SPDX headers

Dirk Hohndel dirk at hohndel.org
Thu Apr 27 19:43:28 PDT 2017 

On Thu, Apr 27, 2017 at 12:30:10PM -0700, Linus Torvalds wrote:
> On Thu, Apr 27, 2017 at 12:09 PM, Dirk Hohndel <dirk at hohndel.org> wrote:
> >
> > While most of our files are under the GPLv2, some aren't. And almost none
> > of them actually state what license they are under. While following some
> > of the sessions today, I multitasked and tried to add SPDX headers to most
> > of our files.
> 
> github makes it actively hard to actually see the actual patch
> differences, but trying to see what it is most of it seems to be
> 
>   +// SPDX-License-Identifier: GPL-2.0
> 
> at the top of most files. It seems mostly redundant.

That's exactly what it is, except that some files have a different
license.
And based on the Linux Foundation recommendations, the believe is that
this isn't redundant, but instead rather useful as it allows an
individual file, copied elsewhere and taken out of context, to still be
easily associated with the intended license.

> Is there no SPDX way to just state the exceptions? Ie just do "GPL2 is
> the default, mark only the other files"?

That is useful when you look at Subsurface as a whole. But as you can see
in our sources, people copy files from other projects (we have about half
a dozen files that were lifted from other projects). If they have no clear
indication what license they are under, you can't know.

For example, sha1.c and sha1.h - I happen to know that they weren't
written for Subsurface, instead in commit a0558a87b484 ("Get the SHA1
routines from git instead of openssl") they were brought in to our tree.
Now git itself lists a number of different licenses, and a few minutes
with the git git tree doesn't make it clear if sha1.c and sha1.h are under
the GPL-2.0 or under (at the discretion of Linus) under the GPL-2.0+ or
under the LGPL-2.1+ (which, btw, is why I decided not to tag those two
files with a license). And certainly, once someone copies those files from
Subsurface to somewhere else the forensic exercise becomes even harder.

My point is, the idea behind all this is to remove uncertainty. Not so
much uncertainty for Subsurface (even though I wish I did know the exact
license those two files are under... my guess would be GPL-v2.0, but I'm
not certain enough to say so), but to make it easier for people down the
road.

But that's also exactly why I didn't just push this change into the tree
but instead asked what people thought :-)

/D

More information about the subsurface mailing list