| Message ID | 20230607053940.39078-10-bagasdotme@gmail.com |
|---|---|
| Headers | show |
| Series | SPDX conversion for cryptographic algorithms | expand |
On Wed, Jun 7, 2023 at 1:41 AM Bagas Sanjaya <bagasdotme@gmail.com> wrote: > > License boilerplate in CTS mode implementation (crypto/cts.c) looks like > MIT license with advertising clause. Replace it with correspondig > SPDX tag. > > Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> > --- > crypto/cts.c | 24 +----------------------- > 1 file changed, 1 insertion(+), 23 deletions(-) > > diff --git a/crypto/cts.c b/crypto/cts.c > index 8f604f6554b1c3..9ec7e9787c0f6a 100644 > --- a/crypto/cts.c > +++ b/crypto/cts.c > @@ -1,3 +1,4 @@ > +// SPDX-License-Identifier: MIT > /* > * CTS: Cipher Text Stealing mode > * > @@ -5,29 +6,6 @@ > * The Regents of the University of Michigan > * ALL RIGHTS RESERVED > * > - * Permission is granted to use, copy, create derivative works > - * and redistribute this software and such derivative works > - * for any purpose, so long as the name of The University of > - * Michigan is not used in any advertising or publicity > - * pertaining to the use of distribution of this software > - * without specific, written prior authorization. If the > - * above copyright notice or any other identification of the > - * University of Michigan is included in any copy of any > - * portion of this software, then the disclaimer below must > - * also be included. > - * > - * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION > - * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY > - * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF > - * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING > - * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF > - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE > - * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE > - * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR > - * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING > - * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN > - * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF > - * SUCH DAMAGES. > */ This is not the MIT license (as defined by SPDX) - there may not be an SPDX identifier covering this license text. This is at least the second time in your recent patches where you have assumed that a non-GPL license corresponds to a particular SPDX identifier without (apparently) checking. Richard
On Wed, Jun 07, 2023 at 09:47:33AM -0400, Richard Fontana wrote: > On Wed, Jun 7, 2023 at 1:41 AM Bagas Sanjaya <bagasdotme@gmail.com> wrote: > > > > License boilerplate in CTS mode implementation (crypto/cts.c) looks like > > MIT license with advertising clause. Replace it with correspondig > > SPDX tag. > > > > Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> > > --- > > crypto/cts.c | 24 +----------------------- > > 1 file changed, 1 insertion(+), 23 deletions(-) > > > > diff --git a/crypto/cts.c b/crypto/cts.c > > index 8f604f6554b1c3..9ec7e9787c0f6a 100644 > > --- a/crypto/cts.c > > +++ b/crypto/cts.c > > @@ -1,3 +1,4 @@ > > +// SPDX-License-Identifier: MIT > > /* > > * CTS: Cipher Text Stealing mode > > * > > @@ -5,29 +6,6 @@ > > * The Regents of the University of Michigan > > * ALL RIGHTS RESERVED > > * > > - * Permission is granted to use, copy, create derivative works > > - * and redistribute this software and such derivative works > > - * for any purpose, so long as the name of The University of > > - * Michigan is not used in any advertising or publicity > > - * pertaining to the use of distribution of this software > > - * without specific, written prior authorization. If the > > - * above copyright notice or any other identification of the > > - * University of Michigan is included in any copy of any > > - * portion of this software, then the disclaimer below must > > - * also be included. > > - * > > - * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION > > - * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY > > - * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF > > - * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING > > - * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF > > - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE > > - * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE > > - * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR > > - * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING > > - * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN > > - * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF > > - * SUCH DAMAGES. > > */ > > This is not the MIT license (as defined by SPDX) - there may not be an > SPDX identifier covering this license text. > > This is at least the second time in your recent patches where you have > assumed that a non-GPL license corresponds to a particular SPDX > identifier without (apparently) checking. > I was thought of interpolating license tags (heuristic matching) in cases like this. In this case, the UoMi license was adapted from (and roughly resembled) MIT (hence I thought of MIT variant). Greg, is Richard's comment right? If so, I'll drop this patch. Thanks!
On Thu, Jun 08, 2023 at 12:32:34PM +0700, Bagas Sanjaya wrote: > On Wed, Jun 07, 2023 at 09:47:33AM -0400, Richard Fontana wrote: > > On Wed, Jun 7, 2023 at 1:41 AM Bagas Sanjaya <bagasdotme@gmail.com> wrote: > > > > > > License boilerplate in CTS mode implementation (crypto/cts.c) looks like > > > MIT license with advertising clause. Replace it with correspondig > > > SPDX tag. > > > > > > Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> > > > --- > > > crypto/cts.c | 24 +----------------------- > > > 1 file changed, 1 insertion(+), 23 deletions(-) > > > > > > diff --git a/crypto/cts.c b/crypto/cts.c > > > index 8f604f6554b1c3..9ec7e9787c0f6a 100644 > > > --- a/crypto/cts.c > > > +++ b/crypto/cts.c > > > @@ -1,3 +1,4 @@ > > > +// SPDX-License-Identifier: MIT > > > /* > > > * CTS: Cipher Text Stealing mode > > > * > > > @@ -5,29 +6,6 @@ > > > * The Regents of the University of Michigan > > > * ALL RIGHTS RESERVED > > > * > > > - * Permission is granted to use, copy, create derivative works > > > - * and redistribute this software and such derivative works > > > - * for any purpose, so long as the name of The University of > > > - * Michigan is not used in any advertising or publicity > > > - * pertaining to the use of distribution of this software > > > - * without specific, written prior authorization. If the > > > - * above copyright notice or any other identification of the > > > - * University of Michigan is included in any copy of any > > > - * portion of this software, then the disclaimer below must > > > - * also be included. > > > - * > > > - * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION > > > - * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY > > > - * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF > > > - * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING > > > - * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF > > > - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE > > > - * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE > > > - * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR > > > - * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING > > > - * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN > > > - * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF > > > - * SUCH DAMAGES. > > > */ > > > > This is not the MIT license (as defined by SPDX) - there may not be an > > SPDX identifier covering this license text. > > > > This is at least the second time in your recent patches where you have > > assumed that a non-GPL license corresponds to a particular SPDX > > identifier without (apparently) checking. > > > > I was thought of interpolating license tags (heuristic matching) in > cases like this. In this case, the UoMi license was adapted from > (and roughly resembled) MIT (hence I thought of MIT variant). Nope, licenses don't always work that way, sorry. > Greg, is Richard's comment right? If so, I'll drop this patch. Yes it is, please ask for all of these to not be applied. There's a reason that we didn't do all of these in the first big sweep of the kernel tree, as you are finding out :( thanks, greg k-h
On Wed, Jun 07, 2023 at 09:56:03AM -0400, Richard Fontana wrote: > On Wed, Jun 7, 2023 at 1:41 AM Bagas Sanjaya <bagasdotme@gmail.com> wrote: > > > > Replace the boilerplate with corresponding SPDX tag. Since there is no > > explicit GPL version, assume GPL 1.0+. > > > > Cc: Stephan Mueller <smueller@chronox.de> > > Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> > > --- > > crypto/drbg.c | 33 +-------------------------------- > > 1 file changed, 1 insertion(+), 32 deletions(-) > > > > diff --git a/crypto/drbg.c b/crypto/drbg.c > > index ff4ebbc68efab1..f797deaf3952ef 100644 > > --- a/crypto/drbg.c > > +++ b/crypto/drbg.c > > @@ -1,3 +1,4 @@ > > +// SPDX-License-Identifier: BSD-3-Clause OR GPL-1.0+ > > /* > > * DRBG: Deterministic Random Bits Generator > > * Based on NIST Recommended DRBG from NIST SP800-90A with the following > > @@ -9,38 +10,6 @@ > > * > > * Copyright Stephan Mueller <smueller@chronox.de>, 2014 > > * > > - * Redistribution and use in source and binary forms, with or without > > - * modification, are permitted provided that the following conditions > > - * are met: > > - * 1. Redistributions of source code must retain the above copyright > > - * notice, and the entire permission notice in its entirety, > > - * including the disclaimer of warranties. > > - * 2. Redistributions in binary form must reproduce the above copyright > > - * notice, this list of conditions and the following disclaimer in the > > - * documentation and/or other materials provided with the distribution. > > - * 3. The name of the author may not be used to endorse or promote > > - * products derived from this software without specific prior > > - * written permission. > > - * > > - * ALTERNATIVELY, this product may be distributed under the terms of > > - * the GNU General Public License, in which case the provisions of the GPL are > > - * required INSTEAD OF the above restrictions. (This clause is > > - * necessary due to a potential bad interaction between the GPL and > > - * the restrictions contained in a BSD-style copyright.) > > - * > > - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED > > - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES > > - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF > > - * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE > > - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > > - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT > > - * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > > - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF > > - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > > - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE > > - * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH > > - * DAMAGE. > > The non-GPL portion of this notice does not match BSD-3-Clause as > currently defined by SPDX (see: > https://github.com/spdx/license-list-XML/blob/main/src/BSD-3-Clause.xml). > This is at least the third time in your recent patches that you have > assumed that a non-GPL license matches a particular SPDX identifier > without (apparently) checking. I missed the point of first clause of this BSD boilerplate, for which I had to not delete the boilerplate. I can keep the SPDX tag if Stephan (original author) or at least Greg agree with this BSD wording variant. > > That's assuming it's appropriate to represent this as a dual license > and omit the 'ALTERNATIVELY' parenthetical. I'm not sure how I feel > about that. Do you mean the SPDX tag should have been with AND instead? Thanks for reviewing.
On 6/8/23 12:40, Greg Kroah-Hartman wrote: >> Greg, is Richard's comment right? If so, I'll drop this patch. > > Yes it is, please ask for all of these to not be applied. > Did you mean this whole series? Other patches have not been reviewed yet. Maybe Herbert can apply these rest of patches if there is no objection.
On Thu, Jun 08, 2023 at 01:49:32PM +0700, Bagas Sanjaya wrote: > On 6/8/23 12:40, Greg Kroah-Hartman wrote: > >> Greg, is Richard's comment right? If so, I'll drop this patch. > > > > Yes it is, please ask for all of these to not be applied. > > > > Did you mean this whole series? Other patches have not been reviewed > yet. Maybe Herbert can apply these rest of patches if there is > no objection. Based on the review of these, I would drop them all until you can get a review from someone with lots of license experience to add their reviewed-by to them. thanks, greg k-h
On Thu, Jun 08, 2023 at 12:32:34PM +0700, Bagas Sanjaya wrote: > On Wed, Jun 07, 2023 at 09:47:33AM -0400, Richard Fontana wrote: > > Greg, is Richard's comment right? If so, I'll drop this patch. Heh. Richard is the only person on thread who is a Lawyer with a Wikipedia page. https://en.wikipedia.org/wiki/Richard_Fontana Let's just assume everything he says is 100% correct. regards, dan carpenter
I prompted to create this series when reviewing trivial, checkpatch-fixing patches from Franziska Naepelt [1]. When reviewing crypto ones and looking on SPDX changes, I felt that these could be better sent as separate patch series covering whole crypto/ directory instead. So here is the series and happy reviewing! [1]: https://lore.kernel.org/all/?q=f%3A%22bagasdotme%40gmail.com%22+AND+tc%3A%22Franziska+Naepelt+%3Cfranziska.naepelt%40googlemail.com%3E%22 Bagas Sanjaya (8): crypto: Convert dual BSD 3-Clause/GPL 2.0 boilerplate to SPDX identifier crypto: fcrypt: Replace dual BSD 3-Clause/GPL 2.0+ boilerplate with SPDX identifier crypto: drbg: Convert dual BSD 3-Clause/GPL-1.0 license boilerplate to SPDX identifier crypto: ecc: Replace BSD 2-Clause license boilerplate with SPDX identifier crypto: streebog_generic: Correct SPDX license identifier crypto: Replace GPL 2.0 boilerplate with SPDX license identifier crypto: ecrdsa: Remove GPL 2.0+ boilerplate crypto: cts: Convert MIT boilerplate to corresponding SPDX license identifier crypto/aes_generic.c | 31 +------------------------------ crypto/algif_rng.c | 33 +-------------------------------- crypto/anubis.c | 6 +----- crypto/crct10dif_common.c | 15 +-------------- crypto/crct10dif_generic.c | 15 +-------------- crypto/cts.c | 24 +----------------------- crypto/drbg.c | 33 +-------------------------------- crypto/ecc.c | 21 +-------------------- crypto/ecrdsa.c | 4 ---- crypto/ecrdsa_defs.h | 4 ---- crypto/fcrypt.c | 32 +------------------------------- crypto/jitterentropy-kcapi.c | 32 +------------------------------- crypto/jitterentropy.c | 35 +---------------------------------- crypto/keywrap.c | 32 +------------------------------- crypto/khazad.c | 6 +----- crypto/md4.c | 6 +----- crypto/md5.c | 6 +----- crypto/poly1305_generic.c | 5 +---- crypto/streebog_generic.c | 6 +----- crypto/vmac.c | 13 +------------ crypto/wp512.c | 6 +----- 21 files changed, 19 insertions(+), 346 deletions(-) base-commit: 134e0dc6b73ab7e99464182356a8b3fa4ea3b499