/license-rules.rst, I have to provide my:
> > > NAked-by: Geert Uytterhoeven <geert@...ux-m68k.org>
> > >
> > > [*] The obvious solution is to update Documentation/process/license-rules.rst,
> > >     as people have asked before.
> >
> > I don't understand, what does not conform?  We are trying _to_ conform
> > to that file, what did we do wrong?
> 
> The new "-or-later" and "-only" variants are not (yet) documented in that file.
> 
>    File format examples::
> 
>       Valid-License-Identifier: GPL-2.0
>       Valid-License-Identifier: GPL-2.0+
>       SPDX-URL: https://spdx.org/licenses/GPL-2.0.html
>       Usage-Guide:
>         To use this license in source code, put one of the following SPDX
>         tag/value pairs into a comment according to the placement
>         guidelines in the licensing rules documentation.
>         For 'GNU General Public License (GPL) version 2 only' use:
>           SPDX-License-Identifier: GPL-2.0
>         For 'GNU General Public License (GPL) version 2 or any later
> version' use:
>           SPDX-License-Identifier: GPL-2.0+


They do not have to be documented in that file.  As what you quoted
said, "File format examples::"

Please look in the files in the LICENSES directory for what all of the
documented identifiers should look like:
	$ head -n 4 LICENSES/preferred/GPL-2.0
	Valid-License-Identifier: GPL-2.0
	Valid-License-Identifier: GPL-2.0-only
	Valid-License-Identifier: GPL-2.0+
	Valid-License-Identifier: GPL-2.0-or-later

If you want, please send a patch to fix up the documentation example,
but it is not incorrect :)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ