Copyright and License Notices in Files
How to add copyright and license notices to source files.
The release process runs in four stages: get approval (A), prepare the code (B), set up the project (C), then release and operate it (D).

To release software, obtain approval from the responsible executive or leader of your organization.
After internal approval, request a review from OSRB (opensource@sktelecom.com). Fill in the checklist below.
Expected turnaround depends on the review scope.
SK Telecom applies Apache-2.0 by default. A different license may apply, for example when the ecosystem favors a specific license or when there is a dependency on a GPL library. See License Selection for the criteria.
Confirm SK Telecom has the right to redistribute, and move external libraries into a third_party directory with a LICENSE file in each.
[Root Directory]
|-- SKT source code
|-- ...
`-- third_party
|-- [external library A]
| |-- LICENSE
| `-- ...
`-- [external library B]
|-- LICENSE
`-- ...
Add copyright and license notices to every source file, following the REUSE standard. See Copyright and License Notice. Include a LICENSE file in the project root: use the official copy for Apache-2.0, and obtain others from the SPDX License List.
Before releasing, remove author names and emails from comments, internal information (file paths, hosts, IPs), and secrets such as credentials. See the Code Scrubbing Checklist for the items and automation.
Check for licenses with notice or source-disclosure obligations, third-party code you have no right to redistribute, and license conflicts. Also confirm whether any vulnerable open source is included. Request the review from OSRB.
Because controlled technology such as cryptography may be included, check the export control classification before releasing. For a Korean company, the Foreign Trade Act strategic-item determination is the primary basis; if U.S.-origin technology is included, also check the ECCN under the U.S. Export Administration Regulations (EAR). If classification or review is needed, have the responsible department confirm it through OSRB.
Choose a memorable name that conveys the project. See Naming the Project for the criteria, including trademark checks.
A GitHub or GitLab repository is recommended. Request membership in the SK Telecom GitHub organization (https://github.com/sktelecom) through OSRB. Provide the following.
Clearly define member roles. Add a CODE_OF_CONDUCT defining participant conduct, including non-discrimination, a safe environment, and how to report violations. Adopt the de facto standard Contributor Covenant, and set the reporting contact and enforcement procedure.
If you plan to accept external contributions, decide the contributor licensing policy. Adopt either a CLA (Contributor License Agreement) or a DCO (Developer Certificate of Origin) to clarify copyright and license rights. A DCO is a lightweight Signed-off-by certification; a CLA is a separate agreement. CLAs that require copyright assignment are restricted by company policy, so keep this consistent with the CLA section of the Contribution Rules.
A public project receives vulnerability reports from outside. Define the reporting path and response procedure in SECURITY.md.
# Security Policy
## Reporting a Vulnerability
Do not open a public issue. Report privately to <security contact>.
We will respond within <response time>.
## Supported Versions
List the version ranges that receive security fixes.
Enable GitHub Private Vulnerability Reporting as the intake channel. Set the response time, the principle of coordinated disclosure, and the procedure for CVE assignment and security advisories.
Provide the following.
Release publicly at https://github.com/sktelecom.
Releasing is hard to reverse. Once public, code can be copied and kept by others, so confirm that all pre-release checks are complete.
Announce on relevant community mailing lists and forums, and promote through the tech blog, social media, and conferences. A project’s success is gauged by participation and contributions, and building a community takes ongoing effort.
Releasing is not the end. Keep up the following.
How to add copyright and license notices to source files.
Choosing a name for your open source project
Removing sensitive information and secrets before release.
How to choose an open source license for the project you release.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.