Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SPDX identifier of and (not sure which license it's under) #9417

samueloph opened this issue Sep 2, 2022 · 1 comment


Copy link


After the much appreciated work done by upstream of adding SPDX identifiers to pretty much all of the files, I decided to do a review of Debian's machine readable d/copyright for curl, and spotted a couple of files with no SPDX identifier from an author which is not curl's upstream.

The files are the following:

Both have this header:

# (c) CopyRight 2000 - 2020, EdelWeb for EdelKey and OpenEvidence
# Author: Peter Sylvester

With no license declaration, so I'm not sure what the SPDX header is supposed to set and didn't want to submit a PR.

I took the assumption that both files are under the curl license on Debian (as there isn't any other license shown), but decided to report this so you could double check and possibly add the SPDX header.

Thank you,

Copy link

bagder commented Sep 2, 2022

Yeah, we have a wildcard in `.reuse/dep5':

Files: tests/data/test* tests/certs/* tests/stunnel.pem tests/valgrind.supp

... but sure, shell scripts should have the SPDX properly spelled out. Will fix!

@bagder bagder self-assigned this Sep 2, 2022
bagder added a commit that referenced this issue Sep 2, 2022
... including the SPDX-License-Identifier.

These omissions were not detected by the RUEUSE CI job nor the
scanners because we have a general wildcard in .reuse/dep5 for

Reported-by: Samuel Henrique
Fixes #9417
@bagder bagder closed this as completed in 9178208 Sep 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Successfully merging a pull request may close this issue.

2 participants