From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] SPDX License status
Date: Thu, 24 Aug 2017 21:25:57 -0400 [thread overview]
Message-ID: <20170825012557.GK2827@bill-the-cat> (raw)
In-Reply-To: <20170822083940.AEDC11202D1@gemini.denx.de>
On Tue, Aug 22, 2017 at 10:39:40AM +0200, Wolfgang Denk wrote:
> Dear Tom,
>
> In message <20170821192329.GF17193@bill-the-cat> you wrote:
> >
> > > Do I interpret this correctly that you think we should NOT insert
> > > SPDX tags into files imported from Linux (or other projects)? But
> > > how do we keep track of the origin of such files, then? Git meta
> > > data information is not useful for automatic tracking tools (or are
> > > there such clever tools available by now?)...
> >
> > Generally speaking, Linux Kernel is what we're pulling stuff from, and
> > that's the project that doesn't care for SPDX tags being introduced, and
> > we know what we sync largely there. For other projects, some evangelism
> > about SPDX might work.
>
> I'm afraid a statement like "we know what we sync" is a bit
> shortsighted. It's simply not sufficient that we know something, we
> should be able to prove it. Even more, we should document it so
> nobody will ever have to ask us to prove it.
>
> People using U-Boot in commercial projects have to undergo license
> clearing precedures, and for them such documentation is very
> important. What's in our heads is not very useful to them in such a
> situation.
>
> My opinion is that we should add proper SPDX tags to all files that
> we import and that do not yet contain any such information.
We must not pull in files that are not properly licensed to start with.
We must continue (and be better about) enforcing that when files come in
from other projects, or re-sync with them we clearly point to a stable
way to say when and where it came from (ie git hash, tag, release
number). This type of traceability provides more useful information
than just a license tag.
> > We leave the dts/dtsi files un-touched from upstream, yes. Thanks!
>
> What about other files imported from Linux or other projects? Say
> source code?
Actual code we have to take care with anyhow, but it's still up to the
person that has to handle the syncing.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20170824/a4e1576b/attachment.sig>
next prev parent reply other threads:[~2017-08-25 1:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-17 8:09 [U-Boot] SPDX License status Wolfgang Denk
2017-08-19 1:15 ` Tom Rini
2017-08-21 15:25 ` Wolfgang Denk
2017-08-21 19:23 ` Tom Rini
2017-08-22 8:39 ` Wolfgang Denk
2017-08-25 1:25 ` Tom Rini [this message]
2017-08-25 7:46 ` Wolfgang Denk
2017-11-02 18:25 ` Masahiro Yamada
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170825012557.GK2827@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox