| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220913094635.g2gtqrpveknjusup@pengutronix.de>
Date: Tue, 13 Sep 2022 11:46:35 +0200
From: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Christoph Hellwig <hch@...radead.org>,
Marc Zyngier <maz@...nel.org>,
Masahiro Yamada <masahiroy@...nel.org>,
linux-kernel@...r.kernel.org, kernel@...gutronix.de,
linux-spdx@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 0/2] SPDX tags for copyright
Hello,
[dropped Kai Germaschewski as his email address doesn't work]
On Tue, Sep 13, 2022 at 10:20:27AM +0200, Greg KH wrote:
> On Mon, Sep 12, 2022 at 10:05:54PM -0700, Christoph Hellwig wrote:
> > On Fri, Sep 09, 2022 at 12:38:48AM +0200, Uwe Kleine-König wrote:
> > > Hello,
> > >
> > > for Debian packaging having SPDX license tags already simplifies
> > > creating the required copyright documentation considerably. Another
> > > information that is needed for Debian packaging is the copyright
> > > information. There is an SPDX way for copyright information, too. The
> > > second patch converts scripts/kallsyms.c to that mechanism as an example
> > > to maybe discuss if we want to do that in the kernel.
> > >
> > > While the SPDX-FileCopyrightText is officially a free-form field, I
> > > suggest to just stick to the format
> > >
> > > (<year> )?<copyright holder>
> > >
> > > to simplify machine consumption even further.
> >
> > Adding the linux-spdx list and Linus. If we go with this format
Ah, didn't know about the spdx list (and didn't dare to bother Linus
with that). Thanks!
> > (which doesn't sound bad), we'll clearly need to document the format
> > we want, and that people should use it.
>
> There is a well-agreed-apon legal format for copyright lines already,
> and those lines should be fine in the comment text at the top of the
> file. No need to mess with SPDX-FileWhateverTagWeWant type of stuff
> here at all as all of our tools can easily find those lines if they
> really want to extract the copyright information.
I didn't find a tool that can extract these informations in the
collection of scripts (i.e. below scripts/). Did I miss anything?
What is that "well-agreed-upon legal format for copyright lines"?
Grepping a bit around, here are some examples:
* Portions Copyright (c) 2004-2006 Silicon Graphics, Inc.
* - Copyright (C) 2001 Junichi Morita <jun1m@...s.dti.ne.jp>
* **Copyright** |copy| 1999-2020 : LinuxTV Developers
* Copyright: |copy| 1995--1999 Martin Mares, <mj@....cz>
* Copyright (c) 2000
- Jorge Nerin <comandante@...alinux.com>
* Ben Dooks, Copyright 2006 Simtec Electronics
* Copyright, IBM Corp. 1999-2002
* :copyright: Copyright (C) 2016 Markus Heiser
* Copyright (C) 2015 Atmel,
2015 Nicolas Ferre <nicolas.ferre@...el.com>
and this is just the unusal stuff I found in a few minutes.
> SPDX is great for license declarations, let's stick with only using that
> for now until we finish the whole kernel and then maybe we can worry
> about adding additional meta information if it's really decided it can
> benifit anyone.
When converting a file to use SPDX-License-Identifier adding the SPDX
copyright stuff in the same commit might save some churn?!
Wasn't the situation with licenses similar before SPDX was in use? i.e.
there are scripts that more or less reliably determine the license of a
given file. But the "more or less" part results in some unease and so a
formalism was introduced.
Best regards
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | https://www.pengutronix.de/ |
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists