Darrick, On Tue, 27 Aug 2019, Darrick J. Wong wrote: > On Tue, Aug 27, 2019 at 08:13:19AM +0200, Thomas Gleixner wrote: > > On Mon, 26 Aug 2019, Darrick J. Wong wrote: > > > +++ b/tests/generic/719 > > > @@ -0,0 +1,59 @@ > > > +#! /bin/bash > > > +# SPDX-License-Identifier: GPL-2.0-or-newer > > > > Please run scripts/spdxcheck.py on that file and consult the licensing > > documentation. > > -or-later, sorry. > > So .... now that everyone who wanted these SPDX identifiers have spread > "GPL-2.0+" around the kernel and related projects (xfsprogs, xfstests) > just in time for SPDX 3.0 to deprecate the "+" syntax, what are we > supposed to do? Another treewide change to fiddle with SPDX syntax? > Can we just put: > > Valid-License-Identifier: GPL-2.0+ > Valid-License-Identifier: GPL-2.0-or-later > > in the LICENSES/GPL-2.0 file like the kernel does? The kernel is not going to change that because we have started with this before the s/+/-or-later/ happened. Tools need to read both. > Is that even going to stay that way? I thought I heard that Greg was > working on phasing out the "2.0+" tags since SPDX deprecated that? For new stuff we should use -or-later methinks. > I think xfsprogs and xfstests just follow whatever the kernel does, but > AFAICT this whole initiative /continues/ to communicate poorly with the > maintainers about (1) how this is supposed to benefit us and (2) what we > are supposed to do to maintain all of it. We wrote lengthy documentation and a long explanation on LKML. So what's missing? Maintaining it is easy. All new files need a valid SPDX identifier which is documented in one of the licenses in the LICENSES directory. Preferrably the SPDX identifier comes without all that boiler plate nonsense which got copied and pasted, fatfingered and broken in the past. > Do we have to get lawyers involved to roll to a new SPDX version? Will > LF do that for (at least) the projects hosted on kernel.org? Should we > just do it and hope for the best since IANAFL? I know how to review > code. I don't know how to review licensing and all the tiny > implications that go along with things like this. I don't even feel > confident that the two identifiers above are exactly the same, because > all I know is that I read it on a webpage somewhere. We have layers helping with that. > I for one still have heard abso-f*cking-lutely nothing about what is > this SPDX change other than Greg shoving treewide changes in the kernel. > That sufficed to get the mechanical work done (at the cost of a lot of > frustration for Greg) but this doesn't help me sustain our community. > > Guidance needed. Apologies all around if this rant is misdirected, but > I have no idea who (if anyone) is maintaining SPDX tags. There's no > entry for LICENSES/ in MAINTAINERS, which is where I looked first. The SPDX identifiers are maintained by the SPDX group which is independent of us. We use them and we document how to use them proper so tooling can do proper license identification. Yeah, we should add a MAINTAINERS entry for LICENSES. Greg and myself are going to be volunteered I fear. Thanks, tglx
