---- Jochen Wiedmann <[EMAIL PROTECTED]> schrieb: > On Jan 9, 2008 11:16 PM, Dennis Lundberg <[EMAIL PROTECTED]> wrote: > > > No, not in my opinion. We've agreed to disagree on which way to go with > > this. There are two option, each with its merits and flaws. > > > > A) Use maven-remote-resources-plugin > > B) Keep manually edited files in SVN and copy them manually to the > > correct places
Sorry to repeat myself again, but I really do not think the maven-remote-resources approach is even legal. IANAL, but as I understand things, we *must* not use this. When we release an artifact, we are required: (a) to acknowledge all copyright holders in the artifact, and (b) to assert that the aggregated work can be used and redistributed under the terms of the APL 2.0. AIUI, we are *not* required to assert either (a) or (b) with regards to dependencies of the artifact (and we have never done so in the past) [1]. And to do so exposes the ASF to legal danger if we make a false assertion. Now the way that the maven-remote-resources plugin wanders through the poms of all dependencies, pulls out data and sticks it in the NOTICE file seems to me to completely break this; it causes the NOTICE file to contain legal assertions that we do NOT need to make when releasing an artifact, and it can make false assertions if the pom it reads from is not right. Note that distributing a "bundle" (eg things other than just simple jarfiles) is different; we are talking here about what files go *inside* a jarfile. I have asked on the legal-discuss list for an expert opinion on this view, but received no responses, so this is just my untrained opinion. [1] There is an ASF policy that we should not release artifacts that have mandatory dependencies on artifacts with incompatible licenses because that might "trap" users into making legal mistakes. But that is ASF policy, not a legal matter. Regards, Simon --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]