Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relicense project as AGPL-3.0-or-later #119

Merged
merged 4 commits into from
Nov 27, 2021
Merged

Relicense project as AGPL-3.0-or-later #119

merged 4 commits into from
Nov 27, 2021

Commits on Nov 22, 2021

  1. Relicense project as AGPL-3.0-or-later 

    This changes the licensing of Arduino Firmware Uploader from GNU Lesser General Public License v2.1 to GNU Affero General
Public License v3.0.

The "or any later version" clause is provided (SPDX license identifier AGPL-3.0-or-later).

I did my best to assess the intellectual property of this codebase and make sure all contributors and copyright owners
granted us permission to relicense their code. For any inquiry, report or claim please contact us at license@arduino.cc.
    @per1234
    per1234 committed Nov 22, 2021
    Configuration menu
    Copy the full SHA
    13653fc View commit details
    Browse the repository at this point in the history

  2. Add CI workflow to check for unapproved Go dependency licenses 

    A task and GitHub Actions workflow are provided here for checking the license types of Go project dependencies.

On every push and pull request that affects relevant files, the CI workflow will check:

- If the dependency licenses cache is up to date
- If any of the project's dependencies have an unapproved license type.

Approval can be based on:

- Universally allowed license type
- Individual dependency
    @per1234
    per1234 committed Nov 22, 2021
    Configuration menu
    Copy the full SHA
    6861f49 View commit details
    Browse the repository at this point in the history

  3. Make initial commit of dependency license metadata 

    The `.licenses` folder contains a cache of license metadata for all the project's Go dependencies. This serves two purposes:

- Allow the Licensed dependency license checker tool to only check licenses when a dependency is added or updated
- Allow the maintainer to manually define license metadata when the licensee tool is unable to automatically detect it
    @per1234
    per1234 committed Nov 22, 2021
    Configuration menu
    Copy the full SHA
    6ab70e3 View commit details
    Browse the repository at this point in the history

  4. Manually define dependency license metadata that was not detected 

    The "Licensed" dependency license checker tool uses the licensee tool to automatically determine the license type based
on metadata provided by the dependency author. This must be in a standardized format without any modifications. In cases
where that wasn't done, it is necessary to determine the license type and update the dependency license metadata cache in
the `.licenses` folder manually.

The Licensed tool will check this data whenever the dependency version is updated to make sure the license hasn't changed.
    @per1234
    per1234 committed Nov 22, 2021
    Configuration menu
    Copy the full SHA
    33f1b81 View commit details
    Browse the repository at this point in the history