Project Policy
Project Policy
This page summarizes contribution, security, license, and media file requirements. The original files at the repository root are authoritative.
Contribution
Contribution workflow, PR requirements, and local check commands are documented at:
Before contributing, clarify the scope, protect existing workspace changes, and follow GitNexus impact analysis requirements.
Code of conduct
Community discussion, issues, PRs, and code reviews should follow:
Keep communication specific, respectful, and verifiable.
Security
Security issue and vulnerability reporting is documented at:
Do not publish sensitive credentials, account information, or abuse-ready details in public issues.
License
The project uses a phased open-source license stack with an automatic transition between two phases. The authoritative definition, transition trigger, and SPDX identifiers live in Repository-Policy.md. The summary below mirrors that document.
Current phase (effective from project inception)
| Subject | License | SPDX identifier |
|---|---|---|
| Software code | GNU Lesser General Public License v3.0 or later | LGPL-3.0-or-later |
| Documentation | GNU Free Documentation License v1.3 or later | GFDL-1.3-or-later |
| Visual elements | CC0 1.0 Universal Public Domain Dedication | CC0-1.0 |
Future phase (triggered automatically)
| Subject | License | SPDX identifier |
|---|---|---|
| Software code | MIT License or later, or Apache License 2.0 or later (user-elected dual) | MIT-or-later OR Apache-2.0-or-later |
| Documentation | Creative Commons Attribution-ShareAlike 4.0 International or later | CC-BY-SA-4.0-or-later |
| Visual elements | Creative Commons Attribution-ShareAlike 4.0 International or later | CC-BY-SA-4.0-or-later |
Note:
pyproject.tomluses the canonical SPDX form (MIT OR Apache-2.0,CC-BY-SA-4.0) for PEP 639 /uv buildvalidation; the-or-laterform above expresses the project's intended "or later" semantics.
The transition trigger is the earlier of (a) one year after the first public release, or (b) the first major version bump. The transition only applies to contributions submitted on or after the trigger date; contributions made before that date remain under the license that was in effect at submission time.
Full license texts are available at the repository root:
LICENSE-code— LGPL-3.0-or-laterLICENSE-docs— FDL-1.3-or-laterLICENSE-cc0— CC0 1.0 UniversalLICENSE-mit— MIT or laterLICENSE-apache— Apache License 2.0 or laterLICENSE-cc-by-sa— CC BY-SA 4.0 or later
License and CLA
Submitting a contribution — a pull request, an issue patch, a translation, a visual asset, or any other material — means you accept the Contributor License Agreement (CLA.md). The Chinese mirror is at .github/note/CLA-zh.md.
The CLA is what makes the future-phase transition legally executable. It grants the Project a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright and patent license over your contribution, plus an explicit right to relicense your contribution as part of the Project when the transition trigger is reached. The trigger is one of:
- One year after the first non-pre-release publication of the Project (the first
1.0.0or later, not a0.xorrc/alpha/beta); or - The first major version bump of the Project (a SemVer
x.0.0release).
The transition is one-way and applies only to contributions submitted on or after the trigger date. Earlier contributions stay under their original license. You accept the CLA by:
- Adding a
Signed-off-by:trailer (Developer Certificate of Origin format) to a commit you submit. - Checking the CLA acknowledgment checkbox in the pull request template.
- Submitting a contribution through any Git-based mechanism that links your Git identity to this Agreement.
If the Project later publishes a more detailed or signed CLA form that explicitly replaces the current one, the newer form governs contributions submitted on or after its effective date. For the day-to-day contribution workflow, see the developer workflow guide.
Media redaction
Media files include images, audio, video, and similar files. Unless explicitly marked as CC0 1.0, they must be redacted before use.
Redaction should at least consider:
- Removing or blurring personal identity information.
- Handling faces, license plates, locations, and other identifiable content.
- Removing sensitive metadata.
- Confirming that derived files still comply with the original license.
Last updated on