lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230322102607.5rac7lmy5w653jen@CAB-WSD-L081021>
Date:   Wed, 22 Mar 2023 13:26:07 +0300
From:   Dmitry Rokosov <ddrokosov@...rdevices.ru>
To:     Rob Herring <robh@...nel.org>
CC:     <krzysztof.kozlowski@...aro.org>, <apw@...onical.com>,
        <joe@...ches.com>, <dwaipayanray1@...il.com>,
        <lukas.bulwahn@...il.com>, <kernel@...rdevices.ru>,
        <linux-kernel@...r.kernel.org>, <rockosov@...il.com>
Subject: Re: [PATCH v3] checkpatch: add missing bindings license check

Hello Rob, thank you for the comments. Please find my thoughts below.

On Tue, Mar 21, 2023 at 04:53:37PM -0500, Rob Herring wrote:
> On Mon, Mar 20, 2023 at 11:33:50PM +0300, Dmitry Rokosov wrote:
> > All headers from 'include/dt-bindings/' must be verified by checkpatch
> > together with Documentation bindings, because all of them are part of
> > the whole DT bindings system.
> > 
> > The requirement is dual licensed and matching pattern:
> >     /GPL-2\.0(?:-only|-or-later|\+)? (?:OR|or) BSD-2-Clause/
> 
> This is not correct. The headers can and should be licensed like the dts 
> files which are (unfortunately) all over the place and differ from the 
> bindings.
> 
> Also, GPL-2.0-or-later is neither desired nor encouraged. 

Sorry, I'm little bit confused. Let's discuss correct way.

We had such discussion in another review.

https://lore.kernel.org/all/20230313201259.19998-4-ddrokosov@sberdevices.ru/

Krzysztof has mentioned that Documentation yaml bindings schemas and
include bindings headers should have the same license by default.
And checkpath must check not only Documentation schema (previous
implementation), but 'include bindings' as well:

>From Krzysztof at https://lore.kernel.org/all/9d176288-cd7c-7107-e180-761e372a2b6e@linaro.org/:

---
>>>>> @@ -0,0 +1,20 @@
>>>>> +/* SPDX-License-Identifier: GPL-2.0+ */
>>>>
>>>> I found in changelog:
>>>> "fix license issue, it's GPL-2.0+ only in the current version"
>>>> and I do not understand.
>>>>
>>>> The license is wrong, so what did you fix?
>>>>
>>>
>>> Sorry don't get you. Why is it wrong?
>>
>> Run checkpatch - it will tell you why wrong. The license is not correct.
>> This is part of binding and should be the same as binding.
>>
> 
> I always run checkpatch before sending the next patch series. Checkpatch
> doesn't highlight this problem:
> 
> --------------
> $ rg SPDX a1_clkc_v10/v10-0003-dt-bindings-clock-meson-add-A1-PLL-and-Periphera.patch
> 32:+# SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause
> 111:+# SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause
> 188:+/* SPDX-License-Identifier: GPL-2.0+ */
> 294:+/* SPDX-License-Identifier: GPL-2.0+ */
> 
> $ ./scripts/checkpatch.pl --strict a1_clkc_v10/v10-0003-dt-bindings-clock-meson-add-A1-PLL-and-Periphera.patch
> total: 0 errors, 0 warnings, 0 checks, 259 lines checked

Hmm, my bad, that's something to fix/improve in checkpatch.
---

Actually, I agree with Krzysztof that checkpatch should verify 'include
bindings', but looks like there is misunderstanding which license pattern
we have to use.

Rob, could you please share your thoughts if possible? Which one pattern
we have to base on? GPL-2.0-only without 'later' suffix? Or you totally
disagree that checkpatch is responsible for 'include bindings'
verification?

-- 
Thank you,
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ