lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <122EA7BE-97AE-4011-ACC6-7477EAED914E@jilayne.com>
Date:   Thu, 30 May 2019 18:25:18 -0600
From:   J Lovejoy <opensource@...ayne.com>
To:     Alexios Zavras <alexios.zavras@...el.com>
Cc:     Alexandre Belloni <alexandre.belloni@...tlin.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-spdx@...r.kernel.org" <linux-spdx@...r.kernel.org>
Subject: Re: [GIT PULL] SPDX update for 5.2-rc1 - round 1

HI all,

Sorry I didn’t jump in here sooner. Just a bit of additional background info to what Thomas and Alexios have already provided below:

> On May 29, 2019, at 8:16 AM, Zavras, Alexios <alexios.zavras@...el.com> wrote:
> 
> 
>> -----Original Message-----
>> From: linux-spdx-owner@...r.kernel.org <linux-spdx-owner@...r.kernel.org>
>> On Behalf Of Alexandre Belloni
>> Sent: Wednesday, 29 May, 2019 15:13
>> Subject: Re: [GIT PULL] SPDX update for 5.2-rc1 - round 1
>> 
>> Hello,
>> 
>> On 21/05/2019 15:32:57+0200, Greg KH wrote:
>>>  - Add GPL-2.0-only or GPL-2.0-or-later tags to files where our scan
>> 
>> I'm very confused by those two tags because they are not mentioned in the
>> SPDX 2.1 specification or the kernel documentation and seem to just be from
>> https://spdx.org/ids-howi which doesn't seem to be versionned anywhere.
>> While I understand the rationale behind those, I believe the correct way of
>> introducing them would be first to add them in the spec and documentation
>> and then make use of them.
> 
> The "GPL-2.0-only" and "GPL-2.0-or-later" are license short identifiers.
> They do not belong to the SPDX spec, but rather on the license list.
> They were introduced in the SPDX License List v3.0 (current version is 3.5):
> https://spdx.org/licenses/ 
> 
> It seems the examples in the kernel documentation use identifiers
> from earlier versions of the license list.

As Thomas mentioned in another part of this thread, the identifiers for the GNU family of licenses was changed as of v3.0 of the SPDX License List in Dec 2017. See https://spdx.org/news/news/2018/01/license-list-30-released for a explanation and https://www.gnu.org/licenses/identify-licenses-clearly.html for the impetus of the change. (Note, the SPDX License List has its own versioning separate from the SPDX Spec.)  We don’t change the license identifiers lightly and have only done so for very specific and limited reasons, so you can be sure there was a LOT of discussion over this change. Unfortunately, the lengthy discussion happened to coincide with the beginning of the work here on using the SPDX identifiers in the kernel. In a perfect world, we would have completed that change before you all started this, but sometimes things don’t go according to best timing!

> 
> 
>> Now, what should we do with all the GPL-2.0 and GPL-2.0+ tags that we have?
> 
> These are still valid identifiers (albeit deprecated), 
> so there is no urgent need to have them replaced.

This is correct. It would be nice if any new identifiers used the current ones. If the old identifiers get updated as other patches are done to those files or something organic like that, that would be great, but no rush. We’ve got plenty to focus on with getting the identifiers in there, sorting out the “messy” files and so on!

Thanks again for all the work on this!

Jilayne
SPDX legal team co-lead

> 
> -- zvr -
> Intel Deutschland GmbH
> Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
> Tel: +49 89 99 8853-0, www.intel.de
> Managing Directors: Christin Eisenschmid, Gary Kershaw
> Chairperson of the Supervisory Board: Nicole Lau
> Registered Office: Munich
> Commercial Register: Amtsgericht Muenchen HRB 186928

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ