Yes
Most weak-copyleft licenses (including Common Development and Distribution License 1.0) are designed to combine with GPL-family ones. Verify the specific weak-copyleft license version against GNU General Public License v2.0's compatibility list (FSF maintains an authoritative one).
| License | Family | Patent grant |
|---|---|---|
| Common Development and Distribution License 1.0 (CDDL-1.0) | weak-copyleft | Yes |
| GNU General Public License v2.0 (GPL-2.0) | strong-copyleft | No (implicit at most) |
Common Development and Distribution License 1.0: File-level copyleft, similar in spirit to MPL.
GNU General Public License v2.0: Strong copyleft: derivative works distributed must also be GPL-2.0.
If you found this page because you're trying to figure out whether shipping a particular dependency is safe, the answer above is a starting point — not a substitute for reading the actual licenses or talking to a lawyer when stakes are high.
LicenseHound walks every transitive dependency in your repo, maps each to its SPDX license, and flags pairs like this one in PR comments. The CLI is free; the team dashboard is paid.