-
Notifications
You must be signed in to change notification settings - Fork 927
License and Notice Files
There are two sets of License and Notice files. One set for the CLI source code, and another for CLI distributions such as CLI binaries and installers.
These are the LICENSE and NOTICE files that live in the root directory of the CLI repo. They are distributed with the source code owned by Pivotal (2013-2015) and Cloudfoundry (2015-present).
These are the 3RD-PARTY-LICENSES and NOTICE files that live in the ci/license directory of the CLI repo. There is also a LICENSE-WITH-3RD-PARTY-LICENSES file here that is created by concatenating the source code LICENSE file with the 3RD-PARTY-LICENSES file. The LICENSE-WITH-3RD-PARTY-LICENSES and NOTICE files are distributed with CLI binaries and installers.
The CLI distribution's 3RD-PARTY-LICENSES and NOTICE files are updated when vendored dependencies are added or removed.
If the dependency being vendored is for testing only, no changes are needed.
The distribution's 3RD-PARTY-LICENSES file does not need to be updated. The dependency may have its own NOTICE file, in which case its copyright attributions need to be added to the CLI distribution's NOTICE file (see how it's done for others).
First check if the dependency's LICENSE file is compatible with our own Apache 2.0 license (ask PM, who will check ASF's OK list and No-Go list and confirm with the CFF). If compatible, the dependency's LICENSE file needs to be appended to the CLI distribution's 3RD-PARTY-LICENSES file. The CLI distribution's NOTICE file does not need to be updated.
First check whether either license is Apache 2.0 or compatible with Apache 2.0 (see above). If so, ask the PM how to proceed. (Dual-license usually means we have to choose either in our distribution).
In this case the CLI cannot use this dependency.
Dependency has distribution terms & conditions, but in the README, COPYING or other file (not LICENSE)
It does not matter where the license terms & conditions are mentioned; proceed as above.