redhat-developer / odo

odo - Developer-focused CLI for fast & iterative container-based application development on Podman and Kubernetes. Implementation of the open Devfile standard.
https://odo.dev
Apache License 2.0
795 stars 243 forks source link

Present license notices from command line #3035

Open atgreen opened 4 years ago

atgreen commented 4 years ago

/kind feature

Which functionality do you think we should add?

The odo cli should have a command to dump all copyright notices associated with the open-source software built into the binary.

Why is this needed?

odo is commonly distributed in binary form without any of the license notices required by the open-source code used to build odo. See, for instance, https://mirror.openshift.com/pub/openshift-v4/clients/odo/latest/ . The single binary distribution is convenient, but there's also a requirement to distribute copyright license notices with the software. My suggestion is to collect those licenses at build-time and provide a new odo command to show them. To be clear, odo is just of many cli tools in the k8s ecosystem for which this should be done (oc, helm, etc). The alternative is to change how these tools are distributed so they also include copyright notices bundled in an archive.

kadel commented 4 years ago

/area release-eng

openshift-bot commented 4 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

atgreen commented 4 years ago

/lifecycle frozen

kadel commented 4 years ago

@atgreen How should output look like? I guess that just listing license names won't make sense.

Maybe something like:

$odo license

* odo is licensed under Apache License 2.0
   Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions
...
...
...

* 3rd. party libraries licensed under Apache License 2.0: 
- github.com/openshift/api
- github.com/spf13/cobra 
- .....
    Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions
...
...

* 3rd. party libraries licensed under MIT license:
- github.com/onsi/ginkgo
- github.com/onsi/gomege
- ...

Copyright (c) 2013-2014 .....

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
...
...

Or it would be safer to list full licenses for every library? Is it ok to just the list libraries that we use directly or should we also include nested dependencies? It might become a huge list if we do that.