Hi there,
I hope I am addressing the right audience here. Otherwise, forgive me and please support me in finding the appropriate contact. We are currently investigating the options using the Prometheus Docker container within software distributions and diverse production scenarios. We found in particular that there is no complete information available regarding all covered software contained the current docker containers that can be publicly pulled from https://hub.docker.com/r/prom/prometheus/. Specifically, the containers that we analysed do not include any license information covering operating system level packages (such as busybox; see below). We are wondering whether there is a complete documentation (compliance documentation, bill of materials) available. The LICENSE and NOTICE file are rather incomplete in this (and other) aspects. For example: - The container covers busybox, which is licensed under GNU General Public License Version 2.0 (GPL-2.0). - The GPL-2.0 license requires to include the license text in the distribution and to make source code available to the recipient of the software. - The container / project does not make these aspects transparent and does not deal with the license obligations. - The container / project does not include enough information to derive the covered software (unique identification, version, license details) Perhaps we can get in touch to clarify these questions. We are happy to dig into the details with some guidance. Regards and a good start into 2021...Stay healthy, Karsten -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/b691e8e6-a7e1-493e-aa65-8a5062477faen%40googlegroups.com.
