Fuchsia open source licensing policies

This document describes open source licenses and related policies in the Fuchsia project.

Fuchsia project code

All Fuchsia project code is hosted on https://fuchsia.googlesource.com/. Fuchsia project file headers will list Copyright <year_of_file_creation> The Fuchsia Authors.

Licenses

Fuchsia is subject to multiple licenses:

Any code that has a different copyright holder or that is released under a different license is considered external code per this policy and must adhere to the external code policies in this document.

External code

All external code hosted on https://fuchsia.googlesource.com/ must be open source code released under a license from the approved licenses list, unless otherwise listed in the specific exceptions or proprietary exceptions sections. All external code must be hosted in a repository whose name is prefixed with third_party or within a directory named third_party within one of Fuchsia’s existing repositories. If the code is hosted in its own repository, it must be mapped to a path including a directory named third_party when checked out as part of the Fuchsia Platform source tree. The set of licenses permitted for a particular portion of code depends on the usage of that code - see below for a list of approved licenses for production targets and development targets.

All code used in a Fuchsia build must be hosted on a Gerrit server run by Google. In almost all cases, the code must be hosted on https://fuchsia.googlesource.com/.

All source code must be downloaded when running jiri update. No build steps may download additional source code. Code from package management systems, such as packages from Dart’s Pub or crates from Rust’s Cargo, must be vendored into https://fuchsia.googlesource.com/ and comply with the same license requirements as any other code in the project.

Licenses and tracking

Refer to What is a License? for an explanation of what an open source license is and why it is important. All projects hosted on https://fuchsia.googlesource.com/ must be released under an approved license and contain the full license text alongside the code. Simply stating the license by reference - i.e. “BSD3” - is not sufficient, the actual text must be included. In most cases, the project should be an entire repository and the license text should be at the top level of the repository in a file named LICENSE, COPYRIGHT, or similar. In rare cases where the Fuchsia project needs to host multiple logical projects in a single repository, for example in Fuchsia’s Dart pub vendor repository, each project must be in its own directory with the license text for that project and a top-level file in the repository must explain the set of licenses used by the subdirectories.

To facilitate tracking, in addition to the license text, each project containing external code must contain a README file containing information about the project. The README must be named README.fuchsia and contain at least the following information:

Name: common name for the project

URL: web site of upstream project

LICENSE: short description of license

It’s also recommended, but not required, that the README.fuchsia files describe what version of the upstream project is being used and what kinds of modifications, if any, were made to port to Fuchsia. The short description of the license should be a Software Package Data Exchange (SPDX) license identifier that matches the license but there can be more text in cases where more elaboration on the license is required. Fuchsia project code, that is, code that The Fuchsia Authors hold copyright for and code that is released under the Fuchsia project’s standard license - does not require this file.

Categories of code and allowed licenses

Production target

This section applies to all code that runs in a production Fuchsia-based device in use by an end user. In this document, “production target” is defined as a production Fuchsia-based device in use by an end user. “Production target” includes the kernel, drivers, system services, frameworks, programs, etc running on the device regardless of how they are deployed. Code is permitted in this target if it is released under one of the following licenses and that license only. If there are additional restrictions, such as an IP grant or other additional clause, then the license approval does not suffice for that portion of code.

Approved licenses

The following are the approved licenses for production target devices:

Code not under one of these licenses and not explicitly granted an exemption is not permitted in the production target.

Licenses in the restricted or reciprocal categories will not be approved for use in Fuchsia.

Specific exceptions

The following repositories have been granted specific exemptions for production target devices:

These exemptions apply only to these specific repositories, and do not apply to anything else no matter how similar they may seem.

Proprietary exceptions

Under exceptional circumstances, when partners will not provide certain technology under open source licenses, Fuchsia may only be able to provide compiled binaries to the public under more restrictive license terms.

Any proprietary libraries that fall under this exception, such as several compatible drivers, will be separate and clearly marked as proprietary materials with the relevant license terms.

Proprietary license exceptions are disfavored in the Fuchsia ecosystem and exceptions will only be made when technology substantially improves Fuchsia functionality or interoperability substantially, no adequate open source alternatives exist, and the code or binaries can be separated from Fuchsia’s open source repositories. No third parties are entitled to an exception from the Fuchsia licensing policy.

Development target

This section applies to all code that is used by developers building things for Fuchsia including tools, debuggers, utilities, and examples. All licenses permitted for production targets are permitted for the development target. In this document, “development target” is defined as a non-production Fuchsia-based device in use by a Fuchsia developer and not an end user.

Approved licenses

Additionally, the following licenses are permitted for the development target:

Hosting development artifacts

To host an artifact (a binary or tarball) on Google storage for development purposes you must do the following:

  • Verify all transitive dependencies are under approved licenses.
  • Verify the exact source of all dependencies are hosted on https://fuchsia.googlesource.com/.
    • If some components are hosted elsewhere, contact the Open Source Review Board (OSRB) to check that the hosting arrangement satisfies the requirements of the Fuchsia project.
  • Produce a file containing the license text of the license of the binary and all transitive dependencies. Serve this file with the artifact (i.e., in a tar).

Modifying external code

The process for modifying external code is the same as for modifying Fuchsia project code. Be sure to keep the appropriate README.fuchsia files up-to-date with a high level description of changes from upstream. Do not modify any existing copyright notice or license file when changing external code.

Support contacts

Add new external code

For information on adding new external code, see Open Source Review Board (OSRB) Process.

Questions

If you have a question about Fuchsia’s external policies or how these policies relate to the Fuchsia project, email external-code@fuchsia.dev.