Check license finder and determine what we can legally do
We recently added license finder to gitlab which is 
We have a basic list of licenses we allow for dependencies of GitLab but every once in a while we have new dependencies that include licenses that are not part of the list and/or are less well known. Considering the legal implications of adding a package with a potentially dangerous license, I suggest we add some kind of legal oversight to approving new licenses to the license finder.
Currently, the team takes ownership on deciding which license to approve which keeps us shipping but that could bite us in the future.
Activity
@pmachle is this in your bailiwick?
\cc @connorshea you worked on this, right?
@pmachle @ernstvn we referred to that document but the challenge was having sub-sub-sub-dependencies that had weird licenses like
UnlicenseorMIT\X11. We had discussions in slack and it ended up with back and forth between team members and @connorshea making the final call. Imo @connorshea shouldn't be held responsible for approving legal related licenses because that puts him at risk since he is not a lawyer. Does this make sense?-
New dependencies should be reviewed and i am happy to do that. If the license has been approved we should update our list. @ClemMakesApps could you update https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/licensing.md to include a process that gets approval from legal and once approved the original requestor then updates the handbook if the license is approved.
I'm not a lawyer, but I think the company would be held liable if I get it wrong, not me? Regardless, I'd appreciate some guidance from our legal team on this just for safety's sake :)
If a license is already listed on the docs linked above it should be fine, any new ones should go through Paul for approval. That sounds like a good system to me.
assigned to @ClemMakesApps
mentioned in commit test-nick/gitlab-ce@e5b61724
