diff mbox series

treewide: Add SPDX identifier to IETF ASN.1 modules

Message ID 143690ecc1102c0f67fa7faec437ec7b02bb2304.1697885975.git.lukas@wunner.de (mailing list archive)
State New, archived
Headers show
Series treewide: Add SPDX identifier to IETF ASN.1 modules | expand

Commit Message

Lukas Wunner Oct. 21, 2023, 11:23 a.m. UTC
Per section 4.c. of the IETF Trust Legal Provisions, "Code Components"
in IETF Documents are licensed on the terms of the BSD-3-Clause license:

https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/

The term "Code Components" specifically includes ASN.1 modules:

https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/

Add an SPDX identifier as well as a copyright notice pursuant to section
6.d. of the Trust Legal Provisions to all ASN.1 modules in the tree
which are derived from IETF Documents.

Section 4.d. of the Trust Legal Provisions requests that each Code
Component identify the RFC from which it is taken, so link that RFC
in every ASN.1 module.

Signed-off-by: Lukas Wunner <lukas@wunner.de>
---
 I'm adding a new IETF ASN.1 module for PCI device authentication, hence
 had to research what the correct license is.  Thought I'd fix this up
 treewide while at it.

 Not included here is fs/smb/client/cifs_spnego_negtokeninit.asn1,
 which is similar to fs/smb/client/ksmbd_spnego_negtokeninit.asn1,
 but contains a Microsoft extension published as Open Specifications
 Documentation.  It's unclear to me what license they use:
 https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/

 crypto/asymmetric_keys/pkcs7.asn1            | 7 +++++++
 crypto/asymmetric_keys/pkcs8.asn1            | 6 ++++++
 crypto/asymmetric_keys/x509.asn1             | 7 +++++++
 crypto/asymmetric_keys/x509_akid.asn1        | 5 +++++
 crypto/rsaprivkey.asn1                       | 7 +++++++
 crypto/rsapubkey.asn1                        | 7 +++++++
 fs/smb/server/ksmbd_spnego_negtokeninit.asn1 | 8 ++++++++
 fs/smb/server/ksmbd_spnego_negtokentarg.asn1 | 7 +++++++
 net/ipv4/netfilter/nf_nat_snmp_basic.asn1    | 8 ++++++++
 9 files changed, 62 insertions(+)

Comments

Richard Fontana Oct. 21, 2023, 1:23 p.m. UTC | #1
On Sat, Oct 21, 2023 at 7:25 AM Lukas Wunner <lukas@wunner.de> wrote:
>
> Per section 4.c. of the IETF Trust Legal Provisions, "Code Components"
> in IETF Documents are licensed on the terms of the BSD-3-Clause license:
>
> https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/
>
> The term "Code Components" specifically includes ASN.1 modules:
>
> https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/

Sorry if this seems super-pedantic but I am pretty sure the license
text in the IETF Trust Legal Provisions does not actually match SPDX
`BSD-3-Clause` because of one additional word in clause 3 ("specific"
before "contributors"), so IMO you should get SPDX to modify its
definition of `BSD-3-Clause` prior to applying this patch (or get IETF
to change its version of the license, but I imagine that would be more
difficult). This issue of a multitude of nonsubstantively different,
non-matching versions of clause 3 is a common issue that has been
coming up in the Fedora project's adoption of SPDX identifiers for
license metadata.

Richard
Lukas Wunner Oct. 22, 2023, 8:53 a.m. UTC | #2
On Sat, Oct 21, 2023 at 09:23:55AM -0400, Richard Fontana wrote:
> On Sat, Oct 21, 2023 at 7:25???AM Lukas Wunner <lukas@wunner.de> wrote:
> >
> > Per section 4.c. of the IETF Trust Legal Provisions, "Code Components"
> > in IETF Documents are licensed on the terms of the BSD-3-Clause license:
> >
> > https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/
> >
> > The term "Code Components" specifically includes ASN.1 modules:
> >
> > https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/
> 
> Sorry if this seems super-pedantic but I am pretty sure the license
> text in the IETF Trust Legal Provisions does not actually match SPDX
> `BSD-3-Clause` because of one additional word in clause 3 ("specific"
> before "contributors"), so IMO you should get SPDX to modify its
> definition of `BSD-3-Clause` prior to applying this patch (or get IETF
> to change its version of the license, but I imagine that would be more
> difficult).

I've submitted a pull request to modify the SPDX definition of
BSD-3-Clause for the IETF variant:

https://github.com/spdx/license-list-XML/pull/2218

I assume this addresses your concern?  Let me know if it doesn't.

If anyone has further objections to this patch please speak up.

Thanks,

Lukas
Herbert Xu Oct. 27, 2023, 10:55 a.m. UTC | #3
On Sat, Oct 21, 2023 at 01:23:44PM +0200, Lukas Wunner wrote:
> Per section 4.c. of the IETF Trust Legal Provisions, "Code Components"
> in IETF Documents are licensed on the terms of the BSD-3-Clause license:
> 
> https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/
> 
> The term "Code Components" specifically includes ASN.1 modules:
> 
> https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/
> 
> Add an SPDX identifier as well as a copyright notice pursuant to section
> 6.d. of the Trust Legal Provisions to all ASN.1 modules in the tree
> which are derived from IETF Documents.
> 
> Section 4.d. of the Trust Legal Provisions requests that each Code
> Component identify the RFC from which it is taken, so link that RFC
> in every ASN.1 module.
> 
> Signed-off-by: Lukas Wunner <lukas@wunner.de>
> ---
>  I'm adding a new IETF ASN.1 module for PCI device authentication, hence
>  had to research what the correct license is.  Thought I'd fix this up
>  treewide while at it.
> 
>  Not included here is fs/smb/client/cifs_spnego_negtokeninit.asn1,
>  which is similar to fs/smb/client/ksmbd_spnego_negtokeninit.asn1,
>  but contains a Microsoft extension published as Open Specifications
>  Documentation.  It's unclear to me what license they use:
>  https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/
> 
>  crypto/asymmetric_keys/pkcs7.asn1            | 7 +++++++
>  crypto/asymmetric_keys/pkcs8.asn1            | 6 ++++++
>  crypto/asymmetric_keys/x509.asn1             | 7 +++++++
>  crypto/asymmetric_keys/x509_akid.asn1        | 5 +++++
>  crypto/rsaprivkey.asn1                       | 7 +++++++
>  crypto/rsapubkey.asn1                        | 7 +++++++
>  fs/smb/server/ksmbd_spnego_negtokeninit.asn1 | 8 ++++++++
>  fs/smb/server/ksmbd_spnego_negtokentarg.asn1 | 7 +++++++
>  net/ipv4/netfilter/nf_nat_snmp_basic.asn1    | 8 ++++++++
>  9 files changed, 62 insertions(+)

Patch applied.  Thanks.
J Lovejoy Oct. 31, 2023, 2:23 a.m. UTC | #4
On 10/22/23 4:53 AM, Lukas Wunner wrote:
> On Sat, Oct 21, 2023 at 09:23:55AM -0400, Richard Fontana wrote:
>> On Sat, Oct 21, 2023 at 7:25???AM Lukas Wunner <lukas@wunner.de> wrote:
>>> Per section 4.c. of the IETF Trust Legal Provisions, "Code Components"
>>> in IETF Documents are licensed on the terms of the BSD-3-Clause license:
>>>
>>> https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/
>>>
>>> The term "Code Components" specifically includes ASN.1 modules:
>>>
>>> https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/
>> Sorry if this seems super-pedantic but I am pretty sure the license
>> text in the IETF Trust Legal Provisions does not actually match SPDX
>> `BSD-3-Clause` because of one additional word in clause 3 ("specific"
>> before "contributors"), so IMO you should get SPDX to modify its
>> definition of `BSD-3-Clause` prior to applying this patch (or get IETF
>> to change its version of the license, but I imagine that would be more
>> difficult).
> I've submitted a pull request to modify the SPDX definition of
> BSD-3-Clause for the IETF variant:
>
> https://github.com/spdx/license-list-XML/pull/2218
>
> I assume this addresses your concern?  Let me know if it doesn't.
>
> If anyone has further objections to this patch please speak up.
Thanks for submitting the PR! Usually this is something that would be 
discussed via an issue before making a PR. I made one here 
https://github.com/spdx/license-list-XML/issues/2242 and will have a 
closer look shortly. Also ideally, this patch would not be applied until 
the additional markup is confirmed by SPDX (in case this is deemed a new 
license and needs a new/different identifier)

thanks,
Jilayne
> Thanks,
>
> Lukas
diff mbox series

Patch

diff --git a/crypto/asymmetric_keys/pkcs7.asn1 b/crypto/asymmetric_keys/pkcs7.asn1
index 1eca740..28e1f4a 100644
--- a/crypto/asymmetric_keys/pkcs7.asn1
+++ b/crypto/asymmetric_keys/pkcs7.asn1
@@ -1,3 +1,10 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 2009 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc5652#section-3
+
 PKCS7ContentInfo ::= SEQUENCE {
 	contentType	ContentType ({ pkcs7_check_content_type }),
 	content		[0] EXPLICIT SignedData OPTIONAL
diff --git a/crypto/asymmetric_keys/pkcs8.asn1 b/crypto/asymmetric_keys/pkcs8.asn1
index 702c41a..a2a8af2 100644
--- a/crypto/asymmetric_keys/pkcs8.asn1
+++ b/crypto/asymmetric_keys/pkcs8.asn1
@@ -1,3 +1,9 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 2010 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc5958#section-2
 --
 -- This is the unencrypted variant
 --
diff --git a/crypto/asymmetric_keys/x509.asn1 b/crypto/asymmetric_keys/x509.asn1
index 92d59c3..feb9573 100644
--- a/crypto/asymmetric_keys/x509.asn1
+++ b/crypto/asymmetric_keys/x509.asn1
@@ -1,3 +1,10 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 2008 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc5280#section-4
+
 Certificate ::= SEQUENCE {
 	tbsCertificate		TBSCertificate ({ x509_note_tbs_certificate }),
 	signatureAlgorithm	AlgorithmIdentifier,
diff --git a/crypto/asymmetric_keys/x509_akid.asn1 b/crypto/asymmetric_keys/x509_akid.asn1
index 1a33231..164b2ed 100644
--- a/crypto/asymmetric_keys/x509_akid.asn1
+++ b/crypto/asymmetric_keys/x509_akid.asn1
@@ -1,3 +1,8 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 2008 IETF Trust and the persons identified as authors
+-- of the code
+--
 -- X.509 AuthorityKeyIdentifier
 -- rfc5280 section 4.2.1.1
 
diff --git a/crypto/rsaprivkey.asn1 b/crypto/rsaprivkey.asn1
index 4ce0675..76865124 100644
--- a/crypto/rsaprivkey.asn1
+++ b/crypto/rsaprivkey.asn1
@@ -1,3 +1,10 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 2016 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc8017#appendix-A.1.2
+
 RsaPrivKey ::= SEQUENCE {
 	version		INTEGER,
 	n		INTEGER ({ rsa_get_n }),
diff --git a/crypto/rsapubkey.asn1 b/crypto/rsapubkey.asn1
index 725498e..0d32b1c 100644
--- a/crypto/rsapubkey.asn1
+++ b/crypto/rsapubkey.asn1
@@ -1,3 +1,10 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 2016 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc8017#appendix-A.1.1
+
 RsaPubKey ::= SEQUENCE {
 	n INTEGER ({ rsa_get_n }),
 	e INTEGER ({ rsa_get_e })
diff --git a/fs/smb/server/ksmbd_spnego_negtokeninit.asn1 b/fs/smb/server/ksmbd_spnego_negtokeninit.asn1
index 0065f19..00151380 100644
--- a/fs/smb/server/ksmbd_spnego_negtokeninit.asn1
+++ b/fs/smb/server/ksmbd_spnego_negtokeninit.asn1
@@ -1,3 +1,11 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 1998, 2000 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc2478#section-3.2.1
+-- https://www.rfc-editor.org/rfc/rfc2743#section-3.1
+
 GSSAPI ::=
 	[APPLICATION 0] IMPLICIT SEQUENCE {
 		thisMech
diff --git a/fs/smb/server/ksmbd_spnego_negtokentarg.asn1 b/fs/smb/server/ksmbd_spnego_negtokentarg.asn1
index 1151933..797e485 100644
--- a/fs/smb/server/ksmbd_spnego_negtokentarg.asn1
+++ b/fs/smb/server/ksmbd_spnego_negtokentarg.asn1
@@ -1,3 +1,10 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 1998 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc2478#section-3.2.1
+
 GSSAPI ::=
 	CHOICE {
 		negTokenInit
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.asn1 b/net/ipv4/netfilter/nf_nat_snmp_basic.asn1
index 24b7326..dc2cc57 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.asn1
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.asn1
@@ -1,3 +1,11 @@ 
+-- SPDX-License-Identifier: BSD-3-Clause
+--
+-- Copyright (C) 1990, 2002 IETF Trust and the persons identified as authors
+-- of the code
+--
+-- https://www.rfc-editor.org/rfc/rfc1157#section-4
+-- https://www.rfc-editor.org/rfc/rfc3416#section-3
+
 Message ::=
 	SEQUENCE {
 		version