Licensing compliance is a huge blocker for adopting open source packages. Tidelift guides you to meet common compliance requirements, so users are more likely to adopt your package.
We need you to help us ensure that we have the correct information about the licenses of your lifted packages so that subscribers can make informed decisions about dependency usage. If any are incorrect, we'll notify you when the issue has been fixed so that you can verify them again.
Use an open source license
Lifted packages must be under an open source license, such as those approved by the Open Source Initiative.
Provide accurate license metadata
If a subscriber has thousands of dependencies, they need a way to list the licenses of those dependencies.
We have lifters fill in license metadata fields consistently and accurately. We've found that a surprising number of packages have mistakes in this area.
Our goal is to have an accurate SPDX identifier for the license or licenses associated with each package.
For more information on common metadata problems and how to address them, check out our documentation on debugging license problems.
Agree to work with subscribers to fix violations
In the lifter agreement you sign to become a lifter, you agree that should a subscriber violate your license, you'll work with them to solve the problem prior to filing a lawsuit. This language is based on the GPL Cooperation Commitment.
Agree that you wrote your contributions
In the lifter agreement you sign to become a lifter, you certify that you wrote the code you've contributed to the project, or that you got it from another source where it was under an appropriate open source license. This language is inspired by the Developer Certificate of Origin.
Article is closed for comments.