Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Add license to Image Metadata as mandatory attribute #369

Open
anjastrunk opened this issue Oct 26, 2023 · 2 comments
Open

[Feature Request] Add license to Image Metadata as mandatory attribute #369

anjastrunk opened this issue Oct 26, 2023 · 2 comments
Labels
enhancement New feature or request IaaS Issues or pull requests relevant for Team1: IaaS SCS-VP10 Related to tender lot SCS-VP10 standards Issues / ADR / pull requests relevant for standardization & certification

Comments

@anjastrunk
Copy link
Contributor

Image metadata support information about

  • license_included (boolean) indicates whether or not the flavor fee includes the licenses required to use this image.
  • license_required (boolean) indicates whether or not a customer must bring its own license to be license compliant.

Beside these information, content of image's license would be important for customers. Especially, if image includes a non popular operating system.
I suggest to add an additional metadata called license as mandatory metadata license MUST refer to a SPDX identifiers or URL to license document.
@anjastrunk anjastrunk added enhancement New feature or request IaaS Issues or pull requests relevant for Team1: IaaS standards Issues / ADR / pull requests relevant for standardization & certification SCS-VP10 Related to tender lot SCS-VP10 labels Oct 26, 2023
@anjastrunk anjastrunk mentioned this issue Oct 26, 2023
Closed
@berendt
Copy link
Contributor

berendt commented Oct 26, 2023

Makes sense to me. I think it is a good idea to also have the license metadata as MUST.

@garloff
Copy link
Member

garloff commented Nov 6, 2023
edited
Loading

If you read the current standard as a user you could conclude that you can use the image without any extra fees if license_required is not true. (If you want maintenance, you need to also ensure subscription_required is not true.)

It would be nice to explicitly state a license for an image.
However, to the best of my knowledge, no such thing exists.
A Linux distribution is a collection of software which may be under a variety of licenses.
The distributor's job is to ensure that
(a) no included software interacts with other included software that is not allowed by the license, e.g. linking proprietary code to GPL code
(b) users have the right to use all included software -- if special strings are attached, display the EULAs in the install process
(c) the whole thing can be distributed

To my knowledge, there is no nice solution for (b) with images, so public images should not include software that requires EULAs to be displayed.
The image builder needs to take care of (a) and (c).

If we wanted to, we could try to collect a list of licenses of all code included in images and then have a long list in the license metadata. To my knowledge noone is doing this currently. If we go there, we should be aware that this is non-trivial to get right, technically and legally.

@anjastrunk anjastrunk mentioned this issue Apr 15, 2024
Open
59 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request IaaS Issues or pull requests relevant for Team1: IaaS SCS-VP10 Related to tender lot SCS-VP10 standards Issues / ADR / pull requests relevant for standardization & certification
Projects
Sovereign Cloud Stack
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@berendt @garloff @anjastrunk