gateway
gateway copied to clipboard
envoyproxy
Finalize License Header Management
Kubernetes and many other projects include a license header in each project code file while Envoy only requires license headers at the project root. With https://github.com/envoyproxy/gateway/pull/84, EG will follow the Kubernetes approach. Determine if this approach is needed, and if not, follow Envoy's approach to license header management.
cc: @lizan @mattklein123
It is not needed and just creates extra clutter and overhead. I would follow the envoy approach personally.
Reopening this one because we've had something come up.
In building out Envoy Gateway, we're lifting reasonably large chunks of code from other projects (mainly Contour at the moment, but probably others as well soon), so we need to ensure we're abiding by the Apache license from those projects, which requires code attribution.
Because the attribution will only be in some files, it makes sense for us to have a per-file copyright callout at least, even if it doesn't have the full "get the Apache license here" callout. (Personally, I think text storage is relatively cheap and we should err on the side of just including it, but it's not a strong preference).
Reopening here so we can discuss and figure out a format for a per-file license header, keeping this in mind.
I'm not an expert here, but perhaps something like the following is sufficient? Would be much easier than having to do things file-by-file.
https://infra.apache.org/licensing-howto.html#example-notice https://github.com/apache/httpd/blob/trunk/NOTICE
Also reading https://github.com/cncf/foundation/blob/main/license-notices.md which was linked from #134, which has some guidance (unfortunately it's more file-by-file).
Yes, rereading that license-notices file, it seems clear that we have to bring in any copyright notices from files where we've imported significant code (Contour being the main example for now), and also include "the function was sourced from x" as well.
Because of this, I think that the simpler licensing method that Envoy Proxy uses won't work for this repo. There's too much license complexity to capture, we need to ensure that every file has a copyright and license notice.
It's an up-front effort cost, with an additional one for each new file. We're going to need a slightly more clever license check too, I think.
Okay, I've done a more in-depth reading of the CNCF license notice page, and, because we expect this project to reuse a lot of code, I suggest the following:
- We have two lines at the top of every file, one with an SPDX license string referencing the Apache 2.0 license, and one with a
Copyright Envoy Gateway authorsor similar. - For files includes from other projects, we include a block like the following example for Contour:
# This file contains many functions derived from Contour (<main repo link>),
# from the source file <source>
# and is provided here subject to the following:
# [copyright notice]
# [license notice in SPDX]
Then, we're completely covered. If @envoyproxy/gateway-maintainers could comment or react here, I'll do a PR when I'm back to bring everything into line, and see if we can have some CI checks for the main SPDX line.
Okay, we're going to need something to check that the boilerplate at the start of each file is correct. I'm inclined to use the same Python boilerplate.py that Gateway API uses (which is itself sourced from Kubernetes (https://github.com/kubernetes/kubernetes/blob/04c2b1fbdc1289c9a72eda87cf7072346e60d241/hack/boilerplate/boilerplate.py )).
If everyone's okay with me doing that, I can make a PR which will add the boilerplate check, and make it part of CI, so that new files that don't have boilerplate will cause a CI fail. This will only be for the license itself, if we're using substantial code from somewhere else, it will be the honor system to make sure that we call it out in the standard way.
I'll also update the developer docs with the standard templates.
