| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Mar 2021 17:15:37 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Vitaly Chikunov <vt@...linux.org>,
Jarkko Sakkinen <jarkko@...nel.org>
Cc: Stefan Berger <stefanb@...ux.vnet.ibm.com>,
keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
davem@...emloft.net, herbert@...dor.apana.org.au,
dhowells@...hat.com, zohar@...ux.ibm.com,
linux-kernel@...r.kernel.org, patrick@...terwijk.org,
linux-integrity@...r.kernel.org
Subject: Re: [PATCH v10 1/9] crypto: Add support for ECDSA signature
verification
On 3/5/21 2:46 PM, Vitaly Chikunov wrote:
> Jarkko,
>
> On Fri, Mar 05, 2021 at 07:05:39PM +0200, Jarkko Sakkinen wrote:
>>> +// SPDX-License-Identifier: GPL-2.0+
>>> +/*
>>> + * Copyright (c) 2021 IBM Corporation
>>> + *
>>> + * Redistribution and use in source and binary forms, with or without
>>> + * modification, are permitted provided that the following conditions are
>>> + * met:
>>> + * * Redistributions of source code must retain the above copyright
>>> + * notice, this list of conditions and the following disclaimer.
>>> + * * Redistributions in binary form must reproduce the above copyright
>>> + * notice, this list of conditions and the following disclaimer in the
>>> + * documentation and/or other materials provided with the distribution.
>>> + *
>>> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
>>> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>>> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
>>> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
>>> + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>>> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>>> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
>>> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
>>> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>>> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>>> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>>> + */
>> This license platter is redundant, given SPDX.
> I think SPDX identifier supplements license plate and is machine readable
> identifier, but it does not replace or making adding of license plate
> redundant.
>
> - Quoting https://spdx.dev/ids/
>
> "When a license defines a recommended notice to attach to files under
> that license (sometimes called a “standard header”), the SPDX project
> recommends that the standard header be included in the files, in
> addition to an SPDX ID.
>
> Additionally, when a file already contains a standard header or other
> license notice, the SPDX project recommends that those existing
> notices should not be removed. The SPDX ID is recommended to be used
> to supplement, not replace, existing notices in files."
>
> - GPL license text have section on "How to Apply These Terms to Your New
> Programs" which says to add license boilerplate text and it does not
> say SPDX identifier is enough.
>
> - Also, page https://www.kernel.org/doc/html/latest/process/license-rules.html
> does not forbid adding license plate text. (Even though it misguidedly
> says "alternative to boilerplate text" is the use of SPDX.)
>
> - License text is a readable text and not just identifier.
> I think SPDX tag could be not legally binding in all jurisdictions.
>
> By there reasons I believe you cannot request removing license platter
> from the source and this should be author's decision.
>
> Thanks,
>
Thanks for looking into this. I am fine with the SPDX identifier.
Regards,
Stefan
Powered by blists - more mailing lists