Skip to content

Remove dependencies with "bad" license. #1820

Closed as not planned
Closed as not planned
Remove dependencies with "bad" license.#1820
Assignees
moolen
Labels
StaleThis issue/Pull Request is stale and will be automatically closed
@moolen

Description

@moolen
moolen
opened on Dec 14, 2022

Towards: cncf/sandbox#211

All third-party dependencies for external-secrets must comply with CNCF licensing policies - See Allowed third party license policy | cncf/foundation. I've opened cncf/foundation#485 to request exception for the hashicorp libs.

FOSSA report dashboard (requires login)

Project License CNCP Exemption issue Reason
https://github.com/hashicorp/go-immutable-radix MPL-2.0 cncf/foundation#400 pkg/provider/vault
https://github.com/hashicorp/go-retryablehttp MPL-2.0 cncf/foundation#138 pkg/provider/gitlab / xanzy/go-gitlab
https://github.com/hashicorp/go-plugin MPL-2.0 cncf/foundation#300 pkg/provider/vault
https://github.com/hashicorp/go-rootcerts MPL-2.0 cncf/foundation#400 cncf/foundation#381 pkg/provider/vault
https://github.com/hashicorp/go-secure-stdlib MPL-2.0 - pkg/provider/vault
https://github.com/hashicorp/go-sockaddr MPL-2.0 cncf/foundation#381 pkg/provider/vault
https://github.com/hashicorp/go-uuid MPL-2.0 cncf/foundation#294 pkg/provider/vault
https://github.com/hashicorp/vault MPL-2.0 cncf/foundation#381 pkg/provider/vault
https://github.com/hashicorp/go-version MPL-2.0 cncf/foundation#297 pkg/provider/vault
https://github.com/hashicorp/yamux MPL-2.0 - pkg/provider/vault

Metadata

Metadata

Assignees

Labels

StaleThis issue/Pull Request is stale and will be automatically closed

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions