Am Dienstag, 13. Juni 2023, 05:10:06 CEST schrieb Eric Biggers: > Hi Heiko, > > On Mon, Jun 12, 2023 at 11:04:42PM +0200, Heiko Stuebner wrote: > > diff --git a/arch/riscv/crypto/ghash-riscv64-zbc.pl b/arch/riscv/crypto/ghash-riscv64-zbc.pl > > new file mode 100644 > > index 000000000000..677c438a44bf > > --- /dev/null > > +++ b/arch/riscv/crypto/ghash-riscv64-zbc.pl > > @@ -0,0 +1,427 @@ > > +#! /usr/bin/env perl > > +# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. > > +# > > +# Licensed under the Apache License 2.0 (the "License"). You may not use > > +# this file except in compliance with the License. You can obtain a copy > > +# in the file LICENSE in the source distribution or at > > +# https://www.openssl.org/source/license.html > > + > > +# This file is dual-licensed and is also available under the following > > +# terms: > > +# > > +# Copyright (c) 2023, Christoph Müllner <christoph.muellner@xxxxxxxx> > > +# All rights reserved. > > +# > > +# Redistribution and use in source and binary forms, with or without > > +# modification, are permitted provided that the following conditions > > +# are met: > > +# 1. Redistributions of source code must retain the above copyright > > +# notice, this list of conditions and the following disclaimer. > > +# 2. Redistributions in binary form must reproduce the above copyright > > +# notice, this list of conditions and the following disclaimer in the > > +# documentation and/or other materials provided with the distribution. > > Is this worded properly for a dual license? The paragraph about the Apache > License makes it sound like the Apache License must always be complied with: > "You may not use this file except in compliance with the License." > > So I worry that this could be interpreted as: > > Apache-2.0 AND BSD-2-Clause > > instead of > > Apache-2.0 OR BSD-2-Clause > > It needs to be the latter. > > So I think the file header needs to be clarified w.r.t. the dual license. Hmm, I think the "This file is dual-licensed and is also available under the following terms" should be pretty clear? Also this is wording openSSL uses since 2004 in other parts like crypto/LPdir_*.c . So I'd guess any "issue" should've come up already in all these years? > Side note: can you please also include a SPDX-License-Identifier? ok, will add them Heiko