Re: [PATCH v6] checkpatch.pl: Add SPDX license tag check
From: Joe Perches
Date: Thu Feb 08 2018 - 12:24:22 EST
On Thu, 2018-02-08 at 15:35 +0100, Philippe Ombredanne wrote:
> However checking that licenses ids are known and listed in the kernel
> doc is essential IMHO to avoid drift and insulate the kernel from SPDX
> updates. Case in point the new SPDX "GPL-2.0-only" is NOT what was
> documented by tglx and therefore should not be used and banned until
> we update the doc accordingly. and until we update ALL the GPL-2.0 to
> GPL-2.0-only eventually which is best done at once.
Agree and I've attached what I believe to be a
reasonable script for that conversion only after
LICENSE directories are updated with the
appropriate and license files and after
Documentation/process/license-rules.rst is modified.
> Otherwise, this is
> going to be a total mess on top of a complicated topic that requires
> quite a bit of maintainer energy!
There will always be some energy requirement and
no doubt some legal advice involvement too.
In another vein:
The existing license files in spdx.org seem
somewhat sloppily edited and perhaps have less
clarity and precision than desired.
For instance:
If the newer SPDX descriptor "GPL-2.0-only" is to
be used, why does this license URL:
https://spdx.org/licenses/GPL-2.0-only.html
still contain the phrase ", or (at your option) any later version".
The current diff between GPL-2.0-only and GPL-2.0-or-later:
$ wget -q https://spdx.org/licenses/GPL-2.0-only.html
$ wget -q https://spdx.org/licenses/GPL-2.0-or-later.html
$ diff -U0 GPL-2.0-only.html GPL-2.0-or-later.html
--- GPL-2.0-only.html 2017-12-28 12:17:20.000000000 -0800
+++ GPL-2.0-or-later.html 2017-12-28 12:17:22.000000000 -0800
@@ -15 +15 @@
- <title>GNU General Public License v2.0 only | Software Package Data Exchange (SPDX)</title>
+ <title>GNU General Public License v2.0 or later | Software Package Data Exchange (SPDX)</title>
@@ -141 +141 @@
- <h1 property="dc:title">GNU General Public License v2.0 only</h1>
+ <h1 property="dc:title">GNU General Public License v2.0 or later</h1>
@@ -144 +144 @@
- <p style="margin-left: 20px;"><code property="spdx:name">GNU General Public License v2.0 only</code></p>
+ <p style="margin-left: 20px;"><code property="spdx:name">GNU General Public License v2.0 or later</code></p>
@@ -147 +147 @@
- <p style="margin-left: 20px;"><code property="spdx:licenseId">GPL-2.0-only</code></p>
+ <p style="margin-left: 20px;"><code property="spdx:licenseId">GPL-2.0-or-later</code></p>
@@ -160 +160 @@
- <p style="margin-left: 20px;">This license was released: June 1991 This refers to when this GPL 2.0 only is being used (as opposed to GPLv2 or later).</p>
+ <p style="margin-left: 20px;">This license was released: June 1991</p>
@@ -679 +679,2 @@
- as published by the Free Software Foundation; version 2.
+ as published by the Free Software Foundation; version 2
+ or any later version.
I am not a lawyer, this is not legal advice, etc... but:
The "1991 This" use in the -only file seems be missing
a period.
In any case it is awkwardly phrased as "or later" perhaps
should not be referenced at all.
The GPL 2.0 license as published by the Free Software
Foundation includes the option for using later versions.
Perhaps the SPDX -only licenses should be more specific
when it uses the phrase "as published by the Free
Software Foundation; version <n>." to specifically
exclude the option of any later version.
Attachment:
update-licenses.sh
Description: application/shellscript