lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 8 Jun 2023 11:05:30 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     Richard Fontana <rfontana@...hat.com>,
        Bagas Sanjaya <bagasdotme@...il.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Franziska Naepelt <franziska.naepelt@...glemail.com>,
        Linux SPDX Licenses <linux-spdx@...r.kernel.org>,
        Linux Kernel Janitors <kernel-janitors@...r.kernel.org>,
        Linux Crypto <linux-crypto@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        David Howells <dhowells@...hat.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        Dan Carpenter <dan.carpenter@...aro.org>,
        Alexander Kjeldaas <astor@...t.no>,
        Herbert Valerio Riedel <hvr@...lab.org>,
        Kyle McMartin <kyle@...ian.org>,
        "Adam J . Richter" <adam@...drasil.com>,
        Dr Brian Gladman <brg@...dman.me.uk>,
        Stephan Mueller <smueller@...onox.de>
Subject: Re: [PATCH 1/8] crypto: Convert dual BSD 3-Clause/GPL 2.0
 boilerplate to SPDX identifier

On Thu, Jun 08, 2023 at 10:37:33AM +0200, Ard Biesheuvel wrote:
> On Wed, 7 Jun 2023 at 16:38, Richard Fontana <rfontana@...hat.com> wrote:
> >
> > On Wed, Jun 7, 2023 at 1:42 AM Bagas Sanjaya <bagasdotme@...il.com> wrote:
> > >
> > > Replace license boilerplate for dual BSD-3-Clause/GPL 2.0 (only or
> > > later) with corresponding SPDX license identifier.
> >
> > This is at least the fourth or fifth time (I'm losing track) where you
> > have incorrectly assumed a particular non-GPL license text matches a
> > particular SPDX identifier without (apparently) checking.
> >
> 
> What exactly does 'checking' entail here? There is no guidance in
> Documentation/process/license-rules.rst on how to perform this
> comparison.
> 
> Also, checkpatch now complains about missing SPDX identifiers, which
> is what triggered this effort. Should it stop doing that?
> 
> > Bagas, I urge that you learn more about the nature of SPDX identifiers
> > before submitting any further patches at least involving replacement
> > of non-GPL notices with SPDX identifiers. For this unprecedented
> > license notice replacement initiative to have any legitimacy it must
> > attempt to apply SPDX identifiers correctly.
> >
> 
> Since we're in language pedantic mode: it must do more than attempt,
> it must apply them correctly, period.
> 
> Arguably, this is an 'attempt to apply SPDX identifiers correctly' on
> Bagas's part, which apparently falls short (and I may be guilty of the
> same for some arch crypto code)
> 
> So what is the ambition here: do we just leave the ambiguous ones as-is?

I recommend yes, leave them as-is until the legal people who actually
care about having SPDX lines in all of the files take the time to do the
work to resolve these issues.

Remember, they are the ones asking for it, no need for us to do their
work for them :)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ