lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMuHMdUYTaDS+bJpchsUyc+xNPJeYoxQ3vozQUPH=gacFEcdFw@mail.gmail.com>
Date:   Fri, 31 May 2019 16:58:22 +0200
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-spdx@...r.kernel.org
Subject: Re: [GIT PULL] SPDX update for 5.2-rc3 - round 1

Hi Greg,

On Fri, May 31, 2019 at 4:02 PM Greg KH <gregkh@...uxfoundation.org> wrote:
> On Fri, May 31, 2019 at 03:51:18PM +0200, Geert Uytterhoeven wrote:
> > On Fri, May 31, 2019 at 3:24 PM Greg KH <gregkh@...uxfoundation.org> wrote:
> > > On Fri, May 31, 2019 at 09:17:06AM +0200, Geert Uytterhoeven wrote:
> > > > On Fri, May 31, 2019 at 3:49 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> > > > > The following changes since commit cd6c84d8f0cdc911df435bb075ba22ce3c605b07:
> > > > >
> > > > >   Linux 5.2-rc2 (2019-05-26 16:49:19 -0700)
> > > > >
> > > > > are available in the Git repository at:
> > > > >
> > > > >   git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git tags/spdx-5.2-rc3-1
> > > > >
> > > > > for you to fetch changes up to 96ac6d435100450f0565708d9b885ea2a7400e0a:
> > > > >
> > > > >   treewide: Add SPDX license identifier - Kbuild (2019-05-30 11:32:33 -0700)
> > > > >
> > > > > ----------------------------------------------------------------
> > > > > SPDX update for 5.2-rc3, round 1
> > > > >
> > > > > Here is another set of reviewed patches that adds SPDX tags to different
> > > > > kernel files, based on a set of rules that are being used to parse the
> > > > > comments to try to determine that the license of the file is
> > > > > "GPL-2.0-or-later" or "GPL-2.0-only".  Only the "obvious" versions of
> > > > > these matches are included here, a number of "non-obvious" variants of
> > > > > text have been found but those have been postponed for later review and
> > > > > analysis.
> > > > >
> > > > > There is also a patch in here to add the proper SPDX header to a bunch
> > > > > of Kbuild files that we have missed in the past due to new files being
> > > > > added and forgetting that Kbuild uses two different file names for
> > > > > Makefiles.  This issue was reported by the Kbuild maintainer.
> > > > >
> > > > > These patches have been out for review on the linux-spdx@...r mailing
> > > > > list, and while they were created by automatic tools, they were
> > > > > hand-verified by a bunch of different people, all whom names are on the
> > > > > patches are reviewers.
> > > > >
> > > > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > >
> > > > I'm sorry, but as long[*] as this does not conform to
> > > > Documentation/process/license-rules.rst, I have to provide my:
> > > > NAked-by: Geert Uytterhoeven <geert@...ux-m68k.org>
> > > >
> > > > [*] The obvious solution is to update Documentation/process/license-rules.rst,
> > > >     as people have asked before.
> > >
> > > I don't understand, what does not conform?  We are trying _to_ conform
> > > to that file, what did we do wrong?
> >
> > The new "-or-later" and "-only" variants are not (yet) documented in that file.
> >
> >    File format examples::
> >
> >       Valid-License-Identifier: GPL-2.0
> >       Valid-License-Identifier: GPL-2.0+
> >       SPDX-URL: https://spdx.org/licenses/GPL-2.0.html
> >       Usage-Guide:
> >         To use this license in source code, put one of the following SPDX
> >         tag/value pairs into a comment according to the placement
> >         guidelines in the licensing rules documentation.
> >         For 'GNU General Public License (GPL) version 2 only' use:
> >           SPDX-License-Identifier: GPL-2.0
> >         For 'GNU General Public License (GPL) version 2 or any later
> > version' use:
> >           SPDX-License-Identifier: GPL-2.0+
>
>
> They do not have to be documented in that file.  As what you quoted
> said, "File format examples::"

My bad, I should have quoted the syntax rule:

   License identifiers for licenses like [L]GPL with the 'or later' option
   are constructed by using a "+" for indicating the 'or later' option.::

      // SPDX-License-Identifier: GPL-2.0+
      // SPDX-License-Identifier: LGPL-2.1+

Yes, this also predates the notion of "-only", so that is not documented
there.

> Please look in the files in the LICENSES directory for what all of the
> documented identifiers should look like:
>         $ head -n 4 LICENSES/preferred/GPL-2.0
>         Valid-License-Identifier: GPL-2.0
>         Valid-License-Identifier: GPL-2.0-only
>         Valid-License-Identifier: GPL-2.0+
>         Valid-License-Identifier: GPL-2.0-or-later

Oh, so we can no longer look it up in a single place :-(
I'm used to grepping in Documentation/process/license-rules.rst,
as I don't know the exact syntax by heart.

> If you want, please send a patch to fix up the documentation example,
> but it is not incorrect :)

May do, when I find a hole in my time/space continuum...

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ