lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 29 Jan 2020 14:11:17 -0800
From:   Joe Perches <joe@...ches.com>
To:     Lubomir Rintel <lkundrak@...sk>, Andy Whitcroft <apw@...onical.com>
Cc:     Rob Herring <robh@...nel.org>, devicetree@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] checkpatch: check proper licensing of Devicetree
 bindings

On Wed, 2020-01-29 at 13:33 +0100, Lubomir Rintel wrote:
> According to Devicetree maintainers (see Link: below), the Devicetree
> binding documents are preferrably licensed (GPL-2.0-only OR
> BSD-2-Clause).
> 
> Let's check that. The actual check is a bit more relaxed, to allow more
> liberal but compatible licensing (e.g. GPL-2.0-or-later OR
> BSD-2-Clause).
> 
> Link: https://lore.kernel.org/lkml/20200108142132.GA4830@bogus/
> Signed-off-by: Lubomir Rintel <lkundrak@...sk>
> ---
>  scripts/checkpatch.pl | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index e2976c3fe5ff8..ac93e98cddcee 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -3111,6 +3111,11 @@ sub process {
>  						WARN("SPDX_LICENSE_TAG",
>  						     "'$spdx_license' is not supported in LICENSES/...\n" . $herecurr);
>  					}
> +					if ($realfile =~ m@...cumentation/devicetree/bindings/@ &&
> +					    not $spdx_license =~ /GPL-2\.0.*BSD-2-Clause/) {
> +						WARN("SPDX_LICENSE_TAG",
> +						     "DT binding documents should be licensed (GPL-2.0-only OR BSD-2-Clause)\n" . $herecurr);

I think not unless the existing licenses already
there are changed first.  Only about 1/3 are
dual licensed BSD.

Do all the existing license holders agree?

$ git grep -oh "SPDX.*$" Documentation/devicetree/bindings/ | \
  sort |
uniq -c | sort -rn
    269 SPDX-License-Identifier: GPL-2.0
     81 SPDX-
License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
     69 SPDX-License-
Identifier: (GPL-2.0 OR BSD-2-Clause)
     23 SPDX-License-Identifier:
GPL-2.0-only
      9 SPDX-License-Identifier: GPL-2.0+
      5 SPDX-
License-Identifier: GPL-2.0-or-later
      3 SPDX-License-Identifier:
(GPL-2.0+ OR X11)
      3 SPDX-License-Identifier: (GPL-2.0 OR MIT)
      
3 SPDX-License-Identifier: (GPL-2.0)
      2 SPDX-License-Identifier:
GPL-2.0-or-later OR BSD-2-Clause
      2 SPDX-License-Identifier: (GPL-
2.0-or-later OR BSD-2-Clause)
      2 SPDX-License-Identifier: GPL-2.0 OR
BSD-2-Clause
      1 SPDX-License-Identifier: (GPL-2.0+ OR BSD-2-Clause)
 
     1 SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause

There would be way too many false positives given
the current licensing types in existing files.

Also, the link seems to show just a desire for an
OR BSD for this file not a desire for a treewide
change.

But:

Documentation/devicetree/bindings/submitting-patches.txt does show:

 3) DT binding files should be dual licensed. The preferred license tag is
     (GPL-2.0-only OR BSD-2-Clause).

So perhaps use code like:

				my $msg_level = \&WARN;
				$msg_level = \&CHK if ($file);
				if (&{$msg_level}("SPDX_LICENSE_TAG",
						  "The preferred bindings license is '(GPL-2.0-only OR BSD-2-Clause)'\n" . $herecurr)

so that when checkpatch is run over existing files,
this message is not emitted unless using --strict.

Maybe something like:
---
 scripts/checkpatch.pl | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index f3b8434..1734c9b 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -3124,6 +3124,17 @@ sub process {
 					if (!is_SPDX_License_valid($spdx_license)) {
 						WARN("SPDX_LICENSE_TAG",
 						     "'$spdx_license' is not supported in LICENSES/...\n" . $herecurr);
+					    }
+					if ($realfile =~ m@...cumentation/devicetree/bindings/@ &&
+					    $spdx_license !~ /\(GPL-2\.0-only OR BSD-2-Clause\)/) {
+						my $msg_level = \&WARN;
+						$msg_level = \&CHK if ($file);
+						if (&{$msg_level}("SPDX_LICENSE_TAG",
+
+								  "DT binding documents should be licensed (GPL-2.0-only OR BSD-2-Clause)\n" . $herecurr) &&
+						    $fix) {
+							$fixed[$fixlinenr] =~ s/SPDX-License-Identifier: .*/SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)/;
+						}
 					}
 				}
 			}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ