| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260111161527.GA25101@pendragon.ideasonboard.com>
Date: Sun, 11 Jan 2026 18:15:27 +0200
From: Laurent Pinchart <laurent.pinchart@...asonboard.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@....qualcomm.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jonathan Corbet <corbet@....net>,
Andy Whitcroft <apw@...onical.com>, Joe Perches <joe@...ches.com>,
Dwaipayan Ray <dwaipayanray1@...il.com>,
Lukas Bulwahn <lukas.bulwahn@...il.com>, linux-spdx@...r.kernel.org,
workflows@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] LICENSES: Explicitly allow SPDX-FileCopyrightText
On Sun, Jan 11, 2026 at 05:07:51PM +0100, Krzysztof Kozlowski wrote:
> Sources already have SPDX-FileCopyrightText (~40 instances) and more
> appear on the mailing list, so document that it is allowed. On the
> other hand SPDX defines several other tags like SPDX-FileType, so add
> checkpatch rule to narrow desired tags only to two of them - license and
> copyright. That way no new tags would sneak in to the kernel unnoticed.
>
> Cc: Laurent Pinchart <laurent.pinchart@...asonboard.com>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: Joe Perches <joe@...ches.com>
> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@....qualcomm.com>
>
> ---
>
> Other way would be to remove SPDX-FileCopyrightText from existing files
> and disallow this, but one way or another we should be explicit about
> it. Otherwise people will be sending more of these and each maintainer
> would need to make their own call.
My only concern is that we're endorsing two different ways to express
copyright information. That usually leads to different subsystem setting
different rules, and worse, to people sending conversion patches.
I don't mind how copyright information is expressed. The
SPDX-FileCopyrightText tag has the advantage of being machine-parseable,
even if the value of the extracted information is somehow dubious from a
legal point of view. Other than than, both ways seem fine. I have a
slight personal preference for standardizing things, but the SPDX
specification doesn't mandate a particular formatting of the
SPDX-FileCopyrightText value, so there will always be different styles
anyway.
> Changes in v2:
> 1. Doc adjustments based on feedback from Greg and Laurent.
> 2. "unused" -> "unsupported"
> 3. Drop redundant blank line
> ---
> Documentation/process/license-rules.rst | 7 +++++--
> scripts/checkpatch.pl | 8 ++++++++
> 2 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/process/license-rules.rst b/Documentation/process/license-rules.rst
> index 59a7832df7d0..5cc58168e3d9 100644
> --- a/Documentation/process/license-rules.rst
> +++ b/Documentation/process/license-rules.rst
> @@ -63,8 +63,11 @@ License identifier syntax
> The SPDX license identifier in kernel files shall be added at the first
> possible line in a file which can contain a comment. For the majority
> of files this is the first line, except for scripts which require the
> - '#!PATH_TO_INTERPRETER' in the first line. For those scripts the SPDX
> - identifier goes into the second line.
> + '#!PATH_TO_INTERPRETER' in the first line. For those scripts, the SPDX
> + license identifier goes into the second line.
> +
> + The license identifier line can then be followed by one of multiple
s/of multiple/or multiple/
> + SPDX-FileCopyrightText lines if desired.
>
> |
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 362a8d1cd327..cc2a5882fef8 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -3844,6 +3844,14 @@ sub process {
> "Misplaced SPDX-License-Identifier tag - use line $checklicenseline instead\n" . $herecurr);
> }
>
> +# check for unsupported SPDX file tags
> + if ($rawline =~ /\bSPDX-.*:/ &&
> + $rawline !~ /\bSPDX-License-Identifier:/ &&
> + $rawline !~ /\bSPDX-FileCopyrightText:/) {
> + WARN("SPDX_LICENSE_TAG",
> + "Unsupported SPDX tag\n" . $herecurr);
> + }
> +
> # line length limit (with some exclusions)
> #
> # There are a few types of lines that may extend beyond $max_line_length:
--
Regards,
Laurent Pinchart
Powered by blists - more mailing lists