lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YyA9S9KD47D6Hoce@kroah.com>
Date:   Tue, 13 Sep 2022 10:20:27 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     Uwe Kleine-König 
        <u.kleine-koenig@...gutronix.de>, linux-kernel@...r.kernel.org,
        Kai Germaschewski <kai.germaschewski@....de>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Marc Zyngier <maz@...nel.org>, kernel@...gutronix.de,
        linux-spdx@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 0/2] SPDX tags for copyright

On Mon, Sep 12, 2022 at 10:05:54PM -0700, Christoph Hellwig wrote:
> On Fri, Sep 09, 2022 at 12:38:48AM +0200, Uwe Kleine-König wrote:
> > Hello,
> > 
> > for Debian packaging having SPDX license tags already simplifies
> > creating the required copyright documentation considerably. Another
> > information that is needed for Debian packaging is the copyright
> > information. There is an SPDX way for copyright information, too. The
> > second patch converts scripts/kallsyms.c to that mechanism as an example
> > to maybe discuss if we want to do that in the kernel.
> > 
> > While the SPDX-FileCopyrightText is officially a free-form field, I
> > suggest to just stick to the format
> > 
> > 	(<year> )?<copyright holder>
> > 
> > to simplify machine consumption even further.
> 
> Adding the linux-spdx list and Linus.  If we go with this format
> (which doesn't sound bad), we'll clearly need to document the format
> we want, and that people should use it.
> 

There is a well-agreed-apon legal format for copyright lines already,
and those lines should be fine in the comment text at the top of the
file.  No need to mess with SPDX-FileWhateverTagWeWant type of stuff
here at all as all of our tools can easily find those lines if they
really want to extract the copyright information.

SPDX is great for license declarations, let's stick with only using that
for now until we finish the whole kernel and then maybe we can worry
about adding additional meta information if it's really decided it can
benifit anyone.

For now, copyright lines don't seem worth it to me, just leave them in a
comment block please.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ