This document describes open source licenses and related policies in the Fuchsia project.
All Fuchsia project code is hosted on https://fuchsia.googlesource.com/. Fuchsia project file headers will list Copyright <year_of_file_creation> The Fuchsia Authors.
Fuchsia is subject to multiple licenses:
Any code that has a different copyright holder or that is released under a different license is considered external code per this policy and must adhere to the external code policies in this document.
All external code hosted on https://fuchsia.googlesource.com/ must be open source code released under a license from the approved licenses list, unless otherwise listed in the specific exceptions or proprietary exceptions sections. All external code must be hosted in a repository whose name is prefixed with third_party or within a directory named third_party within one of Fuchsia’s existing repositories. If the code is hosted in its own repository, it must be mapped to a path including a directory named third_party when checked out as part of the Fuchsia Platform source tree. The set of licenses permitted for a particular portion of code depends on the usage of that code - see below for a list of approved licenses for production targets and development targets.
All code used in a Fuchsia build must be hosted on a Gerrit server run by Google. In almost all cases, the code must be hosted on https://fuchsia.googlesource.com/.
All source code must be downloaded when running jiri update. No build steps may download additional source code. Code from package management systems, such as packages from Dart’s Pub or crates from Rust’s Cargo, must be vendored into https://fuchsia.googlesource.com/ and comply with the same license requirements as any other code in the project.
Refer to What is a License?{:.external} for an explanation of what an open source license is and why it is important. All projects hosted on https://fuchsia.googlesource.com/ must be released under an approved license and contain the full license text alongside the code. Simply stating the license by reference - i.e. “BSD3” - is not sufficient, the actual text must be included. In most cases, the project should be an entire repository and the license text should be at the top level of the repository in a file named LICENSE, COPYRIGHT, or similar. In rare cases where the Fuchsia project needs to host multiple logical projects in a single repository, for example in Fuchsia’s Dart pub vendor repository, each project must be in its own directory with the license text for that project and a top-level file in the repository must explain the set of licenses used by the subdirectories.
To facilitate tracking, in addition to the license text, each project containing external code must contain a README file containing information about the project. The README must be named README.fuchsia and contain at least the following information:
Name: common name for the project URL: web site of upstream project LICENSE: short description of license
It’s also recommended, but not required, that the README.fuchsia files describe what version of the upstream project is being used and what kinds of modifications, if any, were made to port to Fuchsia. The short description of the license should be a Software Package Data Exchange (SPDX) license identifier{:.external} that matches the license but there can be more text in cases where more elaboration on the license is required. Fuchsia project code, that is, code that The Fuchsia Authors hold copyright for and code that is released under the Fuchsia project’s standard license - does not require this file.
This section applies to all code that runs in a production Fuchsia-based device in use by an end user. In this document, “production target” is defined as a production Fuchsia-based device in use by an end user. “Production target” includes the kernel, drivers, system services, frameworks, programs, etc running on the device regardless of how they are deployed. Code is permitted in this target if it is released under one of the following licenses and that license only. If there are additional restrictions, such as an IP grant or other additional clause, then the license approval does not suffice for that portion of code.
The following are the approved licenses for production target devices:
BSD 3-clause license, specifically the text at /LICENSE
BSD 2-clause license, specifically the text at https://opensource.org/licenses/BSD-2-Clause
BSD AES variant, specifically the text at https://fedoraproject.org/wiki/Licensing:BSD#AES_Variant
MIT license, specifically the text at /zircon/kernel/LICENSE
MITNFA license, specifically the text at https://spdx.org/licenses/MITNFA.html
X11 license, specifically the text at /third_party/github.com/intel/libva/va/x11/va_dri2.c
Zlib license, specifically the text at https://fuchsia.googlesource.com/third_party/zlib/+/main/README#85
Libpng license, specifically the text at https://fuchsia.googlesource.com/third_party/libpng/+/main/LICENSE
Boost license 1.0, specifically the text at https://fuchsia.googlesource.com/third_party/asio/+/main/asio/LICENSE_1_0.txt
OpenSSL license, specifically the text at https://fuchsia.googlesource.com/third_party/boringssl/+/upstream/master/LICENSE
FreeType project license, specifically the text at https://fuchsia.googlesource.com/third_party/freetype2/+/main/docs/FTL.TXT
Apache 2.0 license, specifically the text at https://fuchsia.googlesource.com/third_party/flatbuffers/+/main/LICENSE.txt
Independent JPEG Group License (IJG), specifically the text at https://fuchsia.googlesource.com/third_party/iccjpeg/+/main/LICENSE
ICU license, specifically the text at https://fuchsia.googlesource.com/third_party/icu/+/main/LICENSE
Curl license, specifically the text at https://fuchsia.googlesource.com/third_party/curl/+/main/COPYING
University of Illinois / NCSA Open Source License (NCSA), specifically the text at https://fuchsia.googlesource.com/third_party/clang/+/main/LICENSE.TXT
ISC license, specifically the text at https://fuchsia.googlesource.com/third_party/boringssl/+/upstream/master/LICENSE#143
IBM-Pibs license, specifically the text at https://github.com/u-boot/u-boot/blob/master/Licenses/ibm-pibs.txt
R8a779x_usb3 license, specifically the text at https://github.com/u-boot/u-boot/blob/master/Licenses/r8a779x_usb3.txt
Creative Commons Attribution 3.0 Unported license at https://creativecommons.org/licenses/by/3.0/legalcode
Creative Commons Attribution 4.0 International license at https://creativecommons.org/licenses/by/4.0/legalcode
Code not under one of these licenses and not explicitly granted an exemption is not permitted in the production target.
Licenses in the restricted{:.external} or reciprocal{:.external} categories will not be approved for use in Fuchsia.
The following repositories have been granted specific exemptions for production target devices:
These exemptions apply only to these specific repositories, and do not apply to anything else no matter how similar they may seem.
Under exceptional circumstances, when partners will not provide certain technology under open source licenses, Fuchsia may only be able to provide compiled binaries to the public under more restrictive license terms.
Any proprietary libraries that fall under this exception, such as several compatible drivers, will be separate and clearly marked as proprietary materials with the relevant license terms.
Proprietary license exceptions are disfavored in the Fuchsia ecosystem and exceptions will only be made when technology substantially improves Fuchsia functionality or interoperability substantially, no adequate open source alternatives exist, and the code or binaries can be separated from Fuchsia’s open source repositories. No third parties are entitled to an exception from the Fuchsia licensing policy.
This section applies to all code that is used by developers building things for Fuchsia including tools, debuggers, utilities, and examples. All licenses permitted for production targets are permitted for the development target. In this document, “development target” is defined as a non-production Fuchsia-based device in use by a Fuchsia developer and not an end user.
Additionally, the following licenses are permitted for the development target:
GNU General Public License v2.0 (GPL 2.0), specifically the text at https://fuchsia.googlesource.com/third_party/gdb/+/main/COPYING
GNU Library General Public License 2.0 (LGPL 2.0), specifically the text at https://spdx.org/licenses/LGPL-2.0.html#licenseText
GNU Lesser General Public License 2.1 (LGPL 2.1), specifically the text at https://spdx.org/licenses/LGPL-2.1.html#licenseText
Mozilla Public License Version 2.0 (MPL 2.0), specifically the text at https://spdx.org/licenses/MPL-2.0.html#licenseText
Open Font License 1.1 (OFL 1.1), specifically the text at https://github.com/u-boot/u-boot/blob/master/Licenses/OFL.txt
To host an artifact (a binary or tarball) on Google storage{:.external} for development purposes you must do the following:
The process for modifying external code is the same as for modifying Fuchsia project code. Be sure to keep the appropriate README.fuchsia files up-to-date with a high level description of changes from upstream. Do not modify any existing copyright notice or license file when changing external code.
For information on adding new external code, see Open Source Review Board (OSRB) Process.
If you have a question about Fuchsia’s external policies or how these policies relate to the Fuchsia project, email external-code@fuchsia.dev.
