From 144bb932c6c8a6cb19d40f2a22beb9079fef4cfd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 2 Nov 2025 15:26:14 +0000
Subject: [PATCH 1/4] Initial plan


From bee1aed22d6f8456e90a790cd59bb696cf329550 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 2 Nov 2025 15:30:05 +0000
Subject: [PATCH 2/4] Add licensing documentation for third-party code

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
---
 contributions.md           |  1 +
 contributions/licensing.md | 75 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 76 insertions(+)
 create mode 100644 contributions/licensing.md

diff --git a/contributions.md b/contributions.md
index 450a8fbc..d69ecb6d 100644
--- a/contributions.md
+++ b/contributions.md
@@ -5,6 +5,7 @@
 * **[WordCamp Contributor Day](https://make.wordpress.org/cli/handbook/contributions/contributor-day/)** - Quick-start guide for WordCamp Contributor Days.
 * **[Ideas](https://github.com/wp-cli/ideas)** - Up-vote existing ideas or submit your own.
 * **[Governance](https://make.wordpress.org/cli/handbook/contributions/governance/)** - Summary of those behind WP-CLI.
+* **[Licensing](https://make.wordpress.org/cli/handbook/contributions/licensing/)** - License requirements for third-party code and dependencies.
 * **[Implementation details](https://make.wordpress.org/cli/handbook/contributions/implementation-details/)** - Catalog of historical design decisions.
 * **[Philosophy](https://make.wordpress.org/cli/handbook/contributions/philosophy/)** - Guidelines which inform project scope, command organization, and behavior.
 * **[Pull requests](https://make.wordpress.org/cli/handbook/contributions/pull-requests/)** - Submit your first bug fix or new feature.
diff --git a/contributions/licensing.md b/contributions/licensing.md
new file mode 100644
index 00000000..1c281cca
--- /dev/null
+++ b/contributions/licensing.md
@@ -0,0 +1,75 @@
+# Licensing
+
+WP-CLI is licensed under the [MIT license](https://github.com/wp-cli/wp-cli/blob/master/LICENSE). This document outlines WP-CLI's licensing expectations for third-party code.
+
+## Accepting third-party code into the official repository/organization
+
+All code accepted into repositories under the official [WP-CLI GitHub organization](https://github.com/wp-cli) must be compatible with the MIT license. This ensures that WP-CLI can remain freely usable, modifiable, and distributable by anyone.
+
+### Compatible licenses
+
+The following licenses are compatible with MIT and are acceptable for contributions:
+
+* **MIT License** - Preferred, as it matches WP-CLI's license
+* **BSD licenses** (2-Clause, 3-Clause) - Compatible permissive licenses
+* **Apache License 2.0** - Compatible permissive license
+* **ISC License** - Compatible permissive license
+* **Public Domain / CC0** - No restrictions on use
+* **WTFPL** - Permissive "do what you want" license
+
+### Incompatible licenses
+
+The following license types are **not** compatible with MIT and cannot be accepted:
+
+* **GPL-only licenses** (GPL v2-only, GPL v3-only) - These licenses require derivative works to also be under GPL, which conflicts with MIT's permissive nature
+* **Copyleft licenses without permissive exceptions** - Licenses that require derivative works to use the same license
+* **Proprietary licenses** - Code that restricts modification or redistribution
+* **Non-commercial licenses** - Any license that restricts commercial use
+
+**Important**: While MIT-licensed code *can* be included in GPL projects (like WordPress plugins), GPL code *cannot* be included in MIT-licensed projects like WP-CLI. The compatibility is one-way.
+
+## Bundling third-party code
+
+When bundling third-party code directly into a WP-CLI package (i.e., copying code into the repository rather than declaring it as a dependency), the code must:
+
+1. **Be licensed under an MIT-compatible license** - See the compatible licenses list above
+2. **Include the original license file or header** - The third-party code's license terms must be preserved
+3. **Maintain copyright notices** - Original copyright notices must remain intact
+4. **Be clearly identified** - It should be clear which code is third-party and where it came from
+
+When in doubt about whether to bundle third-party code, consider using it as a dependency through Composer instead.
+
+## Depending on third-party code
+
+Third-party packages declared as dependencies (through Composer or other package managers) must be licensed under MIT-compatible licenses. This applies to both:
+
+* **Direct dependencies** - Packages explicitly listed in `composer.json`
+* **Transitive dependencies** - Dependencies of your dependencies
+
+### Checking dependency licenses
+
+Before adding a new dependency:
+
+1. Check the dependency's `LICENSE` file or `composer.json` for license information
+2. Verify that all of the dependency's own dependencies are also compatible
+3. Use tools like `composer licenses` to audit the full dependency tree
+
+### Dependency license best practices
+
+* **Prefer MIT or other permissive licenses** - These have the fewest restrictions
+* **Document major dependencies** - Note any dependencies with licenses other than MIT in your package's README
+* **Stay up-to-date** - Dependency licenses can change between versions, so review licenses when updating dependencies
+* **When in doubt, ask** - Reach out to [WP-CLI maintainers](https://github.com/orgs/wp-cli/teams/maintainers) if you're unsure about a license
+
+## Why these requirements?
+
+These licensing requirements ensure that:
+
+1. **WP-CLI remains free and open** - Users can use, modify, and distribute WP-CLI without legal concerns
+2. **Commercial use is permitted** - Companies can use and integrate WP-CLI into their products
+3. **No license conflicts** - All code in the WP-CLI ecosystem is legally compatible
+4. **Simplicity for users** - Users don't need to track multiple license requirements
+
+## Questions?
+
+If you have questions about licensing or need clarification on whether a specific license is compatible, please open an issue or contact the [WP-CLI maintainers](https://github.com/orgs/wp-cli/teams/maintainers).

From 0eb027b89198246ab5ba9203cd35ac3b2371d132 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 2 Nov 2025 15:31:04 +0000
Subject: [PATCH 3/4] Clarify GPL license compatibility and composer commands

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
---
 contributions/licensing.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contributions/licensing.md b/contributions/licensing.md
index 1c281cca..f8f7d68a 100644
--- a/contributions/licensing.md
+++ b/contributions/licensing.md
@@ -21,7 +21,7 @@ The following licenses are compatible with MIT and are acceptable for contributi
 
 The following license types are **not** compatible with MIT and cannot be accepted:
 
-* **GPL-only licenses** (GPL v2-only, GPL v3-only) - These licenses require derivative works to also be under GPL, which conflicts with MIT's permissive nature
+* **Strict GPL licenses** (GPL v2-only, GPL v3-only without "or later" clause) - These licenses require derivative works to also be under GPL, which conflicts with MIT's permissive nature. Note that "GPL v2 or later" and "GPL v3 or later" may have different compatibility considerations.
 * **Copyleft licenses without permissive exceptions** - Licenses that require derivative works to use the same license
 * **Proprietary licenses** - Code that restricts modification or redistribution
 * **Non-commercial licenses** - Any license that restricts commercial use
@@ -52,7 +52,7 @@ Before adding a new dependency:
 
 1. Check the dependency's `LICENSE` file or `composer.json` for license information
 2. Verify that all of the dependency's own dependencies are also compatible
-3. Use tools like `composer licenses` to audit the full dependency tree
+3. Use `composer show -t` to view the dependency tree with license information, or install additional tools like `composer/satis` to run `composer licenses` for detailed license auditing
 
 ### Dependency license best practices
 

From 6de49bbec6913f45496bb90ba51edb670f2b1054 Mon Sep 17 00:00:00 2001
From: Pascal Birchler <pascalb@google.com>
Date: Sun, 2 Nov 2025 17:25:58 +0100
Subject: [PATCH 4/4] Update manifest

---
 bin/handbook-manifest.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bin/handbook-manifest.json b/bin/handbook-manifest.json
index 02f1c1a2..08b7077e 100644
--- a/bin/handbook-manifest.json
+++ b/bin/handbook-manifest.json
@@ -359,6 +359,12 @@
         "markdown_source": "https:\/\/github.com\/wp-cli\/handbook\/blob\/main\/references\/internal-api.md",
         "parent": "references"
     },
+    "licensing": {
+        "title": "Licensing",
+        "slug": "licensing",
+        "markdown_source": "https:\/\/github.com\/wp-cli\/handbook\/blob\/main\/contributions\/licensing.md",
+        "parent": "contributions"
+    },
     "philosophy": {
         "title": "Philosophy",
         "slug": "philosophy",