On Tue, Aug 22, 2017 at 10:39:40AM +0200, Wolfgang Denk wrote: > Dear Tom, > > In message <20170821192329.GF17193@bill-the-cat> you wrote: > > > > > Do I interpret this correctly that you think we should NOT insert > > > SPDX tags into files imported from Linux (or other projects)? But > > > how do we keep track of the origin of such files, then? Git meta > > > data information is not useful for automatic tracking tools (or are > > > there such clever tools available by now?)... > > > > Generally speaking, Linux Kernel is what we're pulling stuff from, and > > that's the project that doesn't care for SPDX tags being introduced, and > > we know what we sync largely there. For other projects, some evangelism > > about SPDX might work. > > I'm afraid a statement like "we know what we sync" is a bit > shortsighted. It's simply not sufficient that we know something, we > should be able to prove it. Even more, we should document it so > nobody will ever have to ask us to prove it. > > People using U-Boot in commercial projects have to undergo license > clearing precedures, and for them such documentation is very > important. What's in our heads is not very useful to them in such a > situation. > > My opinion is that we should add proper SPDX tags to all files that > we import and that do not yet contain any such information.
We must not pull in files that are not properly licensed to start with. We must continue (and be better about) enforcing that when files come in from other projects, or re-sync with them we clearly point to a stable way to say when and where it came from (ie git hash, tag, release number). This type of traceability provides more useful information than just a license tag. > > We leave the dts/dtsi files un-touched from upstream, yes. Thanks! > > What about other files imported from Linux or other projects? Say > source code? Actual code we have to take care with anyhow, but it's still up to the person that has to handle the syncing. -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
