On Thu, May 14, 2026 at 06:22:12AM -0600, Jonathan Corbet wrote:
> Willy Tarreau <[email protected]> writes:
>
> >> (While I was there, I noticed that threat-model.rst has no SPDX line;
> >> what's your preference there?)
> >
> > I didn't notice any was needed, I tried to get inspiration from other
> > files for the format (I'm still not familiar with the rst format
> > though this time I could successfully install the tools).
>
> In theory every file in the kernel tree is supposed to have one; many
> documentation files lag a bit behind on that front, but we try...
OK thanks for the background.
> > Same for
> > the label at the top BTW, I just did what I found somewhere else,
> > probably security-bugs.rst which is similar (no SPDX line and has a
> > label). So regarding SPDX, I do not have any preference. If one is
> > needed, let's pick what's used by default, I do not care, as long
> > as it allows the doc to be published.
>
> The top-of-file label got started somewhere and has been cargo-culted
> extensively since then; it has proved hard to eradicate.
I'm not surprised, everyone likely does like me: look at another file
to see what it should look like, and does it again. Apparently in
security-bugs it was added 10 years ago by this:
609d99a3b72e3 ("Documentation/HOWTO: add cross-references to other documents")
> As for SPDX, the most common is the basic:
>
> .. SPDX-License-Identifier: GPL-2.0
This works for me for the new file. For existing security-bugs, why
not do the same at the same time ? Before SPDX tags it has been covered
by GPL-2.0 as well via the COPYING file, and further contributions did
not change its license. And in the worst case a total of 10 people
touched the 3 names of that file over its Git history, I doubt there
would be too much resistance against an update.
Willy
