[U-Boot] SPDX License status

Tom Rini trini at konsulko.com
Fri Aug 25 01:25:57 UTC 2017


On Tue, Aug 22, 2017 at 10:39:40AM +0200, Wolfgang Denk wrote:
> Dear Tom,
> 
> In message <20170821192329.GF17193 at bill-the-cat> you wrote:
> > 
> > > Do I interpret this correctly that you think we should NOT insert
> > > SPDX tags into files imported from Linux (or other projects)?  But
> > > how do we keep track of the origin of such files, then?  Git meta
> > > data information is not useful for automatic tracking tools (or are
> > > there such clever tools available by now?)...
> > 
> > Generally speaking, Linux Kernel is what we're pulling stuff from, and
> > that's the project that doesn't care for SPDX tags being introduced, and
> > we know what we sync largely there.  For other projects, some evangelism
> > about SPDX might work.
> 
> I'm afraid a statement like "we know what we sync" is a bit
> shortsighted.  It's simply not sufficient that we know something, we
> should be able to prove it.  Even more, we should document it so
> nobody will ever have to ask us to prove it.
> 
> People using U-Boot in commercial projects have to undergo license
> clearing precedures, and for them such documentation is very
> important.  What's in our heads is not very useful to them in such a
> situation.
> 
> My opinion is that we should add proper SPDX tags to all files that
> we import and that do not yet contain any such information.

We must not pull in files that are not properly licensed to start with.
We must continue (and be better about) enforcing that when files come in
from other projects, or re-sync with them we clearly point to a stable
way to say when and where it came from (ie git hash, tag, release
number).  This type of traceability provides more useful information
than just a license tag.

> > We leave the dts/dtsi files un-touched from upstream, yes.  Thanks!
> 
> What about other files imported from Linux or other projects?  Say
> source code?

Actual code we have to take care with anyhow, but it's still up to the
person that has to handle the syncing.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20170824/a4e1576b/attachment.sig>


More information about the U-Boot mailing list