Thanks Ted for writing Marvin. I think this clarifies things for the LICENSE and NOTICE files.
Since we have to parse anyways the NOTICE files of all direct and transitive ALv2 dependencies for the binary distribution, it probably does not make a big difference in terms of maintenance whether we list them in the LICENSE file or not. Cheers, Till On Tue, Jun 16, 2015 at 7:36 AM Henry Saputra <henry.sapu...@gmail.com> wrote: > Thanks Till, that clears up the confusion I had =) > > On Mon, Jun 15, 2015 at 1:37 AM, Till Rohrmann <trohrm...@apache.org> > wrote: > > Hi Henry, > > > > there are actually two licensing questions and one update for the current > > release going on but all of them are orthogonal and therefore I would > like > > to keep them separate. > > > > The PR [1] which you referred to are the necessary updates for the source > > and binary distribution of the upcoming release. There it's important > that > > maybe another pair of eyes takes a look at it. > > > > Then we have the question whether we have to include a LICENSE and NOTICE > > file in our jars because they contain shaded dependencies. > > > > And last but not least, the question of this thread is whether we want to > > keep the list of Apache-2.0 dependencies in our LICENSE files or not. > Thus, > > let's first discuss and then maybe decide later on this issue here in > this > > thread. > > > > Cheers, > > Till > > > > On Sun, Jun 14, 2015 at 8:03 PM Henry Saputra <henry.sapu...@gmail.com> > > wrote: > > > >> Hi Till, > >> > >> There are several discussions about LICENSE for dependencies happening > >> at the same time so I would like to make sure we merge them into a > >> decision in dev@ list. > >> > >> Is this related to PR https://github.com/apache/flink/pull/830 for > >> updating LICENSE and NOTCE of Flink dependencies? > >> > >> - Henry > >> > >> On Sun, Jun 14, 2015 at 6:28 AM, Maximilian Michels <m...@apache.org> > >> wrote: > >> > Hi Till, > >> > > >> > That's correct, It is not necessary to include Apache 2.0-licensed > >> projects > >> > in the LICENSE file, unless they contain non-Apache 2.0-licensed > code. We > >> > should definitely remove those entries from the LICENSE file. > >> > > >> > Best, > >> > Max > >> > > >> > On Sat, Jun 13, 2015 at 4:51 PM, Aljoscha Krettek < > aljos...@apache.org> > >> > wrote: > >> > > >> >> If it is not against the Apache Guidelines I would vote for removing > >> them. > >> >> I'm always in favour of keeping things simple. > >> >> > >> >> On Fri, 12 Jun 2015 at 18:34 Till Rohrmann <trohrm...@apache.org> > >> wrote: > >> >> > >> >> > Hi guys, > >> >> > > >> >> > I just updated our LICENSE of the binary distribution and noticed > >> that we > >> >> > also list dependencies which are licensed under Apache-2.0. As far > as > >> I > >> >> > understand the ASF guidelines [1], this is not strictly necessary. > >> Since > >> >> it > >> >> > is a lot of work to keep the list up to date, I was wondering > whether > >> we > >> >> > want to remove Apache-2.0 dependencies from this list or not. I > would > >> be > >> >> in > >> >> > favour of this if it does not contradict an ASF policy which I > miss. > >> >> > > >> >> > This might even have another advantage. Currently, we're shading in > >> many > >> >> > modules the Guava and ASM dependency away. Thus their binary data > is > >> >> > contained in nearly every jar we publish on maven. If we wanted to > be > >> >> > consistent with our license policy then we would have to add in > each > >> of > >> >> > these jars a LICENSE/NOTICE file which lists these two > dependencies, > >> IMO. > >> >> > > >> >> > Cheers, > >> >> > Till > >> >> > > >> >> > [1] http://www.apache.org/dev/licensing-howto.html#mod-notice > >> >> > > >> >> > >> >
