TLDR: //third_party: The repository where we check in all non-Google code, binaries, and data.

NOTE: To make terminology simple, we’ll use the word “code” below. However, process wise, it applies equally well to third-party binaries and data that need to be checked in.

What and why?

Using third-party code saves time and is consistent with our values. To use any third-party code, we import it and place its source into //third_party, which is a special repository designed specifically to house all open source code used by //piper/.../google3 projects at Google. Placing all third-party code into the same repository allows us to easily find all uses of third-party code by a project, and thus to comply with any license requirements the third-party code has.

All non-Google or open source code and data goes into //third_party

The //third_party/ subdirectory is the master directory for all code that is not 100% owned by Google. All third-party code, whether received under an open source or proprietary license, is kept in third_party.

Google-owned open source projects must be moved to third_party at the time of being released under an open source license, immediately prior to release, even if Google owns 100% of the code, because the projects are expected to receive external contributions.

Google owned means code Google owns the copyright to. This means:

  • Code contributed to Google under a Google Contributor Agreement is not Google-owned, as that agreement does not assign copyright.

  • Code, tools, libraries, or protocols that are open source, free software, or under proprietary licenses must be in //third_party.

    WARNING: Please keep in mind that some code is only available under licenses that make it unsuitable for use at Google. Such code cannot be used at Google or checked into //third_party.

  • A library you wrote for your Ph.D. thesis, or code you wrote at your last job, or code you found on StackOverflow, or code you found in a textbook (it can have surprising conditions!), all need to be in //third_party.

  • Data other than source code, including precompiled binaries and libraries, WSDL, XML, XSD, and anything else that you might not consider “code” falls under this restriction. If it’s going into source control, and Google doesn’t own the copyright, it needs to follow this policy. In the remainder of this document, when we refer to “code,” assume we are also talking about whatever kind of data you were thinking about.

  • Google modifications of third-party code go into //third_party.

If you think these situations don’t apply to you, please email emailremoved@.

IMPORTANT: These rules also apply to code in //experimental — you may not check in code authored outside Google into //experimental.

//third_party makes it easy to examine all non-Google code

We respect other people’s rights, both in letter and spirit. When we ship a new product, we need to examine non-Google code to make sure we’re complying with the authors’ licenses.

It’s also useful for determining how we treat the code. Tools we run to enforce Google-style (i.e., code formatters) should ignore non-Google code. When there’s a security warning about non-Google code, we want to scan all non-Google code to find problems.

All these are easier when non-Google code is in one place instead of spread throughout the codebase. Hence, //third_party. //third_party also makes life easier for OSPO, which means we have more time to help you.

Except as otherwise noted, the content of this page is licensed under CC-BY-4.0 license. Third-party product names and logos may be the trademarks of their respective owners.