kops License Scan and Findings

[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/errwrap/LICENSE
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-cleanhttp/LICENSE
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-immutable-radix/LICENSE
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-multierror/LICENSE
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-retryablehttp/LICENSE
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-retryablehttp/client.go
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-retryablehttp/roundtripper.go
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/go-sockaddr/LICENSE
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/golang-lru/LICENSE
[x] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/hcl/LICENSE
[ ] - kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE

This code is under the MPL-2.0 license which is weak copyleft. Be sure that it is used only as dynamic libraries, to be safe if it's not required remove it from your repo.

Like https://github.com/kubernetes/kubernetes/blob/master/hack/unwanted-dependencies.json

Feb 19 '24 09:02 pacoxu

Per Bob Killen @mrbobbytables All of these EXCEPT kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE have been granted a license exception approval:

cncf-exceptions-2019-11-01.spdx github.com/hashicorp/errwrap - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/go-cleanhttp - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/go-multierror - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/golang-lru - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11 github.com/hashicopr/hcl - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11

cncf-exceptions-2021-07-19.spdx github.com/hashicopr/go-retryablehttp - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2021-07-19

cncf-exceptions-2023-06-27.spdx github.com/hashicopr/go-sockaddr - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2023-06-27 github.com/hashicopr/go-immutable-radix - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2023-06-27

You should request an exception for memberlist or remove the code.

Feb 29 '24 09:02 jeffcshapiro

[ ] kubernetes-2024-01-03.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE

update the todo list

Feb 29 '24 09:02 pacoxu

This is used in https://github.com/kubernetes/kops/blob/68c500cf83241c08e8226e7476c7448f724cfb83/protokube/pkg/gossip/memberlist/gossip.go#L27-L28

	cluster "github.com/jacksontj/memberlistmesh"

github.com/jacksontj/memberlistmesh used github.com/hashicorp/memberlist.

/cc @jacksontj @justinsb

Feb 29 '24 09:02 pacoxu

@pacoxu memberlistmesh is an important piece of the Gossip implementation in kOps at the moment. There is a plan to remove it in a year or so, but not immediate. How can we obtain an exception for now?

Mar 01 '24 03:03 hakman

@hakman there is a license exception request issue template in the cncf/foundation repo: https://github.com/cncf/foundation/issues/new/choose

It'll need review from the legal committee and approval from the GB to be added as an exception.

Mar 01 '24 03:03 mrbobbytables

Thanks @mrbobbytables & @pacoxu. I created a new request for github.com/hashicorp/memberlist: https://github.com/cncf/foundation/issues/741

Mar 01 '24 04:03 hakman

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

May 30 '24 04:05 k8s-triage-robot

/remove-lifecycle stale

May 30 '24 13:05 hakman

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Aug 28 '24 13:08 k8s-triage-robot