lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2025080228-easily-clanking-0ddd@gregkh>
Date: Sat, 2 Aug 2025 08:56:57 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Thomas Huth <thuth@...hat.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, x86@...nel.org,
	kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-spdx@...r.kernel.org
Subject: Re: [PATCH v2] arch/x86/kvm/ioapic: Remove license boilerplate with
 bad FSF address

On Fri, Aug 01, 2025 at 01:26:43PM +0200, Thomas Huth wrote:
> On 28/07/2025 17.50, Greg Kroah-Hartman wrote:
> > On Mon, Jul 28, 2025 at 05:36:47PM +0200, Greg Kroah-Hartman wrote:
> > > On Mon, Jul 28, 2025 at 05:28:43PM +0200, Thomas Huth wrote:
> > > > From: Thomas Huth <thuth@...hat.com>
> > > > 
> > > > The Free Software Foundation does not reside in "59 Temple Place"
> > > > anymore, so we should not mention that address in the source code here.
> > > > But instead of updating the address to their current location, let's
> > > > rather drop the license boilerplate text here and use a proper SPDX
> > > > license identifier instead. The text talks about the "GNU *Lesser*
> > > > General Public License" and "any later version", so LGPL-2.1+ is the
> > > > right choice here.
> > > > 
> > > > Signed-off-by: Thomas Huth <thuth@...hat.com>
> > > > ---
> > > >   v2: Don't use the deprecated LGPL-2.1+ identifier
> > > 
> > > If you look at the LICENSES/preferred/LGPL-2.1 file, it says to use:
> > > 	SPDX-License-Identifier: LGPL-2.1+
> > > 
> > > as the kernel's SPDX level is older than you might think.
> > > 
> > > Also, doesn't the scripts/spdxcheck.pl tool object to the "or-later"
> > > when you run it on the tree with this change in it?
> > 
> > Ugh, sorry, no, it lists both, the tool should have been fine.  I was
> > reading the text of the file, not the headers at the top of it.  My
> > fault.
> 
> By the way, is there a reason why LICENSES/preferred/LGPL-2.1 suggests only
> the old variant:
> 
>   For 'GNU Lesser General Public License (LGPL) version 2.1 or any later
>   version' use:
>     SPDX-License-Identifier: LGPL-2.1+
> 
> ... while LICENSES/preferred/GPL-2.0 suggests both:
> 
>   For 'GNU General Public License (GPL) version 2 or any later version' use:
>     SPDX-License-Identifier: GPL-2.0+
>   or
>     SPDX-License-Identifier: GPL-2.0-or-later
> 
> That looks somewhat inconsistent to me... Should the LGPL files be updated?

If you want to, sure.  Odds are we don't have many LGPL files in the
tree for it to ever be noticed before.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ