search

kubernetes / kops

Kubernetes Operations (kOps) - Production Grade k8s Installation, Upgrades and Management
https://kops.sigs.k8s.io/
Apache License 2.0
15.97k stars 4.65k forks source link

License Scan and Findings #16366

Closed pacoxu closed 3 weeks ago

pacoxu commented 9 months ago

This code is under the MPL-2.0 license which is weak copyleft. Be sure that it is used only as dynamic libraries, to be safe if it's not required remove it from your repo.

Like https://github.com/kubernetes/kubernetes/blob/master/hack/unwanted-dependencies.json

jeffcshapiro commented 8 months ago

Per Bob Killen @mrbobbytables All of these EXCEPT kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE have been granted a license exception approval:

cncf-exceptions-2019-11-01.spdx github.com/hashicorp/errwrap - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/go-cleanhttp - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/go-multierror - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/golang-lru - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/hcl - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11

cncf-exceptions-2021-07-19.spdx github.com/hashicopr/go-retryablehttp - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2021-07-19

cncf-exceptions-2023-06-27.spdx github.com/hashicopr/go-sockaddr - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2023-06-27 github.com/hashicopr/go-immutable-radix - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2023-06-27

You should request an exception for memberlist or remove the code.

pacoxu commented 8 months ago

update the todo list

pacoxu commented 8 months ago

This is used in https://github.com/kubernetes/kops/blob/68c500cf83241c08e8226e7476c7448f724cfb83/protokube/pkg/gossip/memberlist/gossip.go#L27-L28

    cluster "github.com/jacksontj/memberlistmesh"

github.com/jacksontj/memberlistmesh used github.com/hashicorp/memberlist.

/cc @jacksontj @justinsb

hakman commented 8 months ago

@pacoxu memberlistmesh is an important piece of the Gossip implementation in kOps at the moment. There is a plan to remove it in a year or so, but not immediate. How can we obtain an exception for now?

mrbobbytables commented 8 months ago

@hakman there is a license exception request issue template in the cncf/foundation repo: https://github.com/cncf/foundation/issues/new/choose

It'll need review from the legal committee and approval from the GB to be added as an exception.

hakman commented 8 months ago

Thanks @mrbobbytables & @pacoxu. I created a new request for github.com/hashicorp/memberlist: https://github.com/cncf/foundation/issues/741

k8s-triage-robot commented 5 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

hakman commented 5 months ago

/remove-lifecycle stale

k8s-triage-robot commented 2 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 3 weeks ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 3 weeks ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes/kops/issues/16366#issuecomment-2440064572): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.