Add open-source compliance files and copyright headers #1
Description
Add open-source compliance files and copyright headers
Summary
Before initial public release, this repository needs the standard open-source compliance artifacts: license file, copyright headers, contribution guidelines with DCO, and third-party notices.
Requirements
1. LICENSE file
- Add
LICENSEfile to repo root containing the full Apache License 2.0 text - Reference: https://www.apache.org/licenses/LICENSE-2.0
2. SPDX copyright headers on all source files
- Every source file must include an SPDX header:
# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: Apache-2.0 - Use appropriate comment syntax per language
- Generated files and lockfiles can be excluded
3. CONTRIBUTING.md with DCO
- Add
CONTRIBUTING.mdto repo root - Must include Developer Certificate of Origin (DCO) sign-off requirement for all contributions
- Reference DCO text: https://developercertificate.org/
- Example: https://github.com/NVIDIA/TensorRT/blob/main/CONTRIBUTING.md
4. Third-party notices
- Add a
THIRD-PARTY-NOTICES(orNOTICE) file listing all third-party dependencies and their licenses - Format: component name, version, license identifier, upstream URL
5. CI enforcement (stretch goal)
- Add a CI check that validates:
- All new/modified source files include the SPDX header
- No new copyleft-licensed (GPL/LGPL) dependencies are introduced
- Some NVIDIA projects (e.g., NeMo Data Designer) have automated this in their CI pipelines — worth referencing for implementation patterns
Acceptance Criteria
-
LICENSEfile present at repo root (Apache 2.0) - All existing source files have SPDX copyright headers
-
CONTRIBUTING.mdpresent with DCO requirement -
THIRD-PARTY-NOTICESfile present with current dependency list - (Optional) CI check blocks PRs missing headers or adding copyleft deps
Metadata
Metadata
Assignees
Labels
No labels