On Fri, Feb 2, 2018 at 1:06 PM, Joe Perches <joe@perches.com> wrote:
On Fri, 2018-02-02 at 12:27 -0600, Rob Herring wrote:
> On Fri, Feb 2, 2018 at 9:49 AM, Igor Stoppa <igor.stoppa@huawei.com> wrote:
> > On 02/02/18 17:40, Rob Herring wrote:
> > > Add SPDX license tag check based on the rules defined in
> >
> > Shouldn't it also check that the license is compatible?
> >
>
> Perhaps we shouldn't try to script legal advice.

True.

I believe what was meant was that the
entry was a valid SPDX License entry
that already exists as a specific file
in the LICENSES/ path.

So that entry must be some combination of:

$ git ls-files LICENSES/ | cut -f3- -d'/' | sort
BSD-2-Clause
BSD-3-Clause
BSD-3-Clause-Clear
GPL-1.0
GPL-2.0
LGPL-2.0
LGPL-2.1
Linux-syscall-note
MIT
MPL-1.1

>From my perspective, it'd be better if the
various + uses had their own individual
license files in the LICENSES/ path.

At the end of december, the SPDX license list[1] was rev'd to
Version: 3.0 28 December 2017.   At the request of 
FSF, the GNU license family would not use the "+" notation,
and would bias towards using "-only" and "-or-later", explicitly.
So adding both variants to the LICENSES/ path aligns with 
this forward direction.


Right now, there are many missing licenses
that are already used by various existing
SPDX-License-Identifier: entries.


APACHE-2.0
BSD
CDDL
CDDL-1.0
ISC
GPL-1.0+
GPL-2.0+
LGPL-2.1+
OpenSSL

There are odd entries like:

GPL-2.0-only

This is the new way to represent GPLv2 only, as described above. 
While the GPL-2.0 and GPL-2.0+ notation is still valid,  it is deprecated
in the latest version, so transitioning existing over time will probably 
be needed.   So I think the list of licenses to be added to 
LICENSES/ path is:
 
APACHE-2.0
BSD
CDDL
CDDL-1.0
ISC
GPL-1.0-only
GPL-1.0-or-later (note: actually same contents as one GPL-1.0-only)
GPL-2.0-only
GPL-2.0-or-later (same contents as GPL-2.0-only)
LGPL-2.0-only
LGPL-2.0-or-later (same contents as LGPL-2.0-only)
LGPL-2.1-only
LGPL-2.1-or-later (same contents as LGPL-2.1-only)
OpenSSL

Having files with the same contents, but different names is 
irritating, but I can't see a another way of complying with REUSE
guidelines.   Any better suggestions?
 
Parentheses around AND/OR aren't consistent.

The SPDX specification has an appendix that calls for "(",")"
around every license expresssion.   After discussion with some 
developers it was decided to be ok to relax that, and only add them 
when they were essential to clarify the logic.   The next rev of the 
SPDX specification will have this clarified as well.   I think we caught
most of the changes in the kernel documentation patches for describing
this,  but if you have specific cases to be reviewed,  happy to have
a look. 

Thanks, Kate


[1] https://spdx.org/licenses/