On 21.06.2024 21:14, Tamas K Lengyel wrote: > --- /dev/null > +++ b/scripts/oss-fuzz/build.sh > @@ -0,0 +1,22 @@ > +#!/bin/bash -eu > +# Copyright 2024 Google LLC > +# > +# Licensed under the Apache License, Version 2.0 (the "License"); > +# you may not use this file except in compliance with the License. > +# You may obtain a copy of the License at > +# > +# http://www.apache.org/licenses/LICENSE-2.0 > +# > +# Unless required by applicable law or agreed to in writing, software > +# distributed under the License is distributed on an "AS IS" BASIS, > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +# See the License for the specific language governing permissions and > +# limitations under the License. > +# > +################################################################################
I'm a little concerned here, but maybe I shouldn't be. According to what I'm reading, the Apache 2.0 license is at least not entirely compatible with GPLv2. While apparently the issue is solely with linking in Apache- licensed code, I wonder whether us not having a respective file under ./LICENSES/ (and no pre-cooked SPDX identifier to use) actually has a reason possibly excluding the use of such code in the project. > +cd xen > +./configure clang=y --disable-stubdom --disable-pvshim --disable-docs > --disable-xen > +make clang=y -C tools/include > +make clang=y -C tools/fuzz/x86_instruction_emulator libfuzzer-harness > +cp tools/fuzz/x86_instruction_emulator/libfuzzer-harness > $OUT/x86_instruction_emulator In addition to what Julien said, I further think that filename / directory name are too generic for a file with this pretty specific contents. Jan
