On Wed, 22 May 2019, J Lovejoy wrote: > > On May 21, 2019, at 1:29 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote: > > > > can you please have a look how to handle that GPL + BSD disclaimer > > abomination SPDX wise? > > > > Yes, I have started a new list for this special version of messiness, > namely anything in these batches that you all are tagging as adding > something “extra” to the standard GPL license notice. I’m not going to > start bringing this to SPDX until we have a more complete list - that way > we know how many variations there are, etc. > If/when we do reach out to copyright holders in these cases, I think it’d > be helpful to specifically ask them if they could remove the extra text > and confirm that the license is just plain old GPL-2.0-only or > GPL-2.0-or-later. From Richard’s earlier comments, Philippe’s bit of > research, and the copyright years in the notices from the actual files - > it sounds like this additional-warranty thing was in vogue a long time go > (and hopefully not something people think they need to do today!) - so, > trying to clean it up where possible would be ideal. You wish. The bulk is indeed from around 2000m but the cargo cult disclaimer in drivers/scsi/usf/ was newly added 7 years ago and 2 years ago a new file was added with the same crap copied. That kind of stuff is still proliferated for whatever reasons. Now coming back to the issue with disclaimers in general. We need a way to deal with it as there are at least two files where there is no trace of the company anymore. Plus GPLV3 (not relevant for the kernel, but for SPDX) explicitely says that you can add magic disclaimers. And of course people will do so. While walking the dogs I thought more about this. 1) The random disclaimer (new or old) is not necessarily forming a new license as long as the GPL (version) reference is unambiguous. It's an (for GPLv2 tolerated and for GPLv3 documented) add on. 2) With a very quick scan (not complete and accurate) I found more than 20 variants of disclaimers bolted on a GPLv2 reference/boilerplate. I fear there are more. So it's pretty unrealistic to create 20+ disclaimer IDs or 20+ new license IDs for those and either of these things would just help to proliferate that nonsense and create yet another mess in the SPDX realm. I rather suggest to do the following: 1) Create a SPDX id 'CUSTOM_DISCLAIMER' and make the license identifier: SPDX-License-Identifier: GPL-2.0-or-later AND CUSTOM_DISCLAIMER 2) Remove the GPL2.0 reference/boilerplate but keep the diclaimer in the comment 3) Wrap the disclaimer into DISCLAIMER_BEGIN Random made up lawyerese DISCLAIMER_END That gives us the following useful properties: 1) Avoid to go through the tedious process of creating disclaimer IDs or new licenses and go through all the instances of SPDX/OSI and whatever. 2) Allows to proceed with the cleanup 3) Precicely marks the custom disclaimer for compliance tools. Even a halfways trivial awk script can extract them that way. We still can go after the copyright holders who added that mess at the same time, but we do not depend on their willingness, availability ... Thoughts? Thanks, tglx