-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Add a License Label #71
Comments
Images are usually composed of software coming from multiple upstreams available under different licenses. Therefore I don't think that you can make an image available under a single license. Example:
That's 109 different license texts. How would this get solved? |
Maybe with a list of 109 entries in the label? The issue today is that I think it should be the responsibility of the image provider to add On Mon, Jun 27, 2016 at 3:30 PM, Tomas Tomecek [email protected]
Daniel Fröhlich Mobile: +49 176 10 24 84 33 Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, |
The label could contain path to the license text; or it could be named |
If I would work for an organization doing tough compliance checks on I like your approach to point to the license file. So how about a Label I think it would make sense to ask some guys who actually provide On Mon, Jun 27, 2016 at 5:34 PM, Tomas Tomecek [email protected]
Daniel Fröhlich Mobile: +49 176 10 24 84 33 Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, |
I've just realized that there already was a license label and I'm sort of responsible for its removal: #2. There's also this PR which touches the topic. Since I'm not a maintainer of this repo, it would be nice to get some opinions from the actual maintainers: @rhatdan @aweiteka. For getting feedback from images maintainers, I suggest asking @hhorak. |
I don't see any value in the License field, where would be 100+ licenses listed. The image is something like ISO, where we also do not need to solve license metadata, do we? Anyway, I think this is more a question for a legal expert. |
Today, I grepped for "license" in my local openshift demo setup which contains ~300 image layers. In total, I could find ~180 unique different license files. The added value from a license list (even if it would be long) would be that you could easily apply e.g. a blacklist. Yes, it is like ISO images, and we should address the issue there, too (e.g. with a LICENSES.txt in toplevel dir). I agree that this is a question for a legal experts. Actually, the question is coming from a customer legal expert who has the problem of not being able to start his work, because it is so complicated to find all the licenses inside a container. So I think we should not close our eyes on this problem but address it in an open and responsible way. |
I would like to propose a
License
label that contains license information about the image. It will carry string containing license information. Could be simply the name of the license (GPLv2.1
), or a comma separated list of several different licenses (GPLv2.1, Apache-2.0
). License Names should be the short name from the osi.All images should contain a License Label to easy use of containers for compliance and governance sensitive organizations.
The text was updated successfully, but these errors were encountered: