---- Jochen Wiedmann <[EMAIL PROTECTED]> schrieb:
> On Jan 9, 2008 11:16 PM, Dennis Lundberg <[EMAIL PROTECTED]> wrote:
> 
> > No, not in my opinion. We've agreed to disagree on which way to go with
> > this. There are two option, each with its merits and flaws.
> >
> > A) Use maven-remote-resources-plugin
> > B) Keep manually edited files in SVN and copy them manually to the
> > correct places

Sorry to repeat myself again, but I really do not think the 
maven-remote-resources approach is even legal. IANAL, but as I understand 
things, we *must* not use this.

When we release an artifact, we are required:
(a) to acknowledge all copyright holders in the artifact, and
(b) to assert that the aggregated work can be used and redistributed under the 
terms of the APL 2.0.

AIUI, we are *not* required to assert either (a) or (b) with regards to 
dependencies of the artifact (and we have never done so in the past) [1]. And 
to do so exposes the ASF to legal danger if we make a false assertion. Now the 
way that the maven-remote-resources plugin wanders through the poms of all 
dependencies, pulls out data and sticks it in the NOTICE file seems to me to 
completely break this; it causes the NOTICE file to contain legal assertions 
that we do NOT need to make when releasing an artifact, and it can make false 
assertions if the pom it reads from is not right.

Note that distributing a "bundle" (eg things other than just simple jarfiles) 
is different; we are talking here about what files go *inside* a jarfile.

I have asked on the legal-discuss list for an expert opinion on this view, but 
received no responses, so this is just my untrained opinion.

[1] There is an ASF policy that we should not release artifacts that have 
mandatory dependencies on artifacts with incompatible licenses because that 
might "trap" users into making legal mistakes. But that is ASF policy, not a 
legal matter.

Regards,

Simon

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to