| Message ID | 20250124200723.14829-1-bage@debian.org |
|---|---|
| State | New |
| Headers | show |
| Series | busybox: Correct SPDX license reference | expand |
On Fri, 2025-01-24 at 21:07 +0100, Bastian Germann via lists.openembedded.org wrote: > Commit 6238ee3ecd (recipes-core/busybox: fixup licensing information) > claims that there is no applicable license identifier in SPDX, so a > bzip2-1.0.4 is made up. > > There is no bzip2-1.0.4 license defined in SPDX. However, bzip2-1.0.6 is > the same license. > > License-Update: wrong SPDX identifier > > Signed-off-by: Bastian Germann <bage@debian.org> > --- > meta/recipes-core/busybox/busybox.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc > index f778cff0f4..cebfd3c48c 100644 > --- a/meta/recipes-core/busybox/busybox.inc > +++ b/meta/recipes-core/busybox/busybox.inc > @@ -7,7 +7,7 @@ DEPENDS += "kern-tools-native virtual/crypt" > > # bzip2 applet in busybox is based on lightly-modified bzip2-1.0.4 source > # the GPL is version 2 only > -LICENSE = "GPL-2.0-only & bzip2-1.0.4" > +LICENSE = "GPL-2.0-only & bzip2-1.0.6" > LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb \ > file://archival/libarchive/bz/LICENSE;md5=28e3301eae987e8cfe19988e98383dae" There is a bit of confusion here: https://git.yoctoproject.org/poky/commit/meta/recipes-core/busybox/busybox.inc?h=master&id=0776bf6600c42cec2961d3f6d33c8c9c09cbb1ce Is the 1.0.4 and 1.0.6 license different or not? Cheers, Richard
Am 25.01.25 um 16:14 schrieb Richard Purdie: > On Fri, 2025-01-24 at 21:07 +0100, Bastian Germann via lists.openembedded.org wrote: >> Commit 6238ee3ecd (recipes-core/busybox: fixup licensing information) >> claims that there is no applicable license identifier in SPDX, so a >> bzip2-1.0.4 is made up. >> >> There is no bzip2-1.0.4 license defined in SPDX. However, bzip2-1.0.6 is >> the same license. >> >> License-Update: wrong SPDX identifier >> >> Signed-off-by: Bastian Germann <bage@debian.org> >> --- >> meta/recipes-core/busybox/busybox.inc | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc >> index f778cff0f4..cebfd3c48c 100644 >> --- a/meta/recipes-core/busybox/busybox.inc >> +++ b/meta/recipes-core/busybox/busybox.inc >> @@ -7,7 +7,7 @@ DEPENDS += "kern-tools-native virtual/crypt" >> >> # bzip2 applet in busybox is based on lightly-modified bzip2-1.0.4 source >> # the GPL is version 2 only >> -LICENSE = "GPL-2.0-only & bzip2-1.0.4" >> +LICENSE = "GPL-2.0-only & bzip2-1.0.6" >> LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb \ >> file://archival/libarchive/bz/LICENSE;md5=28e3301eae987e8cfe19988e98383dae" > > There is a bit of confusion here: > > https://git.yoctoproject.org/poky/commit/meta/recipes-core/busybox/busybox.inc?h=master&id=0776bf6600c42cec2961d3f6d33c8c9c09cbb1ce > > Is the 1.0.4 and 1.0.6 license different or not? They are not. You can simply diff the LICENSE FILE and will only find differences in the SPDX-optional copyright statements: https://github.com/libarchive/bzip2/compare/bzip2-1.0.4...bzip2-1.0.6#diff-c693279643b8cd5d248172d9c22cb7cf4ed163a3c98c8a3f69c2717edd3eacb7 SPDX should have done a better naming job...
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc index f778cff0f4..cebfd3c48c 100644 --- a/meta/recipes-core/busybox/busybox.inc +++ b/meta/recipes-core/busybox/busybox.inc @@ -7,7 +7,7 @@ DEPENDS += "kern-tools-native virtual/crypt" # bzip2 applet in busybox is based on lightly-modified bzip2-1.0.4 source # the GPL is version 2 only -LICENSE = "GPL-2.0-only & bzip2-1.0.4" +LICENSE = "GPL-2.0-only & bzip2-1.0.6" LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb \ file://archival/libarchive/bz/LICENSE;md5=28e3301eae987e8cfe19988e98383dae"
Commit 6238ee3ecd (recipes-core/busybox: fixup licensing information) claims that there is no applicable license identifier in SPDX, so a bzip2-1.0.4 is made up. There is no bzip2-1.0.4 license defined in SPDX. However, bzip2-1.0.6 is the same license. License-Update: wrong SPDX identifier Signed-off-by: Bastian Germann <bage@debian.org> --- meta/recipes-core/busybox/busybox.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)