On Wed, 2010-03-17 at 23:32 -0500, Paul Querna wrote:
> > Lack of java-devness showing: Can't the -bin tarball just include
> the
> > 'ivy-retrieve' step pre-done?
> >
> > At least then everyone will test the same -bin, significantly
> reducing
> > the lack of trusted path in problems 1 & 2.
> >
>
> Sorry, forgot to finish with bits about the legal parts.
>
> Most (all?) the language about NOTICE and LICESE files is specifically
> related to the source distribution, not the release artifacts -- as
> long as anyone else can get the same binary artifacts from the source
> that was voted on, what is actually contained in the binary artifacts
> is much less concerning, as long as we do respect the licenses of the
> things we include.
I would love for this to be OK, but I'm skeptical that it is. Both the
BSD and AL licenses explicitly state that you must include license and
attribution when redistributing ("in Source or Object form").
> C-dev-world: We build win32 binaries using msvc. We distribute them,
> even distribute mod_ssl, which has a large dependency on OpenSSL, but
> AFAIK we don't go around appending the entire OpenSSL License to the
> httpd's LICENSE or NOTICE files?
But you aren't actually shipping OpenSSL (in source or binary) are you?
mod_ssl is only linked against OpenSSL?
--
Eric Evans
eev...@rackspace.com
