lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190905092703.GA30899@kroah.com>
Date:   Thu, 5 Sep 2019 11:27:03 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Mauro Carvalho Chehab <mchehab+samsung@...nel.org>
Cc:     Linux Media Mailing List <linux-media@...r.kernel.org>,
        Mauro Carvalho Chehab <mchehab@...radead.org>,
        Joe Perches <joe@...ches.com>, linux-kernel@...r.kernel.org,
        Jonathan Corbet <corbet@....net>, Jessica Yu <jeyu@...nel.org>,
        Federico Vaga <federico.vaga@...a.pv.it>,
        Thomas Gleixner <tglx@...utronix.de>, linux-doc@...r.kernel.org
Subject: Re: [PATCH] docs: license-rules.txt: cover SPDX headers on Python
 scripts

On Thu, Sep 05, 2019 at 06:23:13AM -0300, Mauro Carvalho Chehab wrote:
> The author of the license-rules.rst file wanted to be very restrict
> with regards to the location of the SPDX header. It says that
> the SPDX header "shall be added at the first  possible line in
> a file which can contain a comment". Not happy with this already
> restrictive requiement, it goes further:
> 
> "For the majority  of files this is the first line, except for
> scripts", opening an exception to have the SPDX header at the
> second line, if the first line starts with "#!".
> 
> Well, it turns that this is too restrictive for Python scripts,
> and may cause regressions if this would be enforced.
> 
> As mentioned on:
> 	https://stackoverflow.com/questions/728891/correct-way-to-define-python-source-code-encoding
> 
> Python's PEP-263 [1] dictates that an script that needs to default to
> UTF-8 encoding has to follow this rule:
> 
> 	'Python will default to ASCII as standard encoding if no other
> 	 encoding hints are given.
> 
> 	 To define a source code encoding, a magic comment must be placed
> 	 into the source files either as first or second line in the file'
> 
> And:
> 	'More precisely, the first or second line must match the following
> 	 regular expression:
> 
> 	 ^[ \t\f]*#.*?coding[:=][ \t]*([-_.a-zA-Z0-9]+)'
> 
> [1] https://www.python.org/dev/peps/pep-0263/
> 
> If a script has both "#!" and the charset encoding line, we can't place
> a SPDX tag without either violating license-rules.rst or breaking the
> script by making it crash with non-ASCII characters.
> 
> So, add a sort notice saying that, for Python scripts, the SPDX
> header may be up to the third line, in order to cover the case
> where both "#!" and "# .*coding.*UTF-8" lines are found.
> 
> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@...nel.org>
> ---
>  Documentation/process/license-rules.rst | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/process/license-rules.rst b/Documentation/process/license-rules.rst
> index 2ef44ada3f11..5d23e3498b1c 100644
> --- a/Documentation/process/license-rules.rst
> +++ b/Documentation/process/license-rules.rst
> @@ -64,9 +64,12 @@ License identifier syntax
>     possible line in a file which can contain a comment.  For the majority
>     of files this is the first line, except for scripts which require the
>     '#!PATH_TO_INTERPRETER' in the first line.  For those scripts the SPDX
> -   identifier goes into the second line.
> +   identifier goes into the second line\ [1]_.
>  
> -|
> +.. [1] Please notice that Python scripts may also need an encoding rule
> +   as defined on PEP-263, which should be defined either at the first
> +   or the second line. So, for such scripts, the SPDX identifier may
> +   go up to the third line.
>  
>  2. Style:
>  

If you are going to do this, can you also fix up scripts/spdxcheck.py to
properly catch this, as well as fixing up the location of the spdx tag
line in the file itself?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ