One of the items raised at the QEMU maintainers meeting at KVM Forum 2024 was adoption of SPDX-License-Identifier for licensing of newly contributed source files, for which there were no dissenting voices.
Thus, to bring the proposal to the wider community, here is a series illustrating a way to put the decision into action by extending checkpatch.pl to mandate SPDX-License-Identifier in all new files. Furthermore, anytime it sees SPDX-License-Identifier in any patch, whether a new file or pre-existing, it validates the declared license name. If it is not one of the commonly used QEMU licenses (the GPL variants, MIT, & a few BSD variants), it will report an error. To encourage sticking with GPL-2.0-or-later by default, it will issue a warning even if it is one of the common licenses, encouraging the contributor to double check their choice. This should reduce (usually accidental) license proliferation in QEMU code. Finally, I've seen a few other random SPDX tags such as: * SPDX-FileCopyrightText - replacing "Copyright ..." * SPDX-FileContributor - replacing "Authors: ..." * SPDX-URL - a link to the link license text * SPDX-sourceInfo - arbitrary free form text about the file These may or may not be worth considering in QEMU, but this series discourages their usage by raising an error in checkpatch for now. If we feel we want to adopt any of these, I think it should be through a concious decision applied universally. Inconsistent & adhoc usage of other SPDX tags by a subset of contributors feels like it doesn't seem to give a clear win, and could even be a net loss through making practices inconsistent across the code. Daniel P. Berrangé (3): scripts: mandate that new files have SPDX-License-Identifier scripts: validate SPDX license choices scripts: forbid use of arbitrary SPDX tags besides license identifiers scripts/checkpatch.pl | 104 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) -- 2.46.0
