On Tue, Jun 25, 2024 at 5:17 AM Jan Beulich <jbeul...@suse.com> wrote: > > On 21.06.2024 21:14, Tamas K Lengyel wrote: > > --- /dev/null > > +++ b/scripts/oss-fuzz/build.sh > > @@ -0,0 +1,22 @@ > > +#!/bin/bash -eu > > +# Copyright 2024 Google LLC > > +# > > +# Licensed under the Apache License, Version 2.0 (the "License"); > > +# you may not use this file except in compliance with the License. > > +# You may obtain a copy of the License at > > +# > > +# http://www.apache.org/licenses/LICENSE-2.0 > > +# > > +# Unless required by applicable law or agreed to in writing, software > > +# distributed under the License is distributed on an "AS IS" BASIS, > > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > > +# See the License for the specific language governing permissions and > > +# limitations under the License. > > +# > > +################################################################################ > > I'm a little concerned here, but maybe I shouldn't be. According to what > I'm reading, the Apache 2.0 license is at least not entirely compatible > with GPLv2. While apparently the issue is solely with linking in Apache- > licensed code, I wonder whether us not having a respective file under > ./LICENSES/ (and no pre-cooked SPDX identifier to use) actually has a > reason possibly excluding the use of such code in the project.
The script is standalone in a clearly separate folder, not linking with anything else in the project so there is no license mixing. Adding an SPDX tag to the file would be fine. Tamas
