On Wed, Aug 8, 2012 at 2:13 PM, Chip Childers <chip.child...@sungard.com> wrote: > David (All), > > I'm working through the list on the wiki [1], and have noticed some > interesting differences between the listed license type and the > license included in the JAR that the deps-ctrl branch pulls in. > > Examples: > > JavaMail is listed on the wiki page as being the dual GPL/CDDL license > type. The download [2] only lists CDDLv1 in it's embedded LICENSE > file. > JUnit is listed on the wiki page as being Common Public License. The > download [3] has BSD. Yet the JUnit project site [4] lists it as CPL. > > This presents us with two interesting questions: > > 1 - Should we proceed with incorporating the build changes that David > made in the deps-ctrl branch? If not (which might be tied to the > desire to use Maven instead of this custom Ant dependency download > process), then how do we go about getting that done in the short term > (for our 4.0 release)? >
Well the deps-ctrl work is still a WIP - hopefully it will soon be done. This is a stopgap quite honestly. I don't know anything about maven or gradle, and while this inelegant and ugly, it works and is relatively fast to iterate through. > 2 - Assuming that *some* solution for dependency downloads is > achieved, do we assume that the license contained within the download > is authoritative? I'm pretty sure the answer is yes, but that leads > to a followup question: Do do we note the source download location in > the NOTICE file and the more easily found project homepage? So interesting problem So my reading of this: http://incubator.apache.org/guides/releasemanagement.html#best-practice-license suggests to me that we don't need to add anything to the notice file that we aren't shipping. (this likely means a separate notice file for the convenience build) If we actually get rid of all of the jars in a timely manner, that should make the source notice easy. But if we are actually shipping code then the license contained by the code is authoritative. --David > > Example: > > This product includes JavaMail(TM) API Reference Implementation > (http://www.oracle.com/technetwork/java/javamail/index.html), obtained > from http://repo1.maven.org/maven2/javax/mail/mail/1.4/mail-1.4.jar > under the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0 > > The "obtained from" part is the non-standard portion. > > -chip > > > [1] > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Moving+dependencies+to+ASF+approved+licenses > [2] http://repo1.maven.org/maven2/javax/mail/mail/1.4/mail-1.4.jar > [3] http://repo1.maven.org/maven2/junit/junit/4.10/junit-4.10.jar > [4] http://www.junit.org/license
