Skip to content

Fix Apache 2.0 open-source compliance issues (OSRB review)#86

Merged
ivanbasov merged 3 commits into
mainfrom
fix/osrb-apache2-compliance
Jul 9, 2026
Merged

Fix Apache 2.0 open-source compliance issues (OSRB review)#86
ivanbasov merged 3 commits into
mainfrom
fix/osrb-apache2-compliance

Conversation

@ivanbasov

@ivanbasov ivanbasov commented Jul 9, 2026

Copy link
Copy Markdown
Member

Summary

Addresses the findings from the OSRB Apache 2.0 compliance review of this repository.

OSRB findings

  • LICENSE: Added the required NVIDIA copyright line (Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.) before the Apache 2.0 license text, per the OSRB Apache2 License guidance.
  • CLA removal: Deleted Contributor_License_Agreement.md. Apache 2.0 projects must use DCO only; the DCO sign-off process is already documented in CONTRIBUTING.md and remains the sole contribution mechanism.
  • Source headers: Replaced the proprietary NVIDIA header (SPDX-License-Identifier: LicenseRef-NvidiaProprietary) in code/tests/test_dataloader_multiprocessing.py with the standard Apache-2.0 SPDX header used across the repo.

Additional issues found by a full-repo sweep

  • Eight more files carried the same proprietary header and were converted to the standard Apache-2.0 header: Dockerfile, conf/config_pre_decoder_memory_surface_model_1_d9.yaml, conf/config_qec_decoder_r13_fp8.yaml, conf/config_qec_decoder_r9_fp8.yaml, conf/config_v3_timing_test.yaml, .github/workflows/ci-gpu.yml, .github/workflows/long-running-tests.yml, .github/workflows/pr_file_check.yaml.

  • Fixed a bug in the header tool code/scripts/spdx_headers.py: the hash-comment old-header pattern (_OLD_HASH_BODY) had the wrong SPDX identifier line (Apache-2.0 instead of LicenseRef-NvidiaProprietary), so the tool never matched or migrated hash-style proprietary headers — which is why the files above were left unconverted.

  • Hardened spdx_headers.py --check (used by CI): it previously only verified that SPDX-FileCopyrightText appears in the header, so proprietary headers passed CI. It now also requires SPDX-License-Identifier: Apache-2.0, preventing proprietary headers from being reintroduced in new files.

Verification

  • grep -r "LicenseRef-NvidiaProprietary\|strictly prohibited" finds no remaining proprietary headers (only the search patterns inside the migration tool itself).
  • python3 code/scripts/spdx_headers.py --check passes.
  • All edited YAML files parse cleanly; edited Python files compile.

🤖 Generated with Claude Code

Address findings from the OSRB Apache 2.0 compliance review:

- LICENSE: add the required NVIDIA copyright line before the
  Apache 2.0 license text.
- Remove Contributor_License_Agreement.md: Apache 2.0 projects use
  DCO only (documented in CONTRIBUTING.md); a CLA is not permitted.
- Replace proprietary NVIDIA headers (LicenseRef-NvidiaProprietary)
  with the standard Apache-2.0 SPDX header in
  code/tests/test_dataloader_multiprocessing.py and eight other files
  found by a full-repo sweep (Dockerfile, four conf yamls, three
  GitHub workflows).
- Fix code/scripts/spdx_headers.py: the hash-style old-header pattern
  (_OLD_HASH_BODY) had the wrong SPDX identifier line, so the tool
  never matched or replaced hash-style proprietary headers.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Signed-off-by: Ivan Basov <ibasov@nvidia.com>
@ivanbasov ivanbasov requested review from bmhowe23 and kvmto and removed request for kvmto July 9, 2026 19:38
ivanbasov and others added 2 commits July 9, 2026 19:48
Previously --check only verified that SPDX-FileCopyrightText appears in
the first 20 lines, so files carrying a proprietary
LicenseRef-NvidiaProprietary header passed CI. This is how proprietary
headers survived the PR #19 migration and were reintroduced by later
PRs (e.g. #29).

Now --check also requires "SPDX-License-Identifier: Apache-2.0" in the
header and reports offending files separately, failing the run.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Signed-off-by: Ivan Basov <ibasov@nvidia.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Signed-off-by: Ivan Basov <ibasov@nvidia.com>
@ivanbasov ivanbasov merged commit 89026ed into main Jul 9, 2026
17 checks passed
@ivanbasov ivanbasov deleted the fix/osrb-apache2-compliance branch July 9, 2026 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants