Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release bundle: sort out licensing situation #34

Closed
jkowalleck opened this issue Mar 13, 2024 · 1 comment · Fixed by #90
Closed

release bundle: sort out licensing situation #34

jkowalleck opened this issue Mar 13, 2024 · 1 comment · Fixed by #90
Assignees
@jkowalleck
Labels
chore

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Mar 13, 2024
edited

a yarn plugin is a bundled one-file solution.
the goal of this project is to provide such a file.

The project itself will provide our code, licensed under Apache-2.0,
which needs to be bundled with 3rd part code.

in case we wanted to ship a bundled plugin, we would need to provide a license file for such an assembly.
This file might look like the following:

<our own LICENSE file>
<our own NOTICE file>

----
        
The <this product> distributions bundle several libraries that are compatibly licensed.  We list these here.

Name: <some-library>
License: <some SPDX id or SPDX expression>
  For details see <path to original license file>

to get more clarity, I'd consolidate OWASP's legal department. (ongoing; in progress)
@jkowalleck jkowalleck modified the milestone: v1.0 Mar 20, 2024
@jkowalleck jkowalleck self-assigned this Mar 27, 2024
@jkowalleck
Copy link
Member Author

jkowalleck commented Apr 10, 2024
edited

maybe some tool can be tailored with the use of yarnpkg/berry#6212 (comment)

maybe https://github.com/CycloneDX/cyclonedx-esbuild-plugin can produce the licenses list ...

PS: metafile is produced, via #84

@jkowalleck jkowalleck mentioned this issue May 3, 2024
Merged
@jkowalleck jkowalleck mentioned this issue May 15, 2024
Merged
jkowalleck added a commit that referenced this issue May 15, 2024
@jkowalleck
Feat: 3rd-party licenses (#90)
ea6e4ba 
fixes #34

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkowalleck jkowalleck

Labels
chore
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat: 3rd-party licenses CycloneDX/cyclonedx-node-yarn
1 participant
@jkowalleck