On 5/20/19 6:47 PM, Thomas Gleixner wrote: > > We really need to spot the failures in the patterns, not the actual file > level patches. The patcher itself is going to remove the file level > equivalent of the normalized pattern and add the concluded SPDX identifier > instead. Not more, not less. I'll back that up: the word *library* was in the pattern, and that's the only reason it matched that file. So, in our reviews, we need to carefully check that the pattern correctly corresponds to the SPDX identifier. But, the pattern matches are very literal/exact, so we don't need to be worried about some random files that don't exactly match the pattern sneaking into the patch, or review every file in the patch. (I do review a few files, but it's just for the mental reassurance that I've read the pattern correctly.) > If the tools would be perfect we would not need to look at any of these > things ... Fuzzy text matching is hard. This is why we have SPDX. :) Our efforts here will make a million future license compliance scans of the Kernel cleaner and more accurate. Allison
