[OE-core] [yocto][prelink-cross] Bug 13529 add SPDX identifier
Yann CARDAILLAC
yann.cardaillac at smile.fr
Tue Oct 22 09:28:57 UTC 2019
On Mon, Oct 21, 2019 at 4:35 PM Mark Hatle <mark.hatle at kernel.crashing.org>
wrote:
> On 10/21/19 4:43 AM, Yann CARDAILLAC wrote:
> > Hi Mark Hatle, Jakub Jelinek,
>
> Jakub is no longer supporting this code, but he may have valuable insights
> into
> licensing.
>
> > I'm currently beginning the work on bug 13529:
> >
> > https://bugzilla.yoctoproject.org/show_bug.cgi?id=13529
> >
> > The purpose is to add SPDX identifier to scripts and sources.
> >
> > Most of the sources have licences on the sources, however some of them
> don't,
> > and I've question about others :
> >
> > - src/sha.c do not shall it be GPLV2-or-later as most of the other?
>
> /* sha.c - Functions to compute the SHA1 hash (message-digest) of files
> or blocks of memory. Complies to the NIST specification FIPS-180-1.
>
> Copyright (C) 2000, 2001, 2003 Scott G. Miller
>
> Credits:
> Robert Klep <robert at ilse.nl> -- Expansion function fix
> NOTE: The canonical source of this file is maintained in GNU coreutils.
> */
>
> The last line is the key. This apparently came from GNU coreutils.
>
> From the SCM logs, sha.c was introduced in approx 2003-07-01 from what it
> looks
> like. So it's a pretty old version. You will need to do some detective
> work,
> and find older versions of coreutils until you find the one that
> corresponds to
> the code that was checked in. Start back in 2003 and work backwards as
> necessary. (The version that matches to the original 2003-07-01 should be
> the
> reasonable license to use.)
>
Ok I found it ! https://github.com/coreutils/coreutils/blob/v4.5.8/lib/sha.c
from : https://github.com/coreutils/coreutils/blob/v4.5.8/COPYING it looks
like it's only GPLV2
> > - how to licence m4/libelf.m4 ? I'd prefer you to tell me exactly what
> to add in
> > order to avoid errors
>
> The original version of the m4/libelf.m4 was introduced 2001-09-27. It
> appears
> to me that it was written as part of the prelinker, so would be under the
> overall license of the prelinker.
>
> Based on this, my assumption is that it is GPL-2.0
>
> I do not see any 'or-later' clauses anywhere.
>
> I have just add "dnl SPDX-License-Identifier: GPL-2.0-only" bellow the
"Written by" comment, however should it also be in the resulting template?
I can add it also at first line of the resulting file if necessary ?
> - what about *.C files ? They don't have licence header, they look like C
> file
> > to me so I'd probably add :
> > // SPDX-License-Identifier: GPL-2.0-or-later
>
> There are each simply test cases. They would be covered by the overall
> 'COPYING' for the package. Thus GPL-2.0
>
> > - what about testsuite/ files ?
>
> Same, no specifically stated license will be GPL-2.0.
>
> Done !
> > Shall every thing just be GPL-2.0-or-later?
>
> Also just to be clear. As I am NOT the original author of this work, I
> won't
> accept a patch to remove any existing license text from the headers in this
> software, but I will accept the SPDX-License-Identifier to be added in
> addition
> to the existing license text.
>
>
If an existing file does not have any License text in it, then we will need
> to
> assume that the COPYING file covers all software unless there is some
> indicator
> it comes from another source with a different license. For items w/o
> existing
> licenses, just adding the SPDX-License-Identifier will be acceptable.
>
> So in a header similar to:
>
> /* Copyright (C) 2001, 2002, 2003, 2007 Red Hat, Inc.
> Written by Jakub Jelinek <jakub at redhat.com>, 2001.
>
> This program is free software; you can redistribute it and/or modify
> it under the terms of the GNU General Public License as published by
> the Free Software Foundation; either version 2, or (at your option)
> any later version.
>
> This program is distributed in the hope that it will be useful,
> but WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> GNU General Public License for more details.
>
> You should have received a copy of the GNU General Public License
> along with this program; if not, write to the Free Software Foundation,
> Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
>
> please add the header between the 'Written by' and the existing license
> text,
> such as:
>
> /* Copyright (C) 2001, 2002, 2003, 2007 Red Hat, Inc.
> Written by Jakub Jelinek <jakub at redhat.com>, 2001.
>
> SPDX-License-Identifier: GPL-2.0-or-later
>
> This program is free software; you can redistribute it and/or modify
> it under the terms of the GNU General Public License as published by
>
>
Here's the first attempt of the patch, feel free to give me any advice on
how to improve it!
Regards,
--
[image: SMILE] <http://www.smile.eu/>
20 rue des Jardins
92600 Asnières-sur-Seine
*Yann CARDAILLAC*
Ingénieur Systèmes Embarqués
[image: email] yann.cardaillac at smile.fr
[image: url] http://www.smile.eu
[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>
[image: eco] Pour la planète, n'imprimez ce mail que si c'est nécessaire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20191022/583a65c4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-add-SPDX-Licence-identifier.patch
Type: text/x-patch
Size: 73506 bytes
Desc: not available
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20191022/583a65c4/attachment-0001.bin>
More information about the Openembedded-core
mailing list