On Fri, Feb 2, 2018 at 2:18 PM, Kate Stewart wrote: > > On Fri, Feb 2, 2018 at 1:06 PM, Joe Perches wrote: >> >> On Fri, 2018-02-02 at 12:27 -0600, Rob Herring wrote: >> > On Fri, Feb 2, 2018 at 9:49 AM, Igor Stoppa wrote: >> > > On 02/02/18 17:40, Rob Herring wrote: >> > > > Add SPDX license tag check based on the rules defined in >> > > >> > > Shouldn't it also check that the license is compatible? >> > > >> > >> > Perhaps we shouldn't try to script legal advice. >> >> True. >> >> I believe what was meant was that the >> entry was a valid SPDX License entry >> that already exists as a specific file >> in the LICENSES/ path. >> >> So that entry must be some combination of: >> >> $ git ls-files LICENSES/ | cut -f3- -d'/' | sort >> BSD-2-Clause >> BSD-3-Clause >> BSD-3-Clause-Clear >> GPL-1.0 >> GPL-2.0 >> LGPL-2.0 >> LGPL-2.1 >> Linux-syscall-note >> MIT >> MPL-1.1 >> >> From my perspective, it'd be better if the >> various + uses had their own individual >> license files in the LICENSES/ path. > > > At the end of december, the SPDX license list[1] was rev'd to > Version: 3.0 28 December 2017. At the request of > FSF, the GNU license family would not use the "+" notation, > and would bias towards using "-only" and "-or-later", explicitly. > So adding both variants to the LICENSES/ path aligns with > this forward direction. > >> >> Right now, there are many missing licenses >> that are already used by various existing >> SPDX-License-Identifier: entries. >> >> >> APACHE-2.0 >> BSD >> CDDL >> CDDL-1.0 >> ISC >> GPL-1.0+ >> GPL-2.0+ >> LGPL-2.1+ >> OpenSSL >> >> There are odd entries like: >> >> GPL-2.0-only > > > This is the new way to represent GPLv2 only, as described above. > While the GPL-2.0 and GPL-2.0+ notation is still valid, it is deprecated > in the latest version, so transitioning existing over time will probably > be needed. So I think the list of licenses to be added to > LICENSES/ path is: > > APACHE-2.0 > BSD > CDDL Oops - should not have included CDDL as its not a valid SPDX identifier. It should be either CDDL-1.0 or CDDL-1.1, and the place where it was found needs to be fixed. See [1] for valid SPDX identifiers. > CDDL-1.0 > ISC > GPL-1.0-only > GPL-1.0-or-later (note: actually same contents as one GPL-1.0-only) > GPL-2.0-only > GPL-2.0-or-later (same contents as GPL-2.0-only) > LGPL-2.0-only > LGPL-2.0-or-later (same contents as LGPL-2.0-only) > LGPL-2.1-only > LGPL-2.1-or-later (same contents as LGPL-2.1-only) > OpenSSL > > Having files with the same contents, but different names is > irritating, but I can't see a another way of complying with REUSE > guidelines. Any better suggestions? > >> >> Parentheses around AND/OR aren't consistent. > > > The SPDX specification has an appendix that calls for "(",")" > around every license expresssion. After discussion with some > developers it was decided to be ok to relax that, and only add them > when they were essential to clarify the logic. The next rev of the > SPDX specification will have this clarified as well. I think we caught > most of the changes in the kernel documentation patches for describing > this, but if you have specific cases to be reviewed, happy to have > a look. > > Thanks, Kate > > > [1] https://spdx.org/licenses/