License Scan and Findings
pacoxu opened this issue · 6 comments
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/errwrap/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-cleanhttp/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-immutable-radix/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-multierror/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-retryablehttp/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-retryablehttp/client.go
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-retryablehttp/roundtripper.go
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-sockaddr/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/golang-lru/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/hcl/LICENSE
- - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE
This code is under the MPL-2.0 license which is weak copyleft. Be sure that it is used only as dynamic libraries, to be safe if it's not required remove it from your repo.
Like https://github.com/kubernetes/kubernetes/blob/master/hack/unwanted-dependencies.json
Per Bob Killen @mrbobbytables
All of these EXCEPT kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE
have been granted a license exception approval:
cncf-exceptions-2019-11-01.spdx
github.com/hashicorp/errwrap - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11
github.com/hashicopr/go-cleanhttp - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11
github.com/hashicopr/go-multierror - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11
github.com/hashicopr/golang-lru - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11
github.com/hashicopr/hcl - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11
cncf-exceptions-2021-07-19.spdx
github.com/hashicopr/go-retryablehttp - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2021-07-19
cncf-exceptions-2023-06-27.spdx
github.com/hashicopr/go-sockaddr - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2023-06-27
github.com/hashicopr/go-immutable-radix - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2023-06-27
You should request an exception for memberlist or remove the code.
- kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE
update the todo list
This is used in
kops/protokube/pkg/gossip/memberlist/gossip.go
Lines 27 to 28 in 68c500c
cluster "github.com/jacksontj/memberlistmesh"
github.com/jacksontj/memberlistmesh used github.com/hashicorp/memberlist.
/cc @jacksontj @justinsb
@pacoxu memberlistmesh is an important piece of the Gossip implementation in kOps at the moment. There is a plan to remove it in a year or so, but not immediate.
How can we obtain an exception for now?
@hakman there is a license exception request issue template in the cncf/foundation repo: https://github.com/cncf/foundation/issues/new/choose
It'll need review from the legal committee and approval from the GB to be added as an exception.
Thanks @mrbobbytables & @pacoxu. I created a new request for github.com/hashicorp/memberlist:
cncf/foundation#741