Invalid SPDX license identifier used in file #31938
Comments
kestewart
added
bug
|
@kestewart what would be the correct way of expressing the dual-licensing using SPDX? To have 2 separate SPDX lines? |
|
@carlescufi The way the license expression itself is written is fine. Problem is
See the link provided earlier for how to code up something that doesn't have an equivalent on Possibly Arm has a standard SPDX identifier they use for this license already ? If not, suggest you follow the guidelines from https://reuse.software/spec/#license-files and create a License file in the module with the text of the license you want to represent, and then name it Alternately - given that its an "OR" scenario, will your legal folk just let you release it with the BSD-3-Clause license and avoid the issue? |
|
From the SPDX community perspective, agreed with @kestewart -- |
|
The OpenThread PR has now been merged: openthread/openthread#6137 |
|
@carlescufi, I proceeded with the upmerge: #32025 |
Describe the bug
An invalid SPDX license identifier is being specified in
https://github.com/zephyrproject-rtos/openthread/blob/zephyr/third_party/NordicSemiconductor/libraries/nrf_security/config/nrf-config.h
SPDX-License-Identifier: BSD-3-Clause OR Arm’s non-OSI source licenseThe phrase "Arm's non-OSI source license" is not a valid SPDX license identifier.
To Reproduce
The problem is in the source files, and needs to be addressed there.
Expected behavior
Valid SPDX license identifier from https://spdx.org/licenses/ should be used, or
a "LicenseRef-" identifier should be created and used. Details on the "LicenseRef-" syntax can be found in https://spdx.github.io/spdx-spec/6-other-licensing-information-detected/#61-license-identifier should be used in the expression
Impact
Serious - this breaks tooling working to summarize the licenses for the sources and generate SPDX documents.
Logs and console output
Environment (please complete the following information):
The problem can be seen in the source file.
Additional context
This same problem can also be seen in:
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/ccm_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/chacha20_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/chachapoly_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/ecp_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/platform_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/poly1305_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/sha1_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/sha256_alt.h
FileName: ./modules/lib/openthread/third_party/NordicSemiconductor/libraries/nrf_security/include/mbedtls/threading_alt.h
The text was updated successfully, but these errors were encountered: