Licensing information not being embedded in source code and other project files may lead to confusion and legal risks. This could make software distribution and use challenging. To mitigate this, we have decided to include a SPDX license identifier at the top of every file.
This is the license header format that we will use:
/*
| Protect your secrets, protect your sensitive data.
: Explore VMware Secrets Manager docs at https://vsecm.com/
</
<>/ keep your secrets... secret
>/
<>/' Copyright 2023-present VMware Secrets Manager contributors.
>/' SPDX-License-Identifier: BSD-2-Clause
*/
The comment block will change depending on the file type. For example, for a
Go file, the comment block will be //
instead of /*
and */
.
The decision to adopt SPDX license headers is driven by the need for clear, accessible, and unambiguous licensing information directly within the source files. This approach is supported by industry best practices for open-source compliance, particularly in environments where software is frequently audited or distributed across different legal jurisdictions. Adopting SPDX will also facilitate easier integration and reuse of external open-source components that are already using SPDX identifiers.
Chosen option: “option 1”, because it ensures that all files in the project clearly state their licensing, reducing ambiguity and potential legal issues.
None.
You can view the ADRs by browsing this following list: