Hi Henry, there are actually two licensing questions and one update for the current release going on but all of them are orthogonal and therefore I would like to keep them separate.
The PR [1] which you referred to are the necessary updates for the source and binary distribution of the upcoming release. There it's important that maybe another pair of eyes takes a look at it. Then we have the question whether we have to include a LICENSE and NOTICE file in our jars because they contain shaded dependencies. And last but not least, the question of this thread is whether we want to keep the list of Apache-2.0 dependencies in our LICENSE files or not. Thus, let's first discuss and then maybe decide later on this issue here in this thread. Cheers, Till On Sun, Jun 14, 2015 at 8:03 PM Henry Saputra <henry.sapu...@gmail.com> wrote: > Hi Till, > > There are several discussions about LICENSE for dependencies happening > at the same time so I would like to make sure we merge them into a > decision in dev@ list. > > Is this related to PR https://github.com/apache/flink/pull/830 for > updating LICENSE and NOTCE of Flink dependencies? > > - Henry > > On Sun, Jun 14, 2015 at 6:28 AM, Maximilian Michels <m...@apache.org> > wrote: > > Hi Till, > > > > That's correct, It is not necessary to include Apache 2.0-licensed > projects > > in the LICENSE file, unless they contain non-Apache 2.0-licensed code. We > > should definitely remove those entries from the LICENSE file. > > > > Best, > > Max > > > > On Sat, Jun 13, 2015 at 4:51 PM, Aljoscha Krettek <aljos...@apache.org> > > wrote: > > > >> If it is not against the Apache Guidelines I would vote for removing > them. > >> I'm always in favour of keeping things simple. > >> > >> On Fri, 12 Jun 2015 at 18:34 Till Rohrmann <trohrm...@apache.org> > wrote: > >> > >> > Hi guys, > >> > > >> > I just updated our LICENSE of the binary distribution and noticed > that we > >> > also list dependencies which are licensed under Apache-2.0. As far as > I > >> > understand the ASF guidelines [1], this is not strictly necessary. > Since > >> it > >> > is a lot of work to keep the list up to date, I was wondering whether > we > >> > want to remove Apache-2.0 dependencies from this list or not. I would > be > >> in > >> > favour of this if it does not contradict an ASF policy which I miss. > >> > > >> > This might even have another advantage. Currently, we're shading in > many > >> > modules the Guava and ASM dependency away. Thus their binary data is > >> > contained in nearly every jar we publish on maven. If we wanted to be > >> > consistent with our license policy then we would have to add in each > of > >> > these jars a LICENSE/NOTICE file which lists these two dependencies, > IMO. > >> > > >> > Cheers, > >> > Till > >> > > >> > [1] http://www.apache.org/dev/licensing-howto.html#mod-notice > >> > > >> >
