On Fri, Feb 2, 2018 at 1:06 PM, Joe Perches wrote: > On Fri, 2018-02-02 at 12:27 -0600, Rob Herring wrote: > > On Fri, Feb 2, 2018 at 9:49 AM, Igor Stoppa > wrote: > > > On 02/02/18 17:40, Rob Herring wrote: > > > > Add SPDX license tag check based on the rules defined in > > > > > > Shouldn't it also check that the license is compatible? > > > > > > > Perhaps we shouldn't try to script legal advice. > > True. > > I believe what was meant was that the > entry was a valid SPDX License entry > that already exists as a specific file > in the LICENSES/ path. > > So that entry must be some combination of: > > $ git ls-files LICENSES/ | cut -f3- -d'/' | sort > BSD-2-Clause > BSD-3-Clause > BSD-3-Clause-Clear > GPL-1.0 > GPL-2.0 > LGPL-2.0 > LGPL-2.1 > Linux-syscall-note > MIT > MPL-1.1 > > From my perspective, it'd be better if the > various + uses had their own individual > license files in the LICENSES/ path. > At the end of december, the SPDX license list[1] was rev'd to Version: 3.0 28 December 2017. At the request of FSF, the GNU license family would not use the "+" notation, and would bias towards using "-only" and "-or-later", explicitly. So adding both variants to the LICENSES/ path aligns with this forward direction. > Right now, there are many missing licenses > that are already used by various existing > SPDX-License-Identifier: entries. > > > APACHE-2.0 > BSD > CDDL > CDDL-1.0 > ISC > GPL-1.0+ > GPL-2.0+ > LGPL-2.1+ > OpenSSL > > There are odd entries like: > > GPL-2.0-only > This is the new way to represent GPLv2 only, as described above. While the GPL-2.0 and GPL-2.0+ notation is still valid, it is deprecated in the latest version, so transitioning existing over time will probably be needed. So I think the list of licenses to be added to LICENSES/ path is: APACHE-2.0 BSD CDDL CDDL-1.0 ISC GPL-1.0-only GPL-1.0-or-later (note: actually same contents as one GPL-1.0-only) GPL-2.0-only GPL-2.0-or-later (same contents as GPL-2.0-only) LGPL-2.0-only LGPL-2.0-or-later (same contents as LGPL-2.0-only) LGPL-2.1-only LGPL-2.1-or-later (same contents as LGPL-2.1-only) OpenSSL Having files with the same contents, but different names is irritating, but I can't see a another way of complying with REUSE guidelines. Any better suggestions? > Parentheses around AND/OR aren't consistent. > The SPDX specification has an appendix that calls for "(",")" around every license expresssion. After discussion with some developers it was decided to be ok to relax that, and only add them when they were essential to clarify the logic. The next rev of the SPDX specification will have this clarified as well. I think we caught most of the changes in the kernel documentation patches for describing this, but if you have specific cases to be reviewed, happy to have a look. Thanks, Kate [1] https://spdx.org/licenses/