Ask HN: How do you handle LICENSE notices in published Docker images?

12 points by mrmattyboy 1 year ago | 2 comments

Hey all :)

I was put off releasing a pre-built docker image for an open source project, mainly due to mess of licenses that is Docker.

I finally decided to do it by doing the following (for a Python-based application):

* Create a LICENSE.third-party file, containing information about where to find LICENSES for the installed third-party applications (https://github.com/MatthewJohn/terrareg/blob/main/LICENSE.third-party)

* Use pip-licenses to generate per-package license files for each of the installed pip packages (https://github.com/MatthewJohn/terrareg/blob/main/Dockerfile#L77)

* Copied all 'doc' license files from deb packages to common directory (https://github.com/MatthewJohn/terrareg/blob/main/Dockerfile#L80C1-L80C173)

* Manually copy licenses for tooling that is installed in the Docker build (https://github.com/MatthewJohn/terrareg/blob/main/Dockerfile#L82)

I'm wondering if anyone else has tackled this and/or seen it done anywhere else?

How have others implemented anything similar?

Thanks! :)

shanewilhelm 1 year ago |

I'm not entirely sure, but here's an example of how Google does it: https://github.com/GoogleContainerTools/base-images-docker

mrmattyboy 1 year ago | |

I can see that they're adding their own license, which contains their license for the code within the repo. But nothing around licenses for packages that they're installing within the Docker images (unless I'm missing something?)