Closed jberkus closed 3 months ago
Please put this request ON HOLD for the time being; we've had some discussion with the license committee and the request needs updating before it can be voted on.
EDL 1.0
Note that EDL 1.0 is just an Eclipse-branded license that matches SPDX BSD-3-Clause
and therefore it should be treated equivalently to that license (including for purposes of the allowlist policy).
As a maintainer and the lead of the Keycloak project I have created a new and updated issue here: https://github.com/cncf/foundation/issues/817.
Please close this issue, and review the new issue instead. Thanks.
@krook could you please close this issue per Stian's request?
I have prepared this exception request at the request of the Keycloak maintainers.
The Keycloak Project needs license exceptions for a number of Java libraries included as build-time dependencies of Keycloak. These are not licenses that are on the CNCF Allowlist nor libraries on the existing License Exceptions list.
As is common with Java libraries, most of them are multi-licensed; for example, available under the EDL 1.0, the EPL 2.0, or the GPL. None of the licenses below prevent the Keycloak project's own code from being Apache 2.0 licensed, but they are present in the container images and Java packages shipped by the project.
Base on the choice of license while multilicensing, here are the licenses on libraries that we are asking for exceptions for in order to ship them in images/packages:
EDL 1.0 EPL 2.0 CDDL 1.1 LGPL 2.1 LGPL 3.0 GPL2-with-classpath-exception GPL2-with-FOSS-exception BSD-2-Clause BSD-3-Clause MIT UPL 1.0
In a few cases, it would be possible for the project to omit specific libraries from the shipped packages. In most cases, though, that's not practical and would amount to forcing all users to build from source.
We've listed the individual libraries below.
@abstractj