THE LINUX FOUNDATION PROJECTS

Policies

Privacy Policy of LF Open Source, LLC

Effective Date: January 9, 2026

This Privacy Policy describes our policies and procedures about the collection, use, disclosure and sharing of your personal information or personal data when you use our websites (e.g., lfopensource.com, collectively, “Sites”). This Privacy Policy applies to activities by LF Open Source (“LFOS,” “we” or “us”). LFOS facilitates the hosting of events related to open collaboration and enables the access and use of application development platforms of third party application stores and distribution entities (each, a “Platform”) and the distribution of applications.

Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Use. In this Privacy Policy, “personal information” or “personal data” means information relating to an identified or identifiable natural person. Your use of our Sites, and the provision of any services via the Sites (“Services”), and any dispute over privacy, is subject to this Policy and our Terms of Use, including its applicable limitations on damages and the resolution of disputes. The LFOS Terms of Use are incorporated by reference into this Policy.

Personal Data That LFOS Collects

We collect information directly from individuals, from third parties, and automatically through the Sites. You do not have to provide us your personal information. However, if you choose not to disclose certain information, we will not be able to provide you with access to certain services or features, including participation in certain aspects of our open source projects.

Communications. When you communicate with us (via email, phone, through the Sites or otherwise), we may maintain a record of your communication.

Automatically Collected Data. In addition, LFOS may automatically collect the following information about Users’ use of the sites or services through cookies, web beacons, and other technologies: your domain name; your browser type and operating system; web pages you view; links you click; your IP address; the length of time you visit our Sites and or use our services; and the referring URL, or the webpage that led you to our Sites. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other personal information. Please see our cookie policy for more information about our use of cookies.

De-identified Data. We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular User or an individual data subject (“De-identified Data”), subject to the terms of any applicable User agreements. We may use this data to improve our Services, analyze trends, publish market research, and for other marketing, research or statistical purposes, and may disclose such data to third parties for these specific purposes.

Purposes and Legal Bases for Our Using of Your Information

Purposes and Legitimate Interests

LFOS uses the information we collect for our legitimate business interests, which include the following purposes:

  • Providing our Sites and Services. To provide the Services and our Sites, to communicate with you about your use of our Sites and Services, to respond to your inquiries, provide troubleshooting of the Sites and for other purposes to support Users and the community.
  • Personalization. To tailor the content and information that we may send or display to you on our Sites and in our Services, to offer location customization and personalized help and instructions and to otherwise personalize your experiences.
  • Advertising. For targeting advertising to you on our Sites and third-party sites and measuring the effectiveness and reach of ads and services (through third-party ad networks and services).
  • Analytics. To gather metrics to better understand how Users access and use our Sites and Services and participate in our Projects; to evaluate and improve the Sites, including personalization, to develop new services; and to understand metrics regarding the community health of our Projects.
  • Compliance. To comply with legal obligations and requests. For example, to comply with laws that compel us to disclose information to public authorities, courts, law enforcement or regulators, maintain records for a certain period, or maintain records demonstrating enforcement and sublicensing of our trademarks and those of our Projects.
  • Business and Legal Operations. As part of our general business and legal operations (e.g., accounting, record keeping, and for other business administration purposes), and as necessary to establish, exercise and defend (actual and potential) legal claims.
  • Prevent Misuse. Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.
Purposes of Processing

(see above)

 Legal Bases of Processing (EU Users)
Providing our Sites and Services ●  Our Legitimate Business Interests

●  Necessary to the Performance of a Contract with You (upon your request, or as necessary to make the Services available)

●  Compliance with Law
Operating our Open Source Projects ●  Our Legitimate Business Interests

●  Where Necessary to the Performance of a Contract with You (upon your request, or as necessary to make the Services available)

●  Compliance with Law

●  As necessary to establish, exercise and defend legal claims
Personalization ●  Our Legitimate Business Interests
Advertising ●  Our Legitimate Business Interests

●  With Your Consent
Analytics ●  Our Legitimate Business Interests
Compliance ●  Our Legitimate Business Interests

●  Compliance with Law

●  As necessary to establish, exercise and defend legal claims
Business and Legal Operations ●  Our Legitimate Business Interests

●  Compliance with Law

●  As necessary to establish, exercise and defend legal claims
Prevent Misuse ●  Our Legitimate Business Interests

●  Compliance with Law

●  As necessary to establish, exercise and defend legal claims

 

Sharing of Information

We disclose information as set forth below, and where individuals have otherwise consented:

  • Service Providers.We may share your information with third party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, contractors and consultants.
  • Affiliates. The information collected about you may be accessed by or shared with related companies and affiliates of LFOS, whose use and disclosure of your personal information is subject to this Privacy Policy, unless an affiliate has its own separate privacy policy. LFOS may also share with The Linux Foundation the same types of data as described above, doing so in the furtherance of enabling The Linux Foundation’s support of the open source projects for which LFOS makes binaries available. The Linux Foundation’s privacy policy is available at https://www.linuxfoundation.org/privacy/.
  • Organizational Events.We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, or restructuring of all or part of our business operations, bankruptcy, or similar event.
  • Legally Required.We may disclose your information if we are required to do so by law (including to law enforcement in the U.S. and other jurisdictions).
  • Protection of Rights.We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, and protect the rights, property or safety of LFOS, its Users, or others.
  • Anonymized and Aggregated Data.We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.

Cookies, Tracking, and Interest-Based Ads

We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your usage and browsing activities on our Site and across third party sites or online services. We may combine this information with other information we collect about Users. Below, we provide a brief summary these activities. For more detailed information about these mechanisms and how we collect activity information, see our Cookie Policy.

  • Cookies. These are small files with a unique identifier that are transferred to your browser through our websites. They allow us to remember Users who are logged in, to understand how Users navigate through and use the Sites, and to display personalized content and targeted ads (including on third party sites and applications).
  • Pixels, web beacons, clear GIFs. These are tiny graphics with a unique identifier, similar in function to cookies, which we track browsing activities. We use these as part of our Training Affiliate Program. We also use these in our emails to let us know when they have been opened or forwarded, so we can gauge the effectiveness of our communications.
  • Analytics Tools. We may use internal and third-party analytics tools, including Google Analytics. The third-party analytics companies we work with may combine the information collected with other information they have independently collected from other websites and/or other online products and services. Their collection and use of information is subject to their own privacy policies.

Please note that LFOS does not respond to “do not track” signals or other similar mechanisms intended to allow California residents to opt-out of Internet tracking under California Online Privacy Protection Action (“CalOPPA”).

Targeted Ads. As discussed in our Cookie Policy, we may work with third party advertisers to display more relevant ads on our website and on third party sites; these third parties may display ads to you based on your visit to our Sites and other third party sites. For more information about this and how you can opt out of such ads, please see our Cookie Policy.

Data Security

We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security.

You should take steps to protect against unauthorized access to your passwords, phone, and computer by, among other things, signing off after using a shared computer, choosing robust passwords that nobody else knows or can easily guess, not using a password for more than one site or service, and keeping your log-ins and passwords private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity. You must promptly notify us if you become aware that any information provided by or submitted to our Sites or through our Services is lost, stolen, or used without permission at privacy@lfopensource.com.

Marketing Choices

You may opt out or revoke your consent to receive marketing emails from us by using unsubscribe or opt out mechanisms included in our marketing emails or by emailing privacy@lfopensource.com. You may unsubscribe from mailing lists via the applicable mailing list’s subscription website or, in some cases, by using the unsubscribe mechanisms included in such emails.

Retention of Your Personal Data

We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

International Transfers

If you are located within the European Union (EU), you should note that your information will be transferred to the United States where LFOS is located. The U.S. is deemed by the European Union to have inadequate data protection.  However, we have put in place European Commission approved Standard Contractual Clauses which protect personal data transferred between LFOS and affiliated entities as well as The Linux Foundation, its managed service provider. In addition, if personal data is transferred to third party service providers located outside the European Union, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, or using the European Commission approved Standard Contractual Clauses. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting gdpr@lfopensource.com.

Children’s Privacy

Except as specifically indicated within a Site, we do not knowingly collect or solicit personal information from anyone under the age of 13 (or under the age of 14 for anyone living in Spain or South Korea), or knowingly allow such persons to register. If we become aware that we have collected personal information from a child under the relevant age without parental consent, we take steps to delete that information.

Links to Third Party Sites and Services

The Sites may contain links to third party sites or online services. We are not responsible for the practices of such third parties, whose information practices are subject to their own policies and procedures, not to this Privacy Policy.

Your Rights

Access and Amendment. You may contact our privacy coordinator, as set forth below, to access or amend your personal information.

Additional Rights. Individuals in the European Economic Area (and other jurisdictions where applicable) have additional rights under applicable law:

  • to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
  • to rectify inaccurate personal data (including to have incomplete personal data completed);
  • to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • to restrict processing of your personal data under certain circumstances;
  • to export certain personal data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;
  • to withdraw your consent to our processing of your personal data (where that processing is based on your consent);
  • to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization; and
  • to object to our use and processing of your personal information that is conducted on the basis of a legitimate interest or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes.

Lodging a Complaint. You also have the right to lodge a complaint with your local supervisory authority for data protection, or privacy regulator.

Submitting a Request. To exercise the above rights or contact us with questions or complaints regarding our treatment of your personal data, contact us at gdpr@lfopensource.com. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

California Privacy Rights

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to privacy@lfopensource.com.

Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us at privacy@lfopensource.com, or write to us at: LF Open Source, LLC, Attn: Legal Department, 2810 N Church St, PMB 57274, Wilmington, Delaware 19802-4447 US.

You can also reach our EU representative, Linux Labs Limited, whose registered office is 10 London Mews, London, W2 1HY, United Kingdom, at privacy@lfopensource.com.

Changes to the Privacy Policy

This Policy is current as of the effective date set forth above. If we change our privacy policies and procedures, we will post those changes on this page and/or continue to provide access to a copy of the prior version. If we make any changes to this Privacy Policy that materially change how we treat your personal information, we will endeavor to provide you with reasonable notice of such changes, such as via prominent notice on our Sites or to your email address of record, and where required by law, we will obtain your consent or give you the opportunity to opt out of such changes.

lfopensource.com Terms of Use

Effective: January 9, 2026

Introduction

LF Open Source, LLC (“LFOS”) is a Delaware limited liability company. By using this website, you are agreeing to be bound by the following terms and conditions here.

Users cannot:

  • violate anyone’s intellectual property and post anyone else’s copyrighted or confidential material you don’t have permission to use.
  • post anything vulgar, inflammatory, pornographic, etc.
  • post spam.
  • abuse the system using metalinks and tags to boost any site’s SEO.
  • post just to sell something.
  • launch into personal attacks. You’re not going to agree with everyone, but name-calling will just cause trouble and will be regarded as flaming behavior.
  • use foul language. You can say what you need to say without relying on cursing. In fact, your writing will be regarded as that much more creative.

If you don’t agree to these terms, don’t use this website.

BY ACCESSING, BROWSING OR USING THIS WEB SITE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND AND AGREE TO BE BOUND BY THESE TERMS AND CONDITIONS.

This Web site is a service made available by LFOS. All software, documentation, information and/or other materials provided on and through this Web site (“Content”) may be used solely under the following terms and conditions (“Terms of Use”).

This Web site may contain other proprietary notices and copyright information, the terms of which must be observed and followed. The Content on this Web site may contain technical inaccuracies or typographical errors and may be changed or updated without notice. LFOS may also make improvements and/or changes to the Content at any time without notice.

LFOS assumes no responsibility regarding the accuracy of the Content and use of the Content is at the recipient’s own risk. LFOS provides no assurances that any reported problems with any Content will be resolved.

IN NO EVENT WILL LFOS, OUR SERVICE PROVIDERS AND/OR ANY AFFILIATE BE LIABLE TO YOU (AN INDIVIDUAL OR ENTITY) OR ANY OTHER INDIVIDUAL OR ENTITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES RELATED TO ANY USE OF THIS WEB SITE, THE CONTENT, OR ON ANY OTHER HYPER LINKED WEB SITE, INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, LOST SALES, LOST REVENUE, LOSS OF GOODWILL, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR OTHER DATA ON YOUR INFORMATION HANDLING SYSTEM OR OTHERWISE, EVEN IF THE LINUX FOUNDATION OR THE MEMBERS ARE EXPRESSLY ADVISED OR AWARE OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES.
ALL CONTENT PROVIDED BY LF PROJECTS IS ON AN “AS IS” BASIS ONLY. LF PROJECTS PROVIDES NO REPRESENTATIONS, CONDITIONS AND/OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY AND NONINFRINGEMENT.

LFOS reserves the right to investigate complaints or reported violations of these Terms of Use and to take any action they deem appropriate including, without limitation, reporting any suspected unlawful activity to law enforcement officials, regulators, or other third parties and disclosing any information necessary or appropriate to such persons or entities relating to user profiles, e-mail addresses, usage history, posted materials, IP addresses and traffic information.

LFOS reserves the right to seek all remedies available at law and in equity for violations of these Terms of Use, including but not limited to the right to block access from a particular Internet address or account holder to this Web site.

Please see the Privacy Policy of LFOS for information on our privacy policy.

Digital Millennium Copyright Act

LFOS respects the intellectual property of others, and we ask users of our Web sites to do the same. In accordance with the Digital Millennium Copyright Act (DMCA) and other applicable law, we have adopted a policy of terminating, in appropriate circumstances and at our sole discretion, subscribers or account holders who are deemed to be repeat infringers. We may also at our sole discretion limit access to our Web site and/or terminate the accounts of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

Notice and Procedure for Notifying Designated Agent of Claims of Copyright Infringement

If you believe that any material on this Web site infringes upon any copyright which you own or control, or that any link on this Web site directs users to another Web site that contains material that infringes upon any copyright which you own or control, you may file a notification of such infringement with our Designated Agent as set forth below. Notifications of claimed copyright infringement must be sent to LFOS Designated Agent for notice of claims of copyright infringement. Our Designated Agent may be reached as follows:

Designated Agent:

Attn: Manager, DMCA
LF Open Source, LLC
2810 N Church St, PMB 57274, Wilmington, Delaware 19802-4447 US

Cookie Policy of LF Open Source, LLC

Effective date: January 9, 2026

The websites of LF Open Source, LLC (“LFOS”) and its open source projects (collectively, the “Sites”) use cookies, in combination with pixels, local storage objects, and similar devices (collectively, “cookies” unless otherwise noted) to distinguish you from other users of the Sites. This helps us provide you with a good experience, improve our service, and personalize ads and content that may be delivered to you while you use the Sites.

This cookie policy (“Cookie Policy”) describes the types of the cookies we use on the Sites and our purposes for using them.

If you have questions about this Cookie Policy, please contact us at privacy@lfopensource.com. For a more complete description and list of the third party cookies that we currently use on the Sites, please see below. For more information about our privacy practices, please review our Privacy Policy. We may update this Cookie Policy from time to time, so please check back periodically.

Your Consent

You consent to placement of cookies on your computer by us and our third party service providers. Please read this Cookie Policy carefully for details about why we use cookies and the information they collect from and about you.

Withdraw Your Consent at Any Time

If you do not wish to accept cookies in connection with your use of the Sites, you will need to delete, and block or disable cookies via your browser settings; see below for more information on how to do this. Please note that disabling cookies will affect the functionality of the Sites, and may prevent you from being able to access certain features on the Sites.

What Is a Cookie?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit the Sites.

Key Concepts

First and third-party cookies: whether a cookie is ‘first’ or ‘third’ party refers to the domain placing the cookie.

  • First-party cookies are those set by a website that is being visited by the user at the time (e.g., cookies placed by org).
  • Third-party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website, this would be a third-party cookie.

Persistent cookies: these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.

Session cookies: these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

How to Delete and Block our Cookies

Most web browsers allow some control of most cookies through the browser settings. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of the Sites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit the Sites.

Changing your Cookie Settings. The browser settings for changing your cookies settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the ‘Help’ option in your internet browser for more details.

More information. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit https://www.aboutcookies.org/ or http://www.allaboutcookies.org/.

What Cookies Do We Use and Why?

Generally the Sites use cookies to distinguish you from other users of the Sites. This helps us to provide you with a good experience when you browse the Sites and also allows us to improve them.

The cookies we may use on the Sites may be categorized as follows:

  • Strictly necessary
  • Performance
  • Functionality
  • Targeting

Some cookies may fulfill more than one of these purposes.

‘Strictly Necessary’ cookies let you move around the Sites and use essential features like secure areas. Without these cookies, we cannot provide the requested services.

We use these Strictly Necessary cookies to:

  • Identify you as being logged in to the Sites and to authenticate you
  • Make sure you connect to the right service on our Sites when we make any changes to the way it works
  • For security purposes

Accepting these cookies is a condition of using certain functionality of the Sites, so if you prevent these cookies we can’t guarantee how the Sites or the security on the Sites will perform during your visit.

‘Performance’ cookies collect information about how you use the Sites, e.g. which pages you visit, and if you experience any errors. These cookies do not collect any information that could identify you and are only used to help us improve how the Sites work, understand what interests our users and measure the effectiveness of our advertising.

We use performance cookies to:

  • Carry out web analytics: Provide statistics on how the Sites are used
  • Perform partner and affiliate program tracking: Provide feedback to partners and affiliate program third parties that one of our visitors also visited their site
  • Obtain data on the number of users of the Sites that have viewed a part of the Sites
  • Help us improve the Sites by measuring any errors that occur
  • Test different designs for the Sites

Some of our performance cookies are managed for us by third parties.

‘Functionality’ cookies are used to provide services or to remember settings to improve your visit.

We use ‘Functionality’ cookies for such purposes as:

  • Remember settings you’ve applied such as layout, text size, preferences and colors
  • Remember if we’ve already asked you if you want to fill in a survey
  • Remember if you have engaged with a particular component or list on the Sites so that it won’t repeat
  • Show you when you’re logged in to the Sites
  • To provide and show embedded video content

Some of our functionality cookies are managed for us by third parties.

‘Targeting’ cookies are used to track your visit to the Sites, as well other websites, apps and online services, including the pages you have visited and the links you have followed, which allows us to display targeted ads to you on the Sites.

We may use targeting cookies to:

  • Display targeted ads within the Sites, including those displaying our training, certification and event opportunities.
  • To improve how we deliver personalized ads and content, and to measure the success of ad campaigns on the Sites.

Additional Information About Third Party Analytics in use on the Sites

Facebook Connect. For more information about what Facebook collects when you use Facebook buttons on the Sites or visit pages on the Sites that include these buttons, please see: https://www.facebook.com/about/privacy/.

Twitter. For more information about what Twitter collects when you use Twitter buttons on the Sites or visit pages on the Sites that include these buttons, please see: https://twitter.com/en/privacy.

LinkedIn. For more information about what LinkedIn collects when you use LinkedIn buttons on the Sites or visit pages on the Sites that include these buttons, please see: https://www.linkedin.com/legal/privacy-policy.

YouTube. For more information about what YouTube collects when you use YouTube buttons on the Sites or visit pages on the Sites that include these buttons, please see: https://www.youtube.com/static?template=privacy_guidelines.

Google+. For more information about what Google collects when you use Google+ buttons on the Sites or visit pages on the Sites that include these buttons, please see: https://policies.google.com/privacy.

Pardot. For more information about what Salesforce collects when you visit certain of the Sites, please see: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm.

New Relic. For more information about what New Relic collects to assist with performance monitoring for certain of the Sites, please see: https://docs.newrelic.com/docs/browser/new-relic-browser/page-load-timing-resources/new-relic-cookies-used-browser.

Google Analytics. Google Analytics is a web analytics service provided by Google, Inc. (“Google”). For more information about Google Analytics cookies, please see Google’s help pages and privacy policy:

Google’s Privacy Policy

Google Analytics Help pages

Google has developed the Google Analytics opt-out browser add-on; if you want to opt out of Google Analytics, you can download and install the add-on for your web browser here.

Google uses cookies to help us analyze how users use the Sites. The information generated by the cookie about your use of the Sites (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the Sites, Google will use this information for the purpose of evaluating your use of the Sites, compiling reports on your activity for us and third parties who help operate and provide services related to the Sites. Google will not associate your IP address with any other data held by Google. You may refuse the use of these cookies by selecting the appropriate settings on your browser as discussed in this notice. However, please note that if you do this, you may not be able to use the full functionality of the Sites. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout.

Further information concerning the terms and conditions of use and data privacy can be found at https://www.google.com/analytics/terms/ or at https://policies.google.com/.

Please note that on the Sites, Google Analytics code is supplemented by “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so called IP-masking).

More Information About Cookies

Internet Advertising Bureau

A guide to behavioral advertising and online privacy that has been produced by the internet advertising industry can be found at http://www.youronlinechoices.eu/.

International Chamber of Commerce United Kingdom

Information on the ICC (UK) UK cookie guide can be found on the ICC website section at http://www.international-chamber.co.uk/our-expertise/digitaleconomy.

THIRD PARTY COOKIE LIST

Domain Technical Name Purpose
www2.thelinuxfoundation.org pardot Pardot sets cookies for tracking purposes, and sets third-party cookies for redundancy. Using first-party and third-party cookies together is standard in the marketing automation industry. Pardot cookies do not store personally identifying information, they store only a unique identifier. Pardot tracks visitor and prospect activities on this website and on Pardot landing pages by setting cookies. These cookies are set in order to remember preferences (like form field values) when a visitor returns to this site.
www2.thelinuxfoundation.org visitor_id6342
www2.thelinuxfoundation.org visitor_id6342-hash
youtube.com APISID

CONSENT

HSID

LOGIN_INFO

PREF

SAPISID

SID

SSID

VISITOR_INFO1_LIVE

YSC
ghbtns.com __cfduid

 

Developer Account Access and Binary Distribution Policy

Last updated: January 9, 2026

Background

LF Open Source, LLC (“LFOS”) enables the access and use of application development platforms of third party application stores and distribution entities (each, a “Platform”) and the distribution of applications through those Platforms.

LFOS enables developers of qualified open source project developers who have executed and are subject to a LFOS Dev Account Access Agreement to access LFOS’s Platform accounts for the benefit of a qualified open source project (each, a “Dev Account”).

Binaries

In this policy, “Binaries” refers to any such version of the Project’s software that is produced and published by the Project in a ready-to-run, packaged form, with the intent of making it broadly available for execution in that form by downstream recipients. Binaries include applications intended to be distributed via Platforms.

For example, for purposes of this policy, “Binaries” include (a) executable versions of the Project software compiled and published as a “Release” via a Platform pursuant to support by LFOS, (b) applications based on the Project software compiled and published to a Platform pursuant to support by LFOS, and c) source code versions of the Project software, when packaged together with third-party dependencies and published as a ready-to-run unit to a Platform pursuant to support by LFOS.

“Binaries” include any third-party dependencies that are included in the distributed content.

For purposes of this policy, “Binaries” do not include:

    • Object code files generated by third parties (including Project participants) on their own behalf, separately from the artifacts officially published by the Project community.
    • Object code files created as intermediate steps as part of the Project’s automated build and testing process, where such files are not intended for general downstream use.
    • Auto-generated files created by transforming a Project source code file into another source code form included in the Project’s source code repository.
  • Example: when a Protocol Buffers .proto file is “compiled” into a language-specific file that is included in the Project’s source code repo, that automatically-generated file is not considered a “Binary” under this policy.
    • Binary data included in a project’s source code repository for purposes other than execution by end users.
  • Example: Graphical image files in a repo are not considered “Binaries” under this policy, despite consisting of binary (non-textual) data.
  • Example: Binary data files included as test cases in a repo are not considered “Binaries” under this policy.

Binary Distribution Considerations

A Project’s publication and distribution of Binaries raises several potential legal, policy, and compliance considerations that go beyond those involved in distributing source code, such as:

  • License compliance: Applicable open source licenses, including those for third-party dependencies, may impose additional requirements on Binaries that go beyond those for source code itself.
  • Security: Since a Binary is intended to be ready-to-run, and may include third-party dependencies that are not directly visible in the source code itself, Projects distributing Binaries should take extra steps to account for security and vulnerability management.
  • Export controls: Some countries’ export controls regulations may impose additional requirements on distributions of Binaries, particularly when cryptography is involved.
  • Distributor requirements: A third-party software distribution network, such as an “app store” or a package manager, may impose contractual obligations that the Project needs to ensure it follows.
  • Community expectations: Finally, a Project distributing Binaries should consider the typical assumptions that would be made by recipients of an open source project’s Binaries, and conform to those expectations.
  • End-User Support Requirements: various Platforms require that support be provided to end-users of applications and Binaries distributed through their infrastructure. Any open source project that wishes to use LFOS in the distribution of Binaries must agree, and be ready to, provide such end-user support as the application Platform may require. LFOS is itself not positioned or able to provide end-user support. Any open source project that is unable to provide end-user support as may be required by any application Platform will have its access rights to LFOS Accounts removed.

The remainder of this policy sets forth requirements and recommendations for Projects that choose to distribute Binaries.

Requirements for Distributing Binaries

Before distributing a Binary—whether via its own repository or website, or on a Platform—the Project must ensure that it complies with the following requirements.

 

1. Identify LFOS as the distribution entity

In the metadata for the Binary, and where applicable at the points of distribution, the Project should ensure that “LF Open Source, LLC” is specified as the legal entity distributing the Binary.

2. Distribute at no charge under the Project’s Applicable Licenses

The Project must make the Binary available to all persons at no charge.

The Binary must be distributed under the open source licenses specified in the Project’s intellectual property policy, as set forth in its charter (see Section 3 below). Additional applicable licenses should also be specified and complied with as described in Section 4 below.

3. Comply with Project’s Intellectual Property Policy

The Binary must only include content that is subject to licenses that comply with the Project’s intellectual property policy. Please review the Project’s charter for details about its specific IP policy.

Projects’ IP policies typically require approval from a Project governing body when distributing content under licenses that differ from the Project’s own licenses. This may be necessary in particular for distributing third-party dependencies subject to other licenses.

Third-party dependencies will typically only be approved for distribution by a Project governing body when they are provided under either:

  1. an appropriate free and open source software (FOSS) license, which is compatible with other applicable licenses for the Binary’s particular use case; or
  2. in very limited situations, non-FOSS components that are required for redistribution with the Binary and subject to pterms permitting redistribution. This may include, for example, redistributable components that are separate programs (e.g. an application that directly calls a proprietary database), or that are necessarily interfaced with or used whenever any software is developed for the particular platform.

4. Comply with all Applicable Licenses

The Project must ensure that it complies with all licenses applicable to the Binary’s distribution.

The specific requirements will vary depending on the particular licenses and dependencies involved, and may include (among others) requirements such as:

  • including a copy of all applicable licenses’ texts;
  • retaining and reproducing all applicable copyright notices;
  • making available applicable corresponding source code for part or all of the distributed content (including dependencies); and
  • ensuring that the applicable licenses are “compatible” with one another for the particular use case of making the Binary available.

5. Comply with US Export Controls requirements

Please see the Linux Foundation’s guidance on export controls at https://www.linuxfoundation.org/resources/publications/understanding-us-export-controls-with-open-source-projects?hsLang=en for more information about the U.S. Export Administration Regulations (EAR) and open source.

If the Binary includes any cryptographic functionality, the corresponding source code for that functionality must be publicly available. (In other words, any non-FOSS, object-code-only components approved under 3(B) above should not include cryptographic functionality.)

Additionally, if the Binary implements any non-standard cryptography, then additional notifications must be delivered prior to making the Binary available. Please contact your Linux Foundation program manager or another Linux Foundation staff member to discuss.

6. Establish a Security Policy

All Projects approved for distribution of Binaries via LFOS must publish, in its governance materials or other project documentation, and maintain and follow a written security policy that describes how the Project:

  1. uses secure software development practices; and
  2. handles vulnerabilities in an effective manner.

This security policy should include a point of contact (such as a group email address that is monitored by more than one Project maintainer) for receiving reports of vulnerabilities.

The Project should verify on a regular basis that it is acting in accordance with its security policy.

7. Consider Privacy and Telemetry Requirements

If the Project will be collecting and processing any personal data via end users’ use of the Binary, the Project should work with its Linux Foundation program manager to determine whether a review by Linux Foundation privacy team members is warranted.

Similarly, if the Project’s Binary will be collecting any telemetry data (whether personal data or not) via end users’ use of the Binary, the Project should work with its Linux Foundation program manager to determine whether a review under the Project’s applicable Telemetry Data Collection and Usage Policy is warranted

 

Additional Requirements for App Store Distribution

Some Projects may desire to make Binaries available via third-party “app stores,” such as the Apple App Store, Google Play Store, and others.

These app stores typically require application providers to sign up to extensive contractual obligations, which are structured for use by commercial software companies rather than open source project communities. These obligations often relate to matters such as code signing; insurance requirements; confidentiality commitments; and others.

As a result, in order for a Project to make its Binaries available on a third-party “app store” that requires additional contractual terms, the Project must ensure that it complies with the following requirements in addition to those set forth above.

1. LF Directed Fund approval required

Because of the expenses involved in satisfying app store requirements, any Project that desires to publish Binaries on an app store must be supported by a funded Linux Foundation Directed Fund.

The Directed Fund’s governing board must (A) formally approve the publication of Binaries on app stores, and (B) agree that the Directed Fund’s budget will be responsible for any liabilities that arise from such publication of Binaries by the Project.

2. Ensure available (including elsewhere) under FOSS license

Some app stores may mandate that the applications it distributes be subject to particular end-user license agreement (EULA) terms, which may require including non-FOSS provisions.

If so, then in addition to the Binary published on the app store under such terms, the Project community should also ensure that it makes available an equivalent version of the Binary in a separate location (such as the Project’s repo artifacts or website) under the Project’s applicable FOSS licenses.

3. Establish an End User Support Policy

While virtually all FOSS licenses explicitly disclaim obligations for software licensors to provide support, some app stores may nonetheless mandate that their platforms’ end users are supported by the application providers.

In order to comply with this requirement, the Project should develop and publish, in its governance materials or other project documentation, a written end user support policy that describes how the Project will provide maintenance and support for end users of the Binary.

This end user support policy should include a point of contact (such as a group email address that is monitored by more than one Project maintainer) for receiving support requests.

The Project should verify on a regular basis that it is acting in accordance with its end user support policy.

4. Reference the applicable LFOS Privacy Policy

App store terms typically require that the Binary application’s metadata include a link to the applicable Privacy Policy. The Project should work with its Linux Foundation program manager to identify and reference the correct Privacy Policy.

5. Sign a Dev Account Access Agreement with LF distribution entity

Projects supported by the Linux Foundation, being open source communities, naturally do not contemplate the use of confidentiality obligations. However, some app stores impose confidentiality requirements on the persons who are provided with access to tools and information used for publishing applications to the app store.

Since Project maintainers are almost always not employees of the Linux Foundation, confidentiality requirements imposed by the app stores would not automatically be applied to the Project maintainers who would be involved in actually carrying out the publication to the app stores.

Therefore, one or more of the Project maintainers may be required to enter into a short dev account access agreement with the LF binary distribution entity, so that the confidentiality requirements imposed by the app stores can be satisfied.

Recommendations

Projects are strongly encouraged to establish a process for creating and publishing Software Bills of Materials (SBOMs) describing the contents of the Binaries. SBOMs should be published in a standardized format such as SPDX.

Comments

This policy may be amended from time to time. Comments and feedback on this policy should be sent to legal@lfopensource.com.