To summarize: 1. Your PR changes are necessary. Thanks for doing it.
2. The consensus (PR comments + ML) is to skip other Apache licensed dependencies. 3. Shaded Jars need LICENSE and NOTICE in META-INF. Let's wrap this up today and get it out of the way of the release. :-) – Ufuk On 15 Jun 2015, at 10:37, Till Rohrmann <trohrm...@apache.org> wrote: > Hi Henry, > > there are actually two licensing questions and one update for the current > release going on but all of them are orthogonal and therefore I would like > to keep them separate. > > The PR [1] which you referred to are the necessary updates for the source > and binary distribution of the upcoming release. There it's important that > maybe another pair of eyes takes a look at it. > > Then we have the question whether we have to include a LICENSE and NOTICE > file in our jars because they contain shaded dependencies. > > And last but not least, the question of this thread is whether we want to > keep the list of Apache-2.0 dependencies in our LICENSE files or not. Thus, > let's first discuss and then maybe decide later on this issue here in this > thread. > > Cheers, > Till > > On Sun, Jun 14, 2015 at 8:03 PM Henry Saputra <henry.sapu...@gmail.com> > wrote: > >> Hi Till, >> >> There are several discussions about LICENSE for dependencies happening >> at the same time so I would like to make sure we merge them into a >> decision in dev@ list. >> >> Is this related to PR https://github.com/apache/flink/pull/830 for >> updating LICENSE and NOTCE of Flink dependencies? >> >> - Henry >> >> On Sun, Jun 14, 2015 at 6:28 AM, Maximilian Michels <m...@apache.org> >> wrote: >>> Hi Till, >>> >>> That's correct, It is not necessary to include Apache 2.0-licensed >> projects >>> in the LICENSE file, unless they contain non-Apache 2.0-licensed code. We >>> should definitely remove those entries from the LICENSE file. >>> >>> Best, >>> Max >>> >>> On Sat, Jun 13, 2015 at 4:51 PM, Aljoscha Krettek <aljos...@apache.org> >>> wrote: >>> >>>> If it is not against the Apache Guidelines I would vote for removing >> them. >>>> I'm always in favour of keeping things simple. >>>> >>>> On Fri, 12 Jun 2015 at 18:34 Till Rohrmann <trohrm...@apache.org> >> wrote: >>>> >>>>> Hi guys, >>>>> >>>>> I just updated our LICENSE of the binary distribution and noticed >> that we >>>>> also list dependencies which are licensed under Apache-2.0. As far as >> I >>>>> understand the ASF guidelines [1], this is not strictly necessary. >> Since >>>> it >>>>> is a lot of work to keep the list up to date, I was wondering whether >> we >>>>> want to remove Apache-2.0 dependencies from this list or not. I would >> be >>>> in >>>>> favour of this if it does not contradict an ASF policy which I miss. >>>>> >>>>> This might even have another advantage. Currently, we're shading in >> many >>>>> modules the Guava and ASM dependency away. Thus their binary data is >>>>> contained in nearly every jar we publish on maven. If we wanted to be >>>>> consistent with our license policy then we would have to add in each >> of >>>>> these jars a LICENSE/NOTICE file which lists these two dependencies, >> IMO. >>>>> >>>>> Cheers, >>>>> Till >>>>> >>>>> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice >>>>> >>>> >>
