[yocto] [OE-core] [prelink-cross] Bug 13529 add SPDX identifier

Yann CARDAILLAC yann.cardaillac at smile.fr
Tue Oct 22 02:28:57 PDT 2019 

On Mon, Oct 21, 2019 at 4:35 PM Mark Hatle <mark.hatle at kernel.crashing.org>
wrote:

> On 10/21/19 4:43 AM, Yann CARDAILLAC wrote:
> > Hi Mark Hatle, Jakub Jelinek,
>
> Jakub is no longer supporting this code, but he may have valuable insights
> into
> licensing.
>
> > I'm currently beginning the work on bug 13529:
> >
> > https://bugzilla.yoctoproject.org/show_bug.cgi?id=13529
> >
> > The purpose is to add SPDX identifier to scripts and sources.
> >
> > Most of the sources have licences on the sources, however some of them
> don't,
> > and I've question about others :
> >
> > - src/sha.c do not shall it be GPLV2-or-later as most of the other?
>
> /* sha.c - Functions to compute the SHA1 hash (message-digest) of files
>    or blocks of memory.  Complies to the NIST specification FIPS-180-1.
>
>    Copyright (C) 2000, 2001, 2003 Scott G. Miller
>
>    Credits:
>       Robert Klep <robert at ilse.nl>  -- Expansion function fix
>    NOTE: The canonical source of this file is maintained in GNU coreutils.
> */
>
> The last line is the key.  This apparently came from GNU coreutils.
>
> From the SCM logs, sha.c was introduced in approx 2003-07-01 from what it
> looks
> like.  So it's a pretty old version.  You will need to do some detective
> work,
> and find older versions of coreutils until you find the one that
> corresponds to
> the code that was checked in.  Start back in 2003 and work backwards as
> necessary.  (The version that matches to the original 2003-07-01 should be
> the
> reasonable license to use.)
>

Ok I found it ! https://github.com/coreutils/coreutils/blob/v4.5.8/lib/sha.c

from : https://github.com/coreutils/coreutils/blob/v4.5.8/COPYING it looks
like it's only GPLV2


> > - how to licence m4/libelf.m4 ? I'd prefer you to tell me exactly what
> to add in
> > order to avoid errors
>
> The original version of the m4/libelf.m4 was introduced 2001-09-27.  It
> appears
> to me that it was written as part of the prelinker, so would be under the
> overall license of the prelinker.
>
> Based on this, my assumption is that it is GPL-2.0
>
> I do not see any 'or-later' clauses anywhere.
>
> I have just add  "dnl SPDX-License-Identifier: GPL-2.0-only" bellow the
"Written by" comment, however should it also be in the resulting template?
I can add it also at first line of the resulting file if necessary ?


> - what about *.C files ? They don't have licence header, they look like C
> file
> > to me so I'd probably add :
> > // SPDX-License-Identifier: GPL-2.0-or-later
>
> There are each simply test cases.  They would be covered by the overall
> 'COPYING' for the package.  Thus GPL-2.0
>
> > - what about testsuite/ files ?
>
> Same, no specifically stated license will be GPL-2.0.
>
> Done !

> > Shall every thing just be GPL-2.0-or-later?
>
> Also just to be clear.  As I am NOT the original author of this work, I
> won't
> accept a patch to remove any existing license text from the headers in this
> software, but I will accept the SPDX-License-Identifier to be added in
> addition
> to the existing license text.
>
>
If an existing file does not have any License text in it, then we will need
> to
> assume that the COPYING file covers all software unless there is some
> indicator
> it comes from another source with a different license.  For items w/o
> existing
> licenses, just adding the SPDX-License-Identifier will be acceptable.
>
> So in a header similar to:
>
> /* Copyright (C) 2001, 2002, 2003, 2007 Red Hat, Inc.
>    Written by Jakub Jelinek <jakub at redhat.com>, 2001.
>
>    This program is free software; you can redistribute it and/or modify
>    it under the terms of the GNU General Public License as published by
>    the Free Software Foundation; either version 2, or (at your option)
>    any later version.
>
>    This program is distributed in the hope that it will be useful,
>    but WITHOUT ANY WARRANTY; without even the implied warranty of
>    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>    GNU General Public License for more details.
>
>    You should have received a copy of the GNU General Public License
>    along with this program; if not, write to the Free Software Foundation,
>    Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
>
> please add the header between the 'Written by' and the existing license
> text,
> such as:
>
> /* Copyright (C) 2001, 2002, 2003, 2007 Red Hat, Inc.
>    Written by Jakub Jelinek <jakub at redhat.com>, 2001.
>
>    SPDX-License-Identifier: GPL-2.0-or-later
>
>    This program is free software; you can redistribute it and/or modify
>    it under the terms of the GNU General Public License as published by
>
>
Here's the first attempt of the patch, feel free to give me any advice on
how to improve it!

Regards,

-- 
[image: SMILE] <http://www.smile.eu/>

20 rue des Jardins
92600 Asnières-sur-Seine
*Yann CARDAILLAC*
Ingénieur Systèmes Embarqués

[image: email] yann.cardaillac at smile.fr
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>


[image: eco] Pour la planète, n'imprimez ce mail que si c'est nécessaire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20191022/583a65c4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-add-SPDX-Licence-identifier.patch
Type: text/x-patch
Size: 73506 bytes
Desc: not available
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20191022/583a65c4/attachment-0001.bin>

More information about the yocto mailing list