Hi, > Since binary packages are not an act of the foundation, other than the > explicit > statement that LICENSE and NOTICE must match the contents of the binary > package, I can’t imagine that it puts the foundation at risk if we guess > wrong about packaging external jars that are otherwise open source or if > we ask too many or too few questions during the install about the open > source licenses for those jars.
I'm really not sure that is correct, from [1]: "What applies to canonical source distributions also applies to all redistributions, including binary redistributions:" and "Any redistribution must obey the licensing requirements of the contents." We can't ignore the licensing requirements of bundled jar just because it's a binary release. Asking too many questions is not a major issue as the minimal licensing requirements have been met, but asking too few is a licensing error and needs to be corrected before we can release. Thanks, Justin 1. http://www.apache.org/dev/licensing-howto.html#binary
