Requirements for Contributions
Contributor License Agreement
All Foundation projects must include certain license information and copyright notices. If you are contributing a new project, you must include
LICENSE, NOTICE, and
CONTRIBUTING files, as described below. If you are contributing to an existing project, you may need to add information to the
The LICENSE file
LICENSE file must be present at the root of each project, and must contain the text of the Apache License, Version 2.0.
The NOTICE file
NOTICE file must be present at the root of each project, and must contain the copyright notices of each copyright holder who has contributed to the project. If you are contributing to an existing project, you should add (or update) your copyright notice in the
NOTICE file. It must also contain any other attributions required by third-party dependencies (see below).
You should use this template for your
The CONTRIBUTING file
CONTRIBUTING file contains basic instructions to prospective contributors about how to make a contribution to the project – submitting a CLA, filing issues, making pull requests, etc. A sample CONTRIBUTING.md file (in Markdown) is provided below. Project leads are free to revise to fit the practices and style of the project, but references to the Foundation's contribution requirements must be included.
Please note that Github will prompt this content when a user creates an issue or pull request, you can read more on Github Contributing Guidelines
Source code license headers
Each source code file should include a license header comment, containing the following text:
We encourage project teams to place a SPDX-format
LICENSE.spdx file in the root of each project. SPDX is a standard for describing machine-readable license information about open source projects. For more information on SPDX, please see the SPDX website. See below for a basic example
LICENSE.spdx file. For a tutorial on adding SPDX information to a project, see here.
Third-Party Code Compliance
If your contribution includes any third-party open source code, the license for that code must permit its use within an Apache-licensed project, and the Foundation's use of the code must comply with the terms of the third-party license.
Identifying acceptable licenses
All Foundation projects must be licensed under the Apache License, Version 2.0 and the license for any third-party code must be compatible with this requirement. The Foundation categorizes open source licenses in the same way as the Apache Software Foundation:
- Category A licenses have similar terms to the Apache License. Contributions to the Foundation can include (or depend upon) code licensed under Category A licenses. Examples: common variants of the BSD and MIT licenses; the Apache License.
- Category B licenses impose restrictions on downstream use of the third-party code, but permit the code to be included in an Apache-licensed project. Typically, these are "weak copyleft" licenses requiring that modifications to the third-party code be licensed "reciprocally" under the same license. Contributions can include (or depend upon) Category B code, but if the code itself is included with the contribution, you should include a notice in the CONTRIBUTING file as described below. Examples: the CDDL, EPL, and MPL licenses.
- Category X licenses impose restrictions that prevent the code from being included in an Apache-licensed project. Because all Foundation projects must be Apache-licensed, the Foundation does not accept contributions with Category X dependencies. Examples: most proprietary licenses; any version of the GPL, LGPL, or AGPL; Creative Commons Non-Commercial and No-Derivatives licenses.
The Foundation analyzes all contributions to determine the license of each dependency and works with contributors to resolve any incompatibilities, so contributors do not need to carefully research each dependency before contributing. But because all incompatibly licensed dependencies must be removed before the Foundation can accept a contribution, contributors should take care to avoid them during development.
Including required third-party notices
Depending how your contribution uses third-party open source software, you may need to add notices to the project you're contributing to.
If your contribution contains third-party code directly (i.e. not via an import or similar reference resolved by the build system or interpreter) you must include a copy of the applicable license and preserve any copyright notices, license information, disclaimers, and similar notices in the third-party code. You should also add a notice in the following form to the project's
If you have a LICENSE.spdx file in your repository, you should also update the
PackageLicenseDeclared setting to use the appropriate SPDX license expression for your "mixed license" repository.
If your contribution contains Category B-licensed code directly, you must also add a notice in the following form to the project's
The purpose of this notice is to make contributors aware that their modifications to the Category B code will be governed by the terms of the Category B license.
If the third-party license requires specific notices, you must add them to the
NOTICE file. For example, some open source licenses require that you include a description of any modifications made to the third-party code.
Validating license and notice information
When you make a contribution, the Foundation attempts to validate compliance with these requirements automatically using our Contrib Toolbox project. Contrib Toolbox checks for
NOTICE files and, using the license information provided by build tools, attempts to validate that the licenses for any dependencies are acceptable Category A or Category B licenses. However, no automated tool can resolve these questions definitively, so we depend upon our contributors to provide complete and accurate information.