lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190531150551.GA4191@kroah.com>
Date:   Fri, 31 May 2019 08:05:51 -0700
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-spdx@...r.kernel.org
Subject: Re: [GIT PULL] SPDX update for 5.2-rc3 - round 1

On Fri, May 31, 2019 at 04:58:22PM +0200, Geert Uytterhoeven wrote:
> Hi Greg,
> 
> On Fri, May 31, 2019 at 4:02 PM Greg KH <gregkh@...uxfoundation.org> wrote:
> > On Fri, May 31, 2019 at 03:51:18PM +0200, Geert Uytterhoeven wrote:
> > > On Fri, May 31, 2019 at 3:24 PM Greg KH <gregkh@...uxfoundation.org> wrote:
> > > > On Fri, May 31, 2019 at 09:17:06AM +0200, Geert Uytterhoeven wrote:
> > > > > On Fri, May 31, 2019 at 3:49 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> > > > > > The following changes since commit cd6c84d8f0cdc911df435bb075ba22ce3c605b07:
> > > > > >
> > > > > >   Linux 5.2-rc2 (2019-05-26 16:49:19 -0700)
> > > > > >
> > > > > > are available in the Git repository at:
> > > > > >
> > > > > >   git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git tags/spdx-5.2-rc3-1
> > > > > >
> > > > > > for you to fetch changes up to 96ac6d435100450f0565708d9b885ea2a7400e0a:
> > > > > >
> > > > > >   treewide: Add SPDX license identifier - Kbuild (2019-05-30 11:32:33 -0700)
> > > > > >
> > > > > > ----------------------------------------------------------------
> > > > > > SPDX update for 5.2-rc3, round 1
> > > > > >
> > > > > > Here is another set of reviewed patches that adds SPDX tags to different
> > > > > > kernel files, based on a set of rules that are being used to parse the
> > > > > > comments to try to determine that the license of the file is
> > > > > > "GPL-2.0-or-later" or "GPL-2.0-only".  Only the "obvious" versions of
> > > > > > these matches are included here, a number of "non-obvious" variants of
> > > > > > text have been found but those have been postponed for later review and
> > > > > > analysis.
> > > > > >
> > > > > > There is also a patch in here to add the proper SPDX header to a bunch
> > > > > > of Kbuild files that we have missed in the past due to new files being
> > > > > > added and forgetting that Kbuild uses two different file names for
> > > > > > Makefiles.  This issue was reported by the Kbuild maintainer.
> > > > > >
> > > > > > These patches have been out for review on the linux-spdx@...r mailing
> > > > > > list, and while they were created by automatic tools, they were
> > > > > > hand-verified by a bunch of different people, all whom names are on the
> > > > > > patches are reviewers.
> > > > > >
> > > > > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > > >
> > > > > I'm sorry, but as long[*] as this does not conform to
> > > > > Documentation/process/license-rules.rst, I have to provide my:
> > > > > NAked-by: Geert Uytterhoeven <geert@...ux-m68k.org>
> > > > >
> > > > > [*] The obvious solution is to update Documentation/process/license-rules.rst,
> > > > >     as people have asked before.
> > > >
> > > > I don't understand, what does not conform?  We are trying _to_ conform
> > > > to that file, what did we do wrong?
> > >
> > > The new "-or-later" and "-only" variants are not (yet) documented in that file.
> > >
> > >    File format examples::
> > >
> > >       Valid-License-Identifier: GPL-2.0
> > >       Valid-License-Identifier: GPL-2.0+
> > >       SPDX-URL: https://spdx.org/licenses/GPL-2.0.html
> > >       Usage-Guide:
> > >         To use this license in source code, put one of the following SPDX
> > >         tag/value pairs into a comment according to the placement
> > >         guidelines in the licensing rules documentation.
> > >         For 'GNU General Public License (GPL) version 2 only' use:
> > >           SPDX-License-Identifier: GPL-2.0
> > >         For 'GNU General Public License (GPL) version 2 or any later
> > > version' use:
> > >           SPDX-License-Identifier: GPL-2.0+
> >
> >
> > They do not have to be documented in that file.  As what you quoted
> > said, "File format examples::"
> 
> My bad, I should have quoted the syntax rule:
> 
>    License identifiers for licenses like [L]GPL with the 'or later' option
>    are constructed by using a "+" for indicating the 'or later' option.::
> 
>       // SPDX-License-Identifier: GPL-2.0+
>       // SPDX-License-Identifier: LGPL-2.1+
> 
> Yes, this also predates the notion of "-only", so that is not documented
> there.
> 
> > Please look in the files in the LICENSES directory for what all of the
> > documented identifiers should look like:
> >         $ head -n 4 LICENSES/preferred/GPL-2.0
> >         Valid-License-Identifier: GPL-2.0
> >         Valid-License-Identifier: GPL-2.0-only
> >         Valid-License-Identifier: GPL-2.0+
> >         Valid-License-Identifier: GPL-2.0-or-later
> 
> Oh, so we can no longer look it up in a single place :-(
> I'm used to grepping in Documentation/process/license-rules.rst,
> as I don't know the exact syntax by heart.

scripts/spdxcheck.py knows where to look (in the LICENSES directory),
and gets run by checkpatch.pl as well, so you shouldn't have to look
anything up, you can use the tools instead.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ