lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2024021518-germinate-carol-12c2@gregkh>
Date: Thu, 15 Feb 2024 08:45:14 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Raju Rangoju <Raju.Rangoju@....com>, netdev@...r.kernel.org,
	davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
	Shyam-sundar.S-k@....com, Sudheesh Mavila <sudheesh.mavila@....com>
Subject: Re: [PATCH v5 net-next 3/5] amd-xgbe: add support for new XPCS
 routines

On Wed, Feb 14, 2024 at 05:27:30PM -0800, Jakub Kicinski wrote:
> Hi Greg!
> 
> Would you be able to give us your "no" vs "whatever" on the license
> shenanigans below? First time I'm spotting this sort of a thing,
> although it looks like we already have copies of this exact text
> in the tree :(

Ugh, that's a mess:

> 
> On Wed, 14 Feb 2024 21:18:40 +0530 Raju Rangoju wrote:
> > + * AMD 10Gb Ethernet driver

First off, checkpatch should have complained about no SPDX line on this
file, so that's a big NACK from me for this patch to start with.  Just
don't do that.

second, this whole thing can be distilled down to a single "GPLv2-only"
spdx line.  Don't create special, custom, licenses like "modified BSD"
if you expect a file to be able to be merged into the kernel tree,
that's not ok.

AMD developers, please work with your lawyers to clean this all up, and
remove ALL of that boilerplate license text, all you need is one simple
SPDX line that describes the license.

Also, I will push back hard and say "no dual license files, UNLESS you
have a lawyer sign-off on the patch" as the issues involved in doing
that are non-trivial, and require work on the legal side of your company
to ensure that they work properly.  That is work your lawyer is signing
up to do, so they need to be responsible for it.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ