lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <wnfqe7q2aby76zokkh77jhlwc2dbr243kycmejc4wj5wflywgi@6sox742ip22g>
Date: Sat, 16 Nov 2024 18:20:15 +0100
From: Uwe Kleine-König <u.kleine-koenig@...libre.com>
To: Daniel Gomez <d+samsung@...ces.com>
Cc: Werner Sembach <wse@...edocomputers.com>, mcgrof@...nel.org, 
	petr.pavlu@...e.com, samitolvanen@...gle.com, da.gomez@...sung.com, 
	linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org, linux@...mhuis.info, 
	vv@...edocomputers.com, cs@...edo.de
Subject: Re: [PATCH v5 2/2] module: Block a module by TUXEDO from accessing
 GPL symbols

On Sat, Nov 16, 2024 at 09:15:55AM +0100, Daniel Gomez wrote:
> On Fri Nov 15, 2024 at 7:50 PM CET, Werner Sembach wrote:
> > From: Uwe Kleine-König <ukleinek@...nel.org>
> >
> > TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> > contributers the committed code under GPLv3+ is awaited.
> 
> FYI, the SPDX identifier GPL-2.0+ is deprecated as of 2.0rc2 [1]. I think you'd
> need to use GPL-2.0-or-later [2] instead. And when using the SPDX identifier,
> you don't need to include the full text boilerplate in the source of every file
> as long as you include a LICENSE file or COPYRIGHT file with a copy of the
> license. One example upstream here [3] commit 1a59d1b8e05ea ("treewide: Replace
> GPLv2 boilerplate/reference with SPDX - rule 156").
> 
> [1] https://spdx.org/licenses/GPL-2.0+.html
> [2] https://spdx.org/licenses/GPL-2.0-or-later.html
> [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.12-rc7&id=1a59d1b8e05ea

If you're convinced that "GPL-2.0-or-later" is the right string to use
(and the following somewhat agrees with you:

	linux$ git rev-parse next/master
	744cf71b8bdfcdd77aaf58395e068b7457634b2c

	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0+' next/master | wc -l
	3640

	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0-or-later' next/master | wc -l
	9005
)

you can consider patching Documentation/process/license-rules.rst which
currently reads:

   License identifiers for licenses like [L]GPL with the 'or later' option
   are constructed by using a "+" for indicating the 'or later' option.::

      // SPDX-License-Identifier: GPL-2.0+
      // SPDX-License-Identifier: LGPL-2.1+

Best regards
Uwe

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ