lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87lel1y31n.fsf@esperi.org.uk>
Date:   Mon, 13 Feb 2023 15:53:56 +0000
From:   Nick Alcock <nick.alcock@...cle.com>
To:     Leon Romanovsky <leon@...nel.org>
Cc:     Conor Dooley <conor@...nel.org>, mcgrof@...nel.org,
        linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-pci@...r.kernel.org, linux-riscv@...ts.infradead.org
Subject: Re: [PATCH 8/8] kbuild, PCI: microchip: comment out MODULE_LICENSE
 in non-modules

On 12 Feb 2023, Leon Romanovsky told this:

> On Fri, Feb 10, 2023 at 08:10:43PM +0000, Conor Dooley wrote:
>> On Fri, Feb 10, 2023 at 07:26:38PM +0000, Nick Alcock wrote:
>> > On 10 Feb 2023, Conor Dooley said:
>> > > FYI $subject seems wrong, this is a PCI patch AFAICT.
>
> <...>
>
>> > kbuild is present in every patch in the series because this is a
>> > kbuild-driven change (the thing it disturbs is part of the build system,
>> > the construction of modules.builtin*). This seems to be common practice
>> > for kbuild-related treewide changes.
>> 
>> Okay, I'll take your word for it. It just looked/looks odd to me!
>
> It looks odd to me too. Please add SPDX tag in modules which don't have
> it already, instead of commenting code.

Alas... nearly all of them *do* have it already, and in most cases it is
different. Usually not *very* different, but different. In most cases it
is more specific, e.g. drivers/soc/fujitsu/a64fx-diag.c, where we have
MODULE_LICENSE("GPL") but SPDX says it's GPL-2.0-only, but then there
are things like lib/packing.c, which throughout its history in the tree
has combined // SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0
and MODULE_LICENSE("GPL v2"); which are just not the same thing.

I commented the MODULE_LICENSEs out specifically because I wanted to
avoid getting into hundreds of simultaneous license flamewars while
trying to get *a different thing entirely* into the kernel (kallmodsyms,
which depends on modules.builtin.objs being correct).

I still don't want to get into hundreds of simultaneous license
flamewars, so I think I'll leave things commented out and let
individual maintainers decide whether they want to reconcile
contradictory info or not.

And if I'm not doing that, I feel I shouldn't really be adding SPDX
headers to files that lack them, given that I demonstrably cannot use
MODULE_LICENSE to tell me what the license is meant to be. But if we
can't rely on MODULE_LICENSE to specify the license, and it seems like
we can't, I'd say that it is truly redundant in those files that have
SPDXs, and should probably emit a series that removes MODULE_LICENSE
when files have SPDXes, and comments them out otherwise.

Does that sound reasonable to everyone?

-- 
NULL && (void)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ