cncf
/
foundation
mirror of https://github.com/cncf/foundation.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
foundation/license-exceptions
History
Crystal Mierly 947ac6159f
Merge pull request #633 from cncf/amye-exceptions-8.31 
Adding exceptions approved from 8-31
 		2023-11-30 12:42:15 -08:00
..
CNCF-licensing-exceptions.csv Create CNCF-licensing-exceptions.csv 2023-08-14 11:24:04 -07:00
README.md Document GPL 2.0 exception for eBPF programs 2023-09-12 11:11:20 +01:00
cncf-exceptions-2019-11-01.spdx Update to inclusive language in exceptions files 2020-07-06 14:21:29 -04:00
cncf-exceptions-2021-07-19.json Create cncf-exceptions-2021-07-19.json 2023-08-09 12:49:42 -07:00
cncf-exceptions-2021-07-19.spdx Adding approved from 2021-22 2023-05-26 09:53:52 -07:00
cncf-exceptions-2022-04-12.json Adding approved from 2021-22 2023-05-26 09:53:52 -07:00
cncf-exceptions-2022-04-12.spdx Update cncf-exceptions-2022-04-12.spdx 2023-06-30 15:38:31 -07:00
cncf-exceptions-2023-06-27.json Add missing json separator 2023-08-14 09:50:54 -05:00
cncf-exceptions-2023-06-27.spdx Pick correct PackageName for Vault API exception 2023-11-17 11:33:29 -05:00
cncf-exceptions-2023-08-31.json Adding exceptions approved from 8-31 2023-09-08 14:04:12 -07:00
cncf-exceptions-2023-08-31.spdx Adding exceptions approved from 8-31 2023-09-08 14:04:12 -07:00

README.md

License exceptions

The manifest files in this directory contain a list of license exceptions that have been approved by the CNCF Governing Board. The exceptions are provided in JSON and SPDX tag-value format for convenience.

These manifests will be updated from time to time as new exceptions are approved.

Please see the CNCF charter and the Allowlist Policy for more background information.

Allowlisted components

For convenience, the manifests also contain a list of certain other dependencies for which individual license exceptions were not required. This is either because (a) they were automatically approved as license exceptions under CNCF's Allowlist Policy; or (b) they are under Apache-2.0 and therefore aligned with the IP policy in the CNCF charter.

Dependencies that are not currently listed in the manifests, but which satisfy (a) or (b) in the preceding paragraph, are automatically approved and do not need separate license exceptions.

GPL exceptions for in-kernel eBPF programs

By email vote concluded on August 31 2023, the Governing Board approved a blanket exception for in-kernel eBPF programs licensed under either of the following licenses, either on its own or dual licensed in combination with any license already on the CNCF Licensing Allowlist Approved Licenses list (e.g., MIT License):

  • GPL 2.0
  • GPL 2.0 or later

This exception is not documented in the SPDX/JSON files because it applies only to in-kernel eBPF programs. Usage of GPL 2.0 (or later) for other code is not approved. There is more background explaining the rationale behind this exception in this document.