From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: dfawcus@employees.org Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 866ce9ca for ; Tue, 20 Feb 2018 00:15:26 +0000 (UTC) Received: from accordion.employees.org (accordion.employees.org [198.137.202.74]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c9d284f4 for ; Tue, 20 Feb 2018 00:15:26 +0000 (UTC) Date: Tue, 20 Feb 2018 00:22:58 +0000 From: Derek Fawcus To: wireguard@lists.zx2c4.com Subject: Question about SPDX marking on some crypto files Message-ID: <20180220002258.GA28723@accordion.employees.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hello, having just learnt of this product, I started poking through the source; when I got to some of the crypto code I noticed something curious, and did a bit more research. I'm curious about the SPDX licence marking on the crypto source files which seem to be autogenerated, specifically these: src/crypto/curve25519-fiat32.h - GPL-2.0 machine generated from https://github.com/mit-plv/fiat-crypto src/crypto/curve25519-hacl64.h - GPL-2.0 mahine generated from https://github.com/mitls/hacl-star The LICENCE file on the former site indicates that its code is MIT licence, so it seems odd that the output from its execution should be any more restrictive. Whereas for the latter site, its README.md explicitly states 'All generated C code is released under MIT', so again it seems odd to make the tag more restrictive. So was there simply an error made when the SPDX tags were applied, or has some additional significant manual addition occured to justify changing the licence? Doing any significant manual change to the output would however seem to defeat the object in using formally verified automatically generated implementations. Thanks. DF