Dear Mauro, On Thu, Dec 14, 2017 at 11:55 AM, Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx> wrote: > SPDX is a new requirement that started late on Kernel 4.14 development > cycle (and whose initial changes were merged directly at Linus tree). > Not all existing files have it yet, as identifying the right license > on existing files is a complex task, but if you do a: > > $ git grep SPDX $(find . -name Makefile) $(find . -name Kconfig) > > You'll see that lot of such files have it already. FWIW, short of having SPDX tags, identifying the right license on existing files is not a super complex task: if boils down to running many diffs. Take the ~60K files in kernel, and about 6K license and notices reference texts. Then compute a pairwise diff of each of the 60K file against the 6K reference texts. Repeat the pairwise diff a few more times, say 10 times, as multiple licenses may appear in any given kernel file. And keep the diffs that have the fewest difference/highest similarity with the reference texts as the detected license. Done! The only complex thing is that if you have a fast diff that runs at 0.1 millisec end-to-end per diff, you still have 3.6B diffs to do and this would take about 250 days on one thread. Even with a beefy 250 core CPU, that would still be a day (and quite few kilo watts) . So the whole trick is to avoid doing a diffs if not really needed. This is what I do in my scancode-toolkit (that I used/use to help Greg and Thomas with kernel license scans). Net effect is that on a laptop on 8 threads it takes ~20 minutes to scan a whole kernel using this diff-based approach and obtain a fairly accurate license detection. -- Cordially Philippe Ombredanne
