Skip to content

docs: align licence policy with CNCF legal review outcome#214

Open
gbartolini wants to merge 1 commit into
mainfrom
dev/213
Open

docs: align licence policy with CNCF legal review outcome#214
gbartolini wants to merge 1 commit into
mainfrom
dev/213

Conversation

@gbartolini
Copy link
Copy Markdown
Contributor

@gbartolini gbartolini commented May 23, 2026

Update README.md, CONTRIBUTING_NEW_EXTENSION.md, and the new extension issue template to reflect the outcomes of a review with the CNCF legal team:

  • Replace the "case-by-case" licence language with an explicit Allowlist-only policy; only components covered by the CNCF Allowlist Licence Policy are accepted for distribution through this project
  • Clarify that this is a governance decision, not a legal limitation, and that contributors may distribute non-Allowlisted extensions independently using the same build tooling
  • Tighten the Debian packages requirement: DFSG-compliant packages from a trusted, auditable repository are mandatory; PGDG is the recommended source but not the only acceptable one; explain the rationale (DEP-5 attribution, DFSG hygiene)
  • Add a note against PostGIS acknowledging its GPL-2.0 licence and the pending CNCF exception request
  • Add a required Debian package name field and an SPDX licence dropdown to the new extension issue template; tighten the licence compliance attestation to cover all components including transitive dependencies

Closes #213

@gbartolini
docs: align licence policy with CNCF legal review outcome
416cbb8 
Update README.md, CONTRIBUTING_NEW_EXTENSION.md, and the new extension
issue template to reflect the outcomes of a review with the CNCF legal
team:

- Replace the "case-by-case" licence language with an explicit
  Allowlist-only policy; only components covered by the CNCF Allowlist
  Licence Policy are accepted for distribution through this project
- Clarify that this is a governance decision, not a legal limitation,
  and that contributors may distribute non-Allowlisted extensions
  independently using the same build tooling
- Tighten the Debian packages requirement: DFSG-compliant packages from
  a trusted, auditable repository are mandatory; PGDG is the recommended
  source but not the only acceptable one; explain the rationale (DEP-5
  attribution, DFSG hygiene)
- Add a note against PostGIS acknowledging its GPL-2.0 licence and the
  pending CNCF exception request
- Add a required Debian package name field and an SPDX licence dropdown
  to the new extension issue template; tighten the licence compliance
  attestation to cover all components including transitive dependencies

Closes #213

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
@gbartolini gbartolini requested review from a team and NiccoloFei as code owners May 23, 2026 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NiccoloFei NiccoloFei Awaiting requested review from NiccoloFei NiccoloFei is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Align licence policy with CNCF legal review outcome

1 participant

@gbartolini