libconfig-model-dpkg-perl seems to misinterpret SPDX GPL-2.0-or-later
Domenico Andreoli
cavok at debian.org
Fri Nov 11 14:36:19 GMT 2022
Hi!
I'm relying on libconfig-model-dpkg-perl and cme to keep
debian/copyright up to date in the packages I maintain.
It's a great tool and is saving me tons of time, it's fair to say that
without it probably I could not afford being active any more.
So, first of all, thank you!
Now, it seems something is amiss with SPDX and GPL.
For instance, in my package jh7100-bootloader-recovery [0]
libconfig-model-dpkg-perl generates this entry:
Files: src/*
Copyright: 2020, Shanghai StarFive Technology Co., Ltd.
License: GPL-2
But if I do 'git grep GPL-2 src/' in the source tree root, I get:
src/boot/bootmain.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/boot/start.S:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/clkgen_ctrl_macro.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/comdef.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/encoding.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/ezGPIO_fullMux_ctrl_macro.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/platform.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/rstgen_ctrl_macro.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/serial_printf.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/serial_printf.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/sys.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/sys.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/syscon_iopad_ctrl_macro.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/syscon_sysmain_ctrl_macro.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/common/vic_module_reset_clkgen.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/spi/cadence_qspi.c: * SPDX-License-Identifier: GPL-2.0+
src/driver/spi/cadence_qspi.h: * SPDX-License-Identifier: GPL-2.0+
src/driver/spi/spi.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/spi/spi.h: * SPDX-License-Identifier: GPL-2.0+
src/driver/spi/spi_flash.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/spi/spi_flash.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/spi/spi_probe.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/timer/timer.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/timer/timer.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/uart/uart.c:/* SPDX-License-Identifier: GPL-2.0-or-later */
src/driver/uart/uart.h:/* SPDX-License-Identifier: GPL-2.0-or-later */
Therefore I would expect the reported license to actually be GPL-2+.
If I look at lib/Dpkg/Copyright/Scanner.pm in libconfig-model-dpkg-perl,
then I see:
# convert spdx license in Debian style
$l =~ s!(L?GPL-\d)\.0!$1!g;
$l =~ s!(L?GPL-[\d.]+)-only!$1!g;
$l =~ s!(L?GPL-[\d.]+)-or-later!$1+!g;
While probably it should be
# convert spdx license in Debian style
$l =~ s!(L?GPL-[\d.]+)-only!$1!g;
$l =~ s!(L?GPL-[\d.]+)-or-later!$1+!g;
$l =~ s!(L?GPL-\d)\.0!$1!g;
Actually I'm not sure... but could you please give it a glance? Should I
actually open a bug?
Thanks for reading so far.
Regards,
Domenico
[0] https://salsa.debian.org/debian/jh7100-bootloader-recovery
--
rsa4096: 3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13
ed25519: FFB4 0CC3 7F2E 091D F7DA 356E CC79 2832 ED38 CB05
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20221111/e65a94ca/attachment.sig>
More information about the pkg-perl-maintainers
mailing list