license under Apache-2.0 OR MIT#115
Merged
Merged
Conversation
Standard Rust-convention dual license: contributors and downstream users pick whichever fits their needs. LICENSE-APACHE is the unmodified Apache 2.0 text; LICENSE-MIT carries the copyright line for Ambros Labs. README adds a License section pointing to both and the standard "contributions are dual-licensed" clause.
zrbecker
added a commit
that referenced
this pull request
May 12, 2026
* docs: add SECURITY.md, CONTRIBUTING.md, THREAT-MODEL.md (#108) The pre-release checklist for #108 asked for three doc files expected of an open-source repo: - SECURITY.md: responsible-disclosure address (security@ambroslabs.com), in/out-of-scope statement that points at THREAT-MODEL.md for the trust boundary. - CONTRIBUTING.md: dev workflow (test/lint commands CI runs), commit/PR style (squash-merge, imperative subject under 72 chars), pointer to dual-licensing. - THREAT-MODEL.md: short doc on the P2P trust boundary. Spells out what per-chunk hash verification does and does not prove (proves bytes match peer's advertised hashes; does not prove the snapshot reflects real chain state), the role of `malcom verify` as the only trust anchor that ties an imported snapshot to a consensus-agreed AppHash, and operational guidance to always verify against multiple independent RPCs. Dual licensing was landed earlier in #115; no separate LICENSE file is added here (LICENSE-APACHE + LICENSE-MIT remain the two files GitHub's license detection reads). * docs: use zachary@ambroslabs.io as the disclosure address Per maintainer direction. Replaces the placeholder security@ambroslabs.com.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds dual licensing (Apache-2.0 OR MIT) — standard Rust-convention layout. Downstream users and contributors pick whichever fits their needs.
LICENSE-APACHE— unmodified Apache 2.0 text.LICENSE-MIT— MIT template withCopyright (c) 2026 Ambros Labs.README.md— new "License" section pointing to both, plus the standard "contributions are dual-licensed" clause.Not included
// SPDX-License-Identifier: Apache-2.0 OR MIT). Root-level files are sufficient under Apache 2.0 terms; per-file headers can be a follow-up if desired.NOTICEfile — Apache 2.0 only requires one for third-party attributions inside the source tree; malcom doesn't carry any.Confirm
github.com/ambroslabs/malcom). Speak up if it should beZachary Becker,Ambros Labs and contributors, or something else.