From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B323AC74A21 for ; Wed, 10 Jul 2019 14:09:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7643C2064B for ; Wed, 10 Jul 2019 14:09:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=tjaldur-nl.20150623.gappssmtp.com header.i=@tjaldur-nl.20150623.gappssmtp.com header.b="Ow0pdVxu" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727661AbfGJOJn (ORCPT ); Wed, 10 Jul 2019 10:09:43 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:43959 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727595AbfGJOJn (ORCPT ); Wed, 10 Jul 2019 10:09:43 -0400 Received: by mail-ed1-f67.google.com with SMTP id e3so2293319edr.10 for ; Wed, 10 Jul 2019 07:09:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tjaldur-nl.20150623.gappssmtp.com; s=20150623; h=from:subject:to:references:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=FmUVtNtp8cagtp1xxfPWMxnnXRCcESUVEMhaWDh/z7w=; b=Ow0pdVxu1aiaNeUjFU1helgRNb517Ij7vRkenQ0a5XyU9EEvUvPI/SA2vtL8L4O91a LAVlzbXkwxTY8gJ2oH8sP6nfzIb7Nnv8dnDbLu4df+C8OOoybg3Yc8UcA8WVmgmQDub0 W4eDiutJtO6l+n4jv7fazGfoetVVee4/pAftO8PMXDTeBQJ9+TmQzgjraKUIE8fc2iIS nwmzYI0bqqWc03vc3+LCs/A6z+I3ALkm6LWxAci3weOIy9BfAIoU1ZiT4iWFbldXSqVa XC3RRwfZk1cIJOnJu88M2OU45S4U5YSxGcDEkJ74j65R4WOmBDgwR7Diucd+5TnkLKOz 9GfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=FmUVtNtp8cagtp1xxfPWMxnnXRCcESUVEMhaWDh/z7w=; b=EUwppdDYgs8AOQR3UVLUewp6N6nrCH+JW9xYtBUcj3CL3iMMWiCj6bl1WnvoHM1EPB fR1b647HRxr9h9ZeR5zRJQvsvFHVhpho09GwdS87nrwYTqZQd/lki8iWc1YWtsWR7wq2 2BGiUU9z3IEQkPJSLs/sTpOM030El6e9H99UiCePpOcReCBZkAoKkloFDA7SeaKaeES1 VTyXMjT7Huhsd2ZAzyQnPrggTG+H1kCljGMEAQXK2qMK6/o0rkxiFgCVini/u5SV+DN5 nlHTbhfOR5tQKLmaU1+md2FUDbr7yGcgkjkIIR7QKfTV0oOavMjVSdpOmGhiTBbsVQMD u3/Q== X-Gm-Message-State: APjAAAUgcSK+5eph0WnTmL25QrAuEvd3npgd1VAOTTm8m/d9uRkKUsZN E+alyNh26bKK8PgoKXFZQ2hBvhZ2rQc= X-Google-Smtp-Source: APXvYqzXPreAfSvYNO9tX1eZsFTgqXSGnVQPmMvlKDR+S9kEG2Rv0C0bd83qA+RRKBdeY2tzk1e9TA== X-Received: by 2002:aa7:d297:: with SMTP id w23mr31390396edq.128.1562767780638; Wed, 10 Jul 2019 07:09:40 -0700 (PDT) Received: from leela.thuis (ip-217-103-152-109.ip.prioritytelecom.net. [217.103.152.109]) by smtp.gmail.com with ESMTPSA id y9sm703348eds.15.2019.07.10.07.09.39 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jul 2019 07:09:40 -0700 (PDT) From: Armijn Hemel - Tjaldur Software Governance Solutions Subject: efficacy of MODULE_LICENSE To: J Lovejoy , linux-spdx@vger.kernel.org References: <1B1C3AD5-9222-40A8-A0D2-7BF7CE1181DF@jilayne.com> <20190710093806.GA22916@kroah.com> <789E72F5-FAF6-4E64-8CA8-471EE00BF865@jilayne.com> Openpgp: preference=signencrypt Autocrypt: addr=armijn@tjaldur.nl; prefer-encrypt=mutual; keydata= xsBNBFUHGDMBCACvTqCg+gpeT0siXY414eCO6guTvQm1CObf6gzhsa4IRhzG5ZrT+hSjluIF gnAFoOZxYXZVWoq+SCbBfWSLuVZnFb4jrBoNbNqyd9xPKT92UQoI9aib90Klq6tt0VcvO6Ke 10duM69mhBao6McGPHqOl6sBGjgfKzwQKEYa/W2sXgSiZgyAniAm8dcgCNMWeU8i6AFw/tu2 CDSIlGJD/ScTJ63sxvFCLU/yauhqcHj/uHVISFEVU/TR0aruhU59WJcTh7M6YXm9T/KwP/dv bFtXxS2XfWDXNLq1Fin90E0Kh924GQBwn85yt65EyzsiqMCQbIQCOu1HcqMUV7MBgYJ/ABEB AAHNIEFybWlqbiBIZW1lbCA8YXJtaWpuQHRqYWxkdXIubmw+wsB4BBMBAgAiBQJVBxgzAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCoU7oX+9OE+8ixCACQPJzd/FC/+Ab1RY8R T1BTUef0t31cGNkoEvmE5+oyqf2xDEdDb9dG6D0qOvu8kxMG7i/lNmWaBdSwbWLv+JRBcEHa Em3d3ck/ln3ulWIHLX1FFINlPh+dZqNZYnBxFMJ8sNR8tM3DOS0q/3GTAnQVK8M6arl8yoFP diwgg0ApHeJnPD75UJHHCly31D2HyMw2xgVxmW/s1gT9gwYx1AN5W9VYgUD9cJhPzPJH2Y9+ JkcSDFB57OOb+2WVCT85Rnaha/FPXkJkgfwuurutHEJDujAAYPPcIKiqWaOarJ1bI2a81Rzh wiD3wfjfcbq9MTkynq2APGjf0OqV3ymZf7rdzsBNBFUHGDMBCACq+VkgujBe13OQq0duCuwe cpgcFV4H5AU1TE9QyYh8m4FGFSiQzMRbDK/jqxA6wzNHoazxcRPBC7Wt5QcDeIeVvErJAtiP JmqWGHsiN6PMDoi+jO4q9iiqU7FcMNiTxGlPMbVHApWqX9+X1Liuf+j371YxZNxGh/5sLpRK iULNGj4tfOYqvbgTKYuPTHPPF1AVVQQdC5Bl3RmxhpDiZw5QAeLDHbXAh8KBO3be8QoDVzMp lUXgSvtwAKhO/mbfM1AyiMY3ilONYFKMmRRviVeyaTRDWJuMuAESsBHAcM04EzQFZTC9/yYI QEuymc+ZRr78WtS9eRrbd6Dtbfk5FVhRABEBAAHCwF8EGAECAAkFAlUHGDMCGwwACgkQqFO6 F/vThPtk7gf+Nvi8DZOOl/qGa86B20NO3jQ0pyi4nGtIeey46v9dwTmRqFIKDAnKLyV8Z7+2 ND0Xd8gPxrEnHRrdGB6hsQpQ/l4a2htk7CW/qGB3TkzTwBU2gS4mZEXSzUtv05CLHgmr+xkV s5Cy33RttqFm5TqAZUhhUbl5c4EgRpb/a60KZlYUBilsKzHCHAP6qGKZ8p7hnvL2oGDs71Gx uWIYynzE8Tl40P7UHtcVaTC1x61e8cOzaWMSSnrtQKAr6QsSf/w97EEG48jePV0tLkaGhaJk 1mRmS3/svWX51OjvCJjSHNAoq9W+i2UDZ06YLnET8DMug8BESHi5ww8ldBybQkzkvw== Message-ID: <4438c4e8-3df0-23df-d064-4b7b512a0655@tjaldur.nl> Date: Wed, 10 Jul 2019 16:09:39 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <789E72F5-FAF6-4E64-8CA8-471EE00BF865@jilayne.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-spdx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-spdx@vger.kernel.org [resending, as vger.kernel.org doesn't always like what my mail client is sending] On 7/10/19 3:41 PM, J Lovejoy wrote: >>> More specifically - where we have specific license match (like the >>> example above) - we can add the appropriate SPDX identifier, but if we >>> leave the MODULE_LICENSE info, I suspect that scanners will pick that >>> up and report a mix of licensing info (e.g., ISC, BSD, GPL, as in my >>> above example), which kind of brings us to the same place we are now. >>> Should we also remove the MODULE_LICENSE tag where it contradicts the >>> actual license info in terms of an exact license match (i.e., there is >>> nothing to match to GPL here, other than the MODULE_LICENSE tag, but >>> there is an exact match to a different license, ISC, in this case). >> MODULE_LICENSE predated SPDX by a decade or so, and was designed to >> solve a totally different use case. I would not try to mix the two, or >> infer one from the other. >> >> MODULE_LICENSE covers the "resulting image" of combining many different >> files that can have different SPDX-identified licenses in them. >> >> Does this help any? > yes. And I can understand the different use case, I guess my concern/question is does the existence of MODULE_LICENSE info that sort of contradicts the actual license info for the file (when looking just at that file, not the combined/resulting image) frustrate the goal of having clean licensing info for when people run scans over the kernel? > > maybe this last question is more of a question for the tooling folks? > > or maybe the answer is yes, in a strict scanning sense, but because MODULE_LICENSE is used for a different purpose, so be it… scanners are going to pick it up and people will just have to understand the above? > > mostly, I want to confirm that the SPDX identifier for a file in this case can simply be: ISC (not BSD, or GPL) I know that FOSSology will also report what is in MODULE_LICENSE, but there are files in the Linux kernel where the authors have acknowledged it does not necessarily reflect the actual license: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/romfs/super.c https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/jffs2/super.c I might go too far saying that the scope of this tag would be the derivative work (the Linux kernel binary), but that is usually how I interpret it. armijn -- Armijn Hemel, MSc Tjaldur Software Governance Solutions