search

cncf / foundation

☁️♮🏛 This repo contains several documents related to the operation of the CNCF. File non-technical issues related to CNCF here.
https://cncf.io
Other
552 stars 542 forks source link

Best Practices for code attribution #650

Closed amye closed 10 months ago

amye commented 11 months ago

The CNCF policy on copyright notices are here (specifically the case where third party code is included): https://github.com/cncf/foundation/blob/main/copyright-notices.md#what-about-third-party-code

However there are some best practices in several projects including guidance like:

Have a well-marked directory indicating third-party code Ensure LICENSES and NOTICES of the third-party code is retained as-is When possible, import history and not just a snapshot of the code Ideally notify the folks who you are picking up code from in a public fashion (and wait for their response if possible) What else?

PS: guidance in k8s community for third_party code is here

(was https://github.com/cncf/toc/issues/877 -- now moving here)

amye commented 10 months ago

https://github.com/cncf/foundation/pull/654 likely resolves