Closed leogr closed 7 months ago
Clarification:
libelf
- is this statically or dynamically linked?
Clarification:
libelf
- is this statically or dynamically linked?
Hey @amye
It depends on the project. In Falco, libelf
is statically linked.
Ok, so in order to get an exception approved, we should scope this a little more. What's the scope of the exception requested -- just Falco's usage?
Ok, so in order to get an exception approved, we should scope this a little more. What's the scope of the exception requested -- just Falco's usage?
As a Falco maintainer, I would like to request an exception for Falco's usage. In Falco, we use it to deal with the eBPF program used by Falco to collect data from the kernel. It's statically compiled inside the Falco binary. Also, libbpf
(another 3rd party dependency for Falco, licensed under the BSD 2-clause and therefore automatically accepted on the Allowlist) depends on libelf
. Please, let us know if you need any further information in this regard.
That being said, as a separate and optional request, I would suggest you consider a general exception for libelf since it may benefit some projects, too.
Thanks
I'm a little confused by some of the example uses. Some of these look like packages installed in container images, but if that's what CNCF license policy covers, then it would have to have a blanket exception for GPLv2, GPLv3 and tons of other copyleft and non-copyleft licenses.
I'm a little confused by some of the example uses. Some of these look like packages installed in container images, but if that's what CNCF license policy covers, then it would have to have a blanket exception for GPLv2, GPLv3 and tons of other copyleft and non-copyleft licenses.
Hey @richardfontana
As a Falco maintainer, my insights are specific to Falco, where all three libraries mentioned above are statically linked during the build, not packaged in the container image. This requires only license exceptions specifically for their usage in Falco, not a blanket one.
That said, I still think discussing GPL packages in container images is valuable, however, it's beyond this issue's scope, in my opinion. wdyt?
Hey @Cmierly, should this be documented in https://github.com/cncf/foundation/tree/main/documents? :thinking:
The C/C++ libraries (
libcurl
,libefl
,uthash
) for which this issue requests license exceptions to be approved are commonly utilized across various CNCF projects. These dependencies are typically vital for these projects, given the absence of any compelling alternatives in C/C++.libcurl
libelf
libelf
to read, modify, or create ELF files within their software projects, which is usually particularly relevant when dealing with eBPF-compiled programs. It's widely used and part of most Linux distributions. Many libraries and tools depend onlibelf,
which is basically not replaceable with another library. When usinglibelf
unmodified, projects can opt for LGPLv3 (which is more permissive than GPLv2), and this allows linking to the library without requiring the rest of the program to be LGPL-licensed. Note thatlibelf
is developed as a component of elfutils, which includes various other libraries and utilities. However, this request specifically concernslibelf
and does not extend to other software within the elfutils umbrella.uthash
The list of projects using them is not exhaustive. Additionally, inspired by this template, below is some helpful information.
libelf
. Typically, these components are linked into the project's programs by compilers during build time.