lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211216122311.0c9d154e@coco.lan>
Date:   Thu, 16 Dec 2021 12:23:11 +0100
From:   Mauro Carvalho Chehab <mchehab@...nel.org>
To:     Lukas Bulwahn <lukas.bulwahn@...il.com>
Cc:     Cai Huoqing <caihuoqing@...du.com>, linux-media@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-spdx@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] media: prefer generic SPDX-License expression to
 deprecated one

Em Thu, 16 Dec 2021 11:31:32 +0100
Lukas Bulwahn <lukas.bulwahn@...il.com> escreveu:

> Commit 8d395ce6f04b ("media: dvb-core: Convert to SPDX identifier") and
> commit e67219b0496b ("media: b2c2: flexcop: Convert to SPDX identifier")
> introduce the SPDX-License expression LGPL-2.1-or-later for some files.
> 
> The command ./scripts/spdxcheck.py warns:
> 
>   drivers/media/dvb-core/dmxdev.c: 1:28 Invalid License ID: LGPL-2.1-or-later
>   drivers/media/dvb-core/dvb_demux.c: 1:28 Invalid License ID: LGPL-2.1-or-later
>   drivers/media/dvb-core/dvbdev.c: 1:28 Invalid License ID: LGPL-2.1-or-later
>   drivers/media/common/b2c2/flexcop.c: 1:28 Invalid License ID: LGPL-2.1-or-later
> 
> The preferred SPDX expression for LGPL-2.1 or any later version is with
> the more generic "+"-extension for "any later version", so: LGPL-2.1+
> 
> This makes spdxcheck happy again.

It doesn't sound right to apply such patch.

See, the latest SPDX version uses LGPL-2.1-or-later:

	https://spdx.org/licenses/LGPL-2.1-or-later.html

And it deprecated LGPL-2.1+:

	https://spdx.org/licenses/LGPL-2.1+.html

So, those files are perfectly fine with regards to SPDX, and are
adherent to its latest specs. We do need the latest specs on media,
as our documentation is under GFDL-1.1-no-invariants-or-later, which
only exists on newer SPDX versions.

So, the right thing to do here seems to fix spdxcheck.py, letting it
either allow both variants (as we probably don't want to replace it
everywhere) or to emit a warning if the deprecated ones are used.

Regards,
Mauro

> 
> Fixes: 8d395ce6f04b ("media: dvb-core: Convert to SPDX identifier")
> Fixes: e67219b0496b ("media: b2c2: flexcop: Convert to SPDX identifier")
> Signed-off-by: Lukas Bulwahn <lukas.bulwahn@...il.com>
> ---
>  drivers/media/common/b2c2/flexcop.c | 2 +-
>  drivers/media/dvb-core/dmxdev.c     | 2 +-
>  drivers/media/dvb-core/dvb_demux.c  | 2 +-
>  drivers/media/dvb-core/dvbdev.c     | 2 +-
>  4 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/media/common/b2c2/flexcop.c b/drivers/media/common/b2c2/flexcop.c
> index e7a88a2d248c..38c300da3fc2 100644
> --- a/drivers/media/common/b2c2/flexcop.c
> +++ b/drivers/media/common/b2c2/flexcop.c
> @@ -1,4 +1,4 @@
> -// SPDX-License-Identifier: LGPL-2.1-or-later
> +// SPDX-License-Identifier: LGPL-2.1+
>  /*
>   * Linux driver for digital TV devices equipped with B2C2 FlexcopII(b)/III
>   * flexcop.c - main module part
> diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c
> index f6ee678107d3..2b4fb2ec1efd 100644
> --- a/drivers/media/dvb-core/dmxdev.c
> +++ b/drivers/media/dvb-core/dmxdev.c
> @@ -1,4 +1,4 @@
> -// SPDX-License-Identifier: LGPL-2.1-or-later
> +// SPDX-License-Identifier: LGPL-2.1+
>  /*
>   * dmxdev.c - DVB demultiplexer device
>   *
> diff --git a/drivers/media/dvb-core/dvb_demux.c b/drivers/media/dvb-core/dvb_demux.c
> index 83cc32ad7e12..35bf76b0425c 100644
> --- a/drivers/media/dvb-core/dvb_demux.c
> +++ b/drivers/media/dvb-core/dvb_demux.c
> @@ -1,4 +1,4 @@
> -// SPDX-License-Identifier: LGPL-2.1-or-later
> +// SPDX-License-Identifier: LGPL-2.1+
>  /*
>   * dvb_demux.c - DVB kernel demux API
>   *
> diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
> index 675d877a67b2..861559e8b4c9 100644
> --- a/drivers/media/dvb-core/dvbdev.c
> +++ b/drivers/media/dvb-core/dvbdev.c
> @@ -1,4 +1,4 @@
> -// SPDX-License-Identifier: LGPL-2.1-or-later
> +// SPDX-License-Identifier: LGPL-2.1+
>  /*
>   * dvbdev.c
>   *



Thanks,
Mauro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ