Contributor Agreement and License Compliance Guide
Purpose
This document specifies the contributor agreement and license compliance guide for the ArkUI-X project. It covers the following parts:
(1) Developer Certificate of Origin
(2) Code Contribution License
(3) Document Contribution License
(4) Third-Party Open-Source Software Licenses
Scope
This document applies only to the ArkUI-X community. It is not applicable to the scenario where the ArkUI-X project is used by individuals or enterprises to develop their products or the scenario where third-party open-source software is distributed. For details, see Introducing Third-Party Open-Source Software.
(1) Developer Certificate of Origin
You must sign the Developer Certificate of Origin (DCO) before you can contribute to the community.
The DCO is a statement of originality and contribution of your work. The DCO to sign is fully quoted from the standard DCO version released by the Linux Foundation.
Before contributing to the community, you must obtain the signing-dco.md file, sign it, and send the signed file to contact@mail.arkui-x.cn. Then you can include the Signed-off-by information for each commit. (The online mode for signing the DCO will be provided later.)
(2) Code Contribution License
In principle, for every code contribution, source code licensed under the Apache License 2.0 (Apache-2.0) must be provided. For details about Apache-2.0, visit the website.
(3) Document Contribution License
In principle, for every document contribution, documents shall be licensed under the Creative Commons Attribution 4.0 International Public License (CC BY 4.0). For details about CC BY 4.0, visit the website. For the complete content, see Creative Commons Attribution 4.0 International Public License.
(4) Third-Party Open-Source Software Licenses
To facilitate the maintenance and evolution of third-party open-source software, consider the following license-related factors when introducing them:
Free redistribution. Third-party dependencies that do not support redistribution will not be accepted.
License compatibility: If a third-party dependency may be merged or mixed with other code of the ArkUI-X project, but the license on which the third-party dependency depends is incompatible with the license of the mixed or merged code, the third-party dependency will not be accepted.
Fulfillability of license obligations: If the license on which a third-party dependency depends contains obligations that cannot be fulfilled or are difficult to fulfill, such as advertising clauses and beer clauses, the third-party dependency will not be accepted.
Reasonability of license restrictions or constraints: If the license on which a third-party dependency depends contain unreasonable restrictions or constraints, such as commercial restrictions, application domain restrictions, discrimination against special technical domains, or product-specific restrictions, the third-party dependency will not be accepted.
If the license on which a third-party dependency depends explicitly excludes patent authorization, for example, CC0 license, it is not recommended that the third-party dependency be accepted if there are other options.
Third-party dependencies using weak copyleft licenses can be accepted if they can ensure that the obligations of the weak infectious licenses are fulfilled and certain isolation measures are taken in the reference mode.
Licenses for Acceptable Third-Party Dependencies
In principle, third-party dependencies using licenses whose license terms are equivalent to Apache-2.0 and whose open-source license obligations can be fulfilled without obstacles can be accepted. The PMC approves third-party dependencies using the following licenses:
- Academic Free License 3.0 (AFL-3.0)
- Apache License 2.0 (Apache-2.0)
- Apache Software License 1.1. Including variants:
- PHP License 3.01
- MX4J License
- Boost Software License (BSL-1.0)
- BSD License
- 3-clause BSD License
- 2-clause BSD License
- DOM4J License
- PostgreSQL License
- ISC
- ICU
- MIT License (MIT) / X11
- MIT No Attribution License (MIT-0)
- Mulan Permissive Software License v2 (MulanPSL - 2.0)
- The Unlicense
- W3C License (W3C)
- University of Illinois/NCSA
- X.Net
- zlib/libpng
- FSF autoconf license
- DejaVu Fonts (Bitstream Vera/Arev licenses)
- OOXML XSD ECMA License
- Microsoft Public License (MsPL)
- Python Software Foundation License
- Python Imaging Library Software License
- Adobe Postcript(R) AFM files
- Boost Software License Version 1.0
- WTF Public License
- The Romantic WTF public license
- UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE
- Zope Public License 2.0
- ACE license
- Oracle Universal Permissive License (UPL) Version 1.0
- Open Grid Forum License
- Google "Additional IP Rights Grant (Patents)" file
- Historical Permission Notice and Disclaimer
Licenses for Unacceptable Third-Party Dependencies
In principle, third-party dependencies using licenses that do not comply with the open-source definition of OSI, licenses that do not support commercial use, copyleft licenses, and other licenses that contain unreasonable restrictions or obligations may not be accepted. These licenses include:
- Intel Simplified Software License
- JSR-275 License
- Microsoft Limited Public License
- Amazon Software License (ASL)
- Java SDK for Satori RTM license
- Redis Source Available License (RSAL)
- Booz Allen Public License
- Confluent Community License Version 1.0
- Any license including the Commons Clause License Condition v1.0
- Creative Commons Non-Commercial variants
- Sun Community Source License 3.0
- GNU GPL 1, 2, 3
- GNU Affero GPL 3
- QPL
- Sleepycat License
- Server Side Public License (SSPL) version 1
- Code Project Open License (CPOL)
- BSD-4-Clause/BSD-4-Clause (University of California-Specific)
- Facebook BSD+Patents license
- NPL 1.0/NPL 1.1
- The Solipsistic Eclipse Public License
- The "Don't Be A Dick" Public License
- JSON License