However there are some best practices in several projects including guidance like:
Have a well-marked directory indicating third-party code
Ensure LICENSES and NOTICES of the third-party code is retained as-is
When possible, import history and not just a snapshot of the code
Ideally notify the folks who you are picking up code from in a public fashion (and wait for their response if possible)
What else?
PS: guidance in k8s community for third_party code is here
The CNCF policy on copyright notices are here (specifically the case where third party code is included): https://github.com/cncf/foundation/blob/main/copyright-notices.md#what-about-third-party-code
However there are some best practices in several projects including guidance like:
Have a well-marked directory indicating third-party code Ensure LICENSES and NOTICES of the third-party code is retained as-is When possible, import history and not just a snapshot of the code Ideally notify the folks who you are picking up code from in a public fashion (and wait for their response if possible) What else?
PS: guidance in k8s community for third_party code is here
(was https://github.com/cncf/toc/issues/877 -- now moving here)