| Message ID | 143690ecc1102c0f67fa7faec437ec7b02bb2304.1697885975.git.lukas@wunner.de (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | treewide: Add SPDX identifier to IETF ASN.1 modules | expand |
On Sat, Oct 21, 2023 at 7:25 AM Lukas Wunner <lukas@wunner.de> wrote: > > Per section 4.c. of the IETF Trust Legal Provisions, "Code Components" > in IETF Documents are licensed on the terms of the BSD-3-Clause license: > > https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/ > > The term "Code Components" specifically includes ASN.1 modules: > > https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/ Sorry if this seems super-pedantic but I am pretty sure the license text in the IETF Trust Legal Provisions does not actually match SPDX `BSD-3-Clause` because of one additional word in clause 3 ("specific" before "contributors"), so IMO you should get SPDX to modify its definition of `BSD-3-Clause` prior to applying this patch (or get IETF to change its version of the license, but I imagine that would be more difficult). This issue of a multitude of nonsubstantively different, non-matching versions of clause 3 is a common issue that has been coming up in the Fedora project's adoption of SPDX identifiers for license metadata. Richard
On Sat, Oct 21, 2023 at 09:23:55AM -0400, Richard Fontana wrote: > On Sat, Oct 21, 2023 at 7:25???AM Lukas Wunner <lukas@wunner.de> wrote: > > > > Per section 4.c. of the IETF Trust Legal Provisions, "Code Components" > > in IETF Documents are licensed on the terms of the BSD-3-Clause license: > > > > https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/ > > > > The term "Code Components" specifically includes ASN.1 modules: > > > > https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/ > > Sorry if this seems super-pedantic but I am pretty sure the license > text in the IETF Trust Legal Provisions does not actually match SPDX > `BSD-3-Clause` because of one additional word in clause 3 ("specific" > before "contributors"), so IMO you should get SPDX to modify its > definition of `BSD-3-Clause` prior to applying this patch (or get IETF > to change its version of the license, but I imagine that would be more > difficult). I've submitted a pull request to modify the SPDX definition of BSD-3-Clause for the IETF variant: https://github.com/spdx/license-list-XML/pull/2218 I assume this addresses your concern? Let me know if it doesn't. If anyone has further objections to this patch please speak up. Thanks, Lukas
On Sat, Oct 21, 2023 at 01:23:44PM +0200, Lukas Wunner wrote: > Per section 4.c. of the IETF Trust Legal Provisions, "Code Components" > in IETF Documents are licensed on the terms of the BSD-3-Clause license: > > https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/ > > The term "Code Components" specifically includes ASN.1 modules: > > https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/ > > Add an SPDX identifier as well as a copyright notice pursuant to section > 6.d. of the Trust Legal Provisions to all ASN.1 modules in the tree > which are derived from IETF Documents. > > Section 4.d. of the Trust Legal Provisions requests that each Code > Component identify the RFC from which it is taken, so link that RFC > in every ASN.1 module. > > Signed-off-by: Lukas Wunner <lukas@wunner.de> > --- > I'm adding a new IETF ASN.1 module for PCI device authentication, hence > had to research what the correct license is. Thought I'd fix this up > treewide while at it. > > Not included here is fs/smb/client/cifs_spnego_negtokeninit.asn1, > which is similar to fs/smb/client/ksmbd_spnego_negtokeninit.asn1, > but contains a Microsoft extension published as Open Specifications > Documentation. It's unclear to me what license they use: > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/ > > crypto/asymmetric_keys/pkcs7.asn1 | 7 +++++++ > crypto/asymmetric_keys/pkcs8.asn1 | 6 ++++++ > crypto/asymmetric_keys/x509.asn1 | 7 +++++++ > crypto/asymmetric_keys/x509_akid.asn1 | 5 +++++ > crypto/rsaprivkey.asn1 | 7 +++++++ > crypto/rsapubkey.asn1 | 7 +++++++ > fs/smb/server/ksmbd_spnego_negtokeninit.asn1 | 8 ++++++++ > fs/smb/server/ksmbd_spnego_negtokentarg.asn1 | 7 +++++++ > net/ipv4/netfilter/nf_nat_snmp_basic.asn1 | 8 ++++++++ > 9 files changed, 62 insertions(+) Patch applied. Thanks.
On 10/22/23 4:53 AM, Lukas Wunner wrote: > On Sat, Oct 21, 2023 at 09:23:55AM -0400, Richard Fontana wrote: >> On Sat, Oct 21, 2023 at 7:25???AM Lukas Wunner <lukas@wunner.de> wrote: >>> Per section 4.c. of the IETF Trust Legal Provisions, "Code Components" >>> in IETF Documents are licensed on the terms of the BSD-3-Clause license: >>> >>> https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/ >>> >>> The term "Code Components" specifically includes ASN.1 modules: >>> >>> https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/ >> Sorry if this seems super-pedantic but I am pretty sure the license >> text in the IETF Trust Legal Provisions does not actually match SPDX >> `BSD-3-Clause` because of one additional word in clause 3 ("specific" >> before "contributors"), so IMO you should get SPDX to modify its >> definition of `BSD-3-Clause` prior to applying this patch (or get IETF >> to change its version of the license, but I imagine that would be more >> difficult). > I've submitted a pull request to modify the SPDX definition of > BSD-3-Clause for the IETF variant: > > https://github.com/spdx/license-list-XML/pull/2218 > > I assume this addresses your concern? Let me know if it doesn't. > > If anyone has further objections to this patch please speak up. Thanks for submitting the PR! Usually this is something that would be discussed via an issue before making a PR. I made one here https://github.com/spdx/license-list-XML/issues/2242 and will have a closer look shortly. Also ideally, this patch would not be applied until the additional markup is confirmed by SPDX (in case this is deemed a new license and needs a new/different identifier) thanks, Jilayne > Thanks, > > Lukas
diff --git a/crypto/asymmetric_keys/pkcs7.asn1 b/crypto/asymmetric_keys/pkcs7.asn1 index 1eca740..28e1f4a 100644 --- a/crypto/asymmetric_keys/pkcs7.asn1 +++ b/crypto/asymmetric_keys/pkcs7.asn1 @@ -1,3 +1,10 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 2009 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc5652#section-3 + PKCS7ContentInfo ::= SEQUENCE { contentType ContentType ({ pkcs7_check_content_type }), content [0] EXPLICIT SignedData OPTIONAL diff --git a/crypto/asymmetric_keys/pkcs8.asn1 b/crypto/asymmetric_keys/pkcs8.asn1 index 702c41a..a2a8af2 100644 --- a/crypto/asymmetric_keys/pkcs8.asn1 +++ b/crypto/asymmetric_keys/pkcs8.asn1 @@ -1,3 +1,9 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 2010 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc5958#section-2 -- -- This is the unencrypted variant -- diff --git a/crypto/asymmetric_keys/x509.asn1 b/crypto/asymmetric_keys/x509.asn1 index 92d59c3..feb9573 100644 --- a/crypto/asymmetric_keys/x509.asn1 +++ b/crypto/asymmetric_keys/x509.asn1 @@ -1,3 +1,10 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 2008 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc5280#section-4 + Certificate ::= SEQUENCE { tbsCertificate TBSCertificate ({ x509_note_tbs_certificate }), signatureAlgorithm AlgorithmIdentifier, diff --git a/crypto/asymmetric_keys/x509_akid.asn1 b/crypto/asymmetric_keys/x509_akid.asn1 index 1a33231..164b2ed 100644 --- a/crypto/asymmetric_keys/x509_akid.asn1 +++ b/crypto/asymmetric_keys/x509_akid.asn1 @@ -1,3 +1,8 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 2008 IETF Trust and the persons identified as authors +-- of the code +-- -- X.509 AuthorityKeyIdentifier -- rfc5280 section 4.2.1.1 diff --git a/crypto/rsaprivkey.asn1 b/crypto/rsaprivkey.asn1 index 4ce0675..76865124 100644 --- a/crypto/rsaprivkey.asn1 +++ b/crypto/rsaprivkey.asn1 @@ -1,3 +1,10 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 2016 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc8017#appendix-A.1.2 + RsaPrivKey ::= SEQUENCE { version INTEGER, n INTEGER ({ rsa_get_n }), diff --git a/crypto/rsapubkey.asn1 b/crypto/rsapubkey.asn1 index 725498e..0d32b1c 100644 --- a/crypto/rsapubkey.asn1 +++ b/crypto/rsapubkey.asn1 @@ -1,3 +1,10 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 2016 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc8017#appendix-A.1.1 + RsaPubKey ::= SEQUENCE { n INTEGER ({ rsa_get_n }), e INTEGER ({ rsa_get_e }) diff --git a/fs/smb/server/ksmbd_spnego_negtokeninit.asn1 b/fs/smb/server/ksmbd_spnego_negtokeninit.asn1 index 0065f19..00151380 100644 --- a/fs/smb/server/ksmbd_spnego_negtokeninit.asn1 +++ b/fs/smb/server/ksmbd_spnego_negtokeninit.asn1 @@ -1,3 +1,11 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 1998, 2000 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc2478#section-3.2.1 +-- https://www.rfc-editor.org/rfc/rfc2743#section-3.1 + GSSAPI ::= [APPLICATION 0] IMPLICIT SEQUENCE { thisMech diff --git a/fs/smb/server/ksmbd_spnego_negtokentarg.asn1 b/fs/smb/server/ksmbd_spnego_negtokentarg.asn1 index 1151933..797e485 100644 --- a/fs/smb/server/ksmbd_spnego_negtokentarg.asn1 +++ b/fs/smb/server/ksmbd_spnego_negtokentarg.asn1 @@ -1,3 +1,10 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 1998 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc2478#section-3.2.1 + GSSAPI ::= CHOICE { negTokenInit diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.asn1 b/net/ipv4/netfilter/nf_nat_snmp_basic.asn1 index 24b7326..dc2cc57 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.asn1 +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.asn1 @@ -1,3 +1,11 @@ +-- SPDX-License-Identifier: BSD-3-Clause +-- +-- Copyright (C) 1990, 2002 IETF Trust and the persons identified as authors +-- of the code +-- +-- https://www.rfc-editor.org/rfc/rfc1157#section-4 +-- https://www.rfc-editor.org/rfc/rfc3416#section-3 + Message ::= SEQUENCE { version
Per section 4.c. of the IETF Trust Legal Provisions, "Code Components" in IETF Documents are licensed on the terms of the BSD-3-Clause license: https://trustee.ietf.org/documents/trust-legal-provisions/tlp-5/ The term "Code Components" specifically includes ASN.1 modules: https://trustee.ietf.org/documents/trust-legal-provisions/code-components-list-3/ Add an SPDX identifier as well as a copyright notice pursuant to section 6.d. of the Trust Legal Provisions to all ASN.1 modules in the tree which are derived from IETF Documents. Section 4.d. of the Trust Legal Provisions requests that each Code Component identify the RFC from which it is taken, so link that RFC in every ASN.1 module. Signed-off-by: Lukas Wunner <lukas@wunner.de> --- I'm adding a new IETF ASN.1 module for PCI device authentication, hence had to research what the correct license is. Thought I'd fix this up treewide while at it. Not included here is fs/smb/client/cifs_spnego_negtokeninit.asn1, which is similar to fs/smb/client/ksmbd_spnego_negtokeninit.asn1, but contains a Microsoft extension published as Open Specifications Documentation. It's unclear to me what license they use: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/ crypto/asymmetric_keys/pkcs7.asn1 | 7 +++++++ crypto/asymmetric_keys/pkcs8.asn1 | 6 ++++++ crypto/asymmetric_keys/x509.asn1 | 7 +++++++ crypto/asymmetric_keys/x509_akid.asn1 | 5 +++++ crypto/rsaprivkey.asn1 | 7 +++++++ crypto/rsapubkey.asn1 | 7 +++++++ fs/smb/server/ksmbd_spnego_negtokeninit.asn1 | 8 ++++++++ fs/smb/server/ksmbd_spnego_negtokentarg.asn1 | 7 +++++++ net/ipv4/netfilter/nf_nat_snmp_basic.asn1 | 8 ++++++++ 9 files changed, 62 insertions(+)