License exception for hashicorp libs (cert-manager)

[jahrlin]

Hello!

cert-manager uses a few MPL licensed hashicorp libraries that are not listed in the CNCF exception list.

We would like to have these added to the list of exceptions, if possible:

https://github.com/hashicorp/go-retryablehttp https://github.com/hashicorp/go-rootcerts http://github.com/hashicorp/go-sockaddr http://github.com/hashicorp/vault

For all of the above mentioned libraries:

What is the alternative license? None, as they are single license

If this is newly created code, why can't it be under Apache-2.0? It is not newly created code. They are all several years old.

Is this an existing 3rd party open source project? Yes

How does this code integrate with or interact with, if at all, other components of CNCF? go-retryablehttp, go-rootcerts and go-sockaddr are all indirect dependencies of vault.

cert-manager integrates with Vault and uses the vault-module API client, to communicate with Vault servers, and utility functions to map Certificates (x509 primitives) to Vault Secrets (Vault primitive) and vice versa.

How will the code be maintained? Who is responsible? The authors (Hashicorp) are reponsible for maintaining the code.

How will the code be kept up to date with security patches? The authors (Hashicorp) are reponsible for keeping the code up to date with security patches.