lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Dec 2021 14:28:10 +0100
From:   Lukas Bulwahn <lukas.bulwahn@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Cai Huoqing <caihuoqing@...du.com>,
        Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-spdx@...r.kernel.org
Subject: Re: [PATCH v3] LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers

On Thu, Dec 16, 2021 at 2:17 PM Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> On Thu, Dec 16, 2021 at 08:30:14PM +0800, Cai Huoqing wrote:
> > On 16 12月 21 13:17:35, Mauro Carvalho Chehab wrote:
> > > Some files have been flagged with the new LGPL-2.1-or-later
> > > identifier which replace the original LGPL-2.1+ in the SPDX license
> > > identifier specification, but the identifiers are not mentioned as
> > > valid in the LGPL-2.1 license file.
> > >
> > > Add it, together with the LGPL-2.1-only at the the license file.
> > >
> > > Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
> > > ---
> > >  LICENSES/preferred/LGPL-2.1 | 2 ++
> > >  1 file changed, 2 insertions(+)
> > >
> > > diff --git a/LICENSES/preferred/LGPL-2.1 b/LICENSES/preferred/LGPL-2.1
> > > index 27bb4342a3e8..b73f9b6230f5 100644
> > > --- a/LICENSES/preferred/LGPL-2.1
> > > +++ b/LICENSES/preferred/LGPL-2.1
> > > @@ -1,5 +1,7 @@
> > >  Valid-License-Identifier: LGPL-2.1
> > > +Valid-License-Identifier: LGPL-2.1-only
> > >  Valid-License-Identifier: LGPL-2.1+
> > > +Valid-License-Identifier: LGPL-2.1-or-later
> > >  SPDX-URL: https://spdx.org/licenses/LGPL-2.1.html
> > The URL is deprecated, do we need to update it together.
>
> No.
>
> > The same, GPL-2.0, LGPL-2.0
>
> Again, no.  We are using an older version of the SPDX specification,
> this is fine.
>

Mauro's patch just makes sure that spdxcheck.py does not complain
about the SPDX License Identifiers from SPDX spec v2 and from v3. It
really does not deprecate anything or implies that everything in the
kernel needs to move to v3 (which might really be some crazy
disturbing refactoring effort without a lot of gain), but it allows
developers that want to use the tags from SPDX spec v3 can do so.

I would assume making the kernel/a tool in the kernel supporting
something more while being backwards-compatible is the standard way we
work... So, Greg, this patch is fine to be included, right?


Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ