MPL-licensed `github.com/hashicorp/go-retryablehttp` is not allowed in CNCF

Hey folks, we (Kubernetes) use the rekor client directly from go in kubernetes-sigs/release-sdk: https://github.com/kubernetes-sigs/release-sdk/blob/83243fb51416adb402fbbb1e611e2861e8e8d008/sign/sign.go#L726

The issue is that [`GetRekorClient`  imports go-retryablehttp](https://github.com/sigstore/rekor/blob/1cb78ca673d02fb8302b27d6983e69b5281031ea/pkg/client/rekor_client.go#L27), which is MPL licensed and therefore not allowed in the CNCF. 

Would it be generally possible to switch to an alternative?  

Refers to https://github.com/kubernetes-sigs/release-sdk/issues/197

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

MPL-licensed `github.com/hashicorp/go-retryablehttp` is not allowed in CNCF #2342

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

MPL-licensed github.com/hashicorp/go-retryablehttp is not allowed in CNCF #2342

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

MPL-licensed `github.com/hashicorp/go-retryablehttp` is not allowed in CNCF #2342