-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include licenses and recipricol source-files in OTEL's docker distro #2604
Include licenses and recipricol source-files in OTEL's docker distro #2604
Conversation
Codecov Report
@@ Coverage Diff @@
## main #2604 +/- ##
=======================================
Coverage 88.42% 88.42%
=======================================
Files 176 176
Lines 10378 10378
=======================================
Hits 9177 9177
Misses 971 971
Partials 230 230 Continue to review full report at Codecov.
|
Do we have licenses like this? Can you show the output of the tool? |
MPL is a "weak copyleft" license, and yes, I think most hashicorp libraries are MPL 2.0. The go-licenses tool takes the "strictest" definition of MPL v2.0 paragraph 3.2 and just bundles the source right in the executable. I'm not aware of another tool that copy-pastes the LICENSE notices in a clear way for dependencies (but am totally happy to use another tool if you know of one). Here's a (truncated) example where I highlight what's done with MPL dependencies:
|
We need a clarification on MPL, commented here: open-telemetry/community#649 (comment) |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
@tigrannajaryan Should I be working to fix this up, or are we still waiting on the MPL question? |
I do not expect that MPL may be prohibited, so I believe you can work on this in parallel. We do need to clarify the license question though (if it turns out that MPL is prohibited we will need to find replacements for dependencies). |
I opened a separate issue to clarify MPL dependency usage: open-telemetry/community#688 |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
@tigrannajaryan let me know if you need any more insight into what this is doing, or restructuring. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, let's merge, run and see the list of license files, then we may need to file for approval of any dependencies that are MPL.
cmd/otelcol/third-party: | ||
@echo creating third_party directory with licenses + reciprical source | ||
cd ./cmd/otelcol && go-licenses save . --save_path=third-party | ||
chmod +w $(find ./cmd/otelcol/third-party -type d) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: should we put the licenses under a licenses
subdirectory, so that if there is anything else from third parties in the future it doesn't get mixed with license files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will fix.
@bogdandrutu PTAL. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
@jsuereth we no-longer build the collector with "make" directly but we use the builder, which I think will benefit everyone to have this in the builder. @jpkrohling can we add this to the builder to add a all "licenses" file in the docker image? Would be great I think. |
This PR was marked stale due to lack of activity. It will be closed in 7 days. |
I believe this PR here should be closed in favor of doing the same on the releases repository. |
Fixes #2458
go-licenses
tool tomake install-tools
otelcol-licenses
make target which dumps all license files from dependencies used to buildotelcol