From 08f275cbb0a414f07021d286652e4a9140e30efa Mon Sep 17 00:00:00 2001 From: lizhencheng <140870529+LiZhenCheng9527@users.noreply.github.com> Date: Mon, 29 Jan 2024 11:34:44 +0800 Subject: [PATCH] change allow-licenses-list to compliance from open-source-security and add clarification about dep-compliance in CONTRIBUTING.md (#589) Signed-off-by: LiZhenCheng9527 --- CONTRIBUTING.md | 11 ++++------- .../allowed-licenses-list.md | 0 community/compliance/dependence-compliance.md | 4 ++-- 3 files changed, 6 insertions(+), 9 deletions(-) rename community/{open-source-security => compliance}/allowed-licenses-list.md (100%) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7f2fc7f58..a7417c769 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,7 +6,7 @@ Welcome to Kurator! - [Before you get started](#before-you-get-started) - [Code of Conduct](#code-of-conduct) - [Community Expectations](#community-expectations) - - [Licences restrictions](#licences-restrictions) + - [Dependence Compliance](#dependence-compliance) - [Getting started](#getting-started) - [Your First Contribution](#your-first-contribution) - [Find something to work on](#find-something-to-work-on) @@ -32,13 +32,10 @@ Kurator aims to help users to build their own distributed cloud native infrastru Kurator aims to provide turnkey automation for multi-cluster application management in multi-cloud and hybrid cloud scenarios, and intended to realize multi-cloud centralized management, high availability, failure recovery and traffic scheduling. -## Licences restrictions +## Dependence Compliance -Please ensure that you have read the [license-lint](/common/config/license-lint.yaml) - -It specifies that licenses listed in the "restrictions" section cannot be used in the kurator project. Licenses in the "reciprocal_licenses" section can be used but modifications are not permitted. - -If you need to use a license that is not included in either section, please open a [Pull Requests](https://github.com/kurator-dev/kurator/pulls) for discussion. +If your contribution involves changes to dependencies, please read [dependence-compliance](community/compliance/dependence-compliance.md) first. +It outlines the guidelines for managing dependencies within the kurator project. Following these guidelines is important to ensure your changes can be properly reviewed and merged. # Getting started diff --git a/community/open-source-security/allowed-licenses-list.md b/community/compliance/allowed-licenses-list.md similarity index 100% rename from community/open-source-security/allowed-licenses-list.md rename to community/compliance/allowed-licenses-list.md diff --git a/community/compliance/dependence-compliance.md b/community/compliance/dependence-compliance.md index 4c09de19a..9c2f19415 100644 --- a/community/compliance/dependence-compliance.md +++ b/community/compliance/dependence-compliance.md @@ -74,7 +74,7 @@ Additionally: - If this is all good, approve, but don't LGTM, unless you also do code review or unless it is trivial (e.g. moving from k/k/pkg/utils -> k/utils). -Licenses for dependencies are specified by the Kurator [allowed-licenses-list](/common/config/license-lint.yaml). +Licenses for dependencies are specified by the Kurator [allowed-licenses-list](allowed-licenses-list.md). All new dependency licenses should be reviewed by @[kurator/dep-approvers] to ensure that they are compatible with the Kurator project license. It is also important to note and flag if a license has changed when updating a dependency, so that these can @@ -85,7 +85,7 @@ an issue or send a message to the member of [kurator/dep-approvers]. ## Licences restrictions -In the Kurator project, there are compliance requirements for the licenses of dependencies used. We prohibit the use of dependencies with infectious licenses. You can check [allowed-licenses-list](/common/config/license-lint.yaml) to learn about Kurator project's specifications on license compliance. +In the Kurator project, there are compliance requirements for the licenses of dependencies used. We prohibit the use of dependencies with infectious licenses. You can check [allowed-licenses-list](allowed-licenses-list.md) to learn about Kurator project's specifications on license compliance. It specifies that licenses listed in the "restrictions" section cannot be used in the kurator project. Licenses in the "reciprocal_licenses" section can be used but modifications are not permitted. Prohibition of licences in the "restricted_licenses" section.