On 5/24/12 8 :09AM, "Bertrand Delacretaz" <bdelacre...@apache.org> wrote:
>Hi, > >On Fri, May 18, 2012 at 9:41 PM, Carol Frampton <cfram...@adobe.com> >wrote: >... >> 1. If we incorporate code into our project that is from another >>Apache project covered by an Apache v2 license do we still call out that >>we've taken the code or does the Apache license at the top of the >>LICENSE file cover all Apache code, not just Flex code? >... >> 2. Same question, but we're incorporating code covered by an Apache >>1.1 license. >... > >By "incorporate code", do you mean forking another Apache project in Flex? > >If yes, Flex should IMO change package names of those project's >classes to avoid confusion. Best is of course to contribute any >required patches to those projects and work with them to have releases >of that, but if that's really not possible and the forked code will be >released by Flex, Flex must make it clear that the code is not the >original. > >Best way to do that is probably to change the package names, something >like o.a.flex.forks.batik for batik code for example. Prior to today we were downloading the batik sources (1.6 which is old) and applying our changes on top and building a new jar called batik-all-flex.jar. I believe way back when the Flex group did look into contributing these changes back but for whatever reason it was decided not to - I think because the changes are messy. I just checked in all the batik 1.6 source code with our changes merged in and renamed the package as you suggested. I was very surprised to find a lib directory in the batik source package full of jars. I checked the newest batik src package and they are still there. I am so confused. I thought binaries aren't allowed in source packages. Carol > >> 3. Many of the jars we use have their own LICENSE and NOTICE files. >>Right now they are all in the lib directory right next to their jar. >>I've seen other projects put them all in a legal, LICENSE or NOTICE >>directory. What is the proper way to organize these and how do you >>refer to them in the Apache Flex LICENSE file? >... > >Jar files are binary dependencies, we don't release them, so they >don't need to be mentioned in the LICENSE or NOTICE file. > >OTOH, it's good to make it clear what the license of required >dependencies are - Stanbol for example does a nice thing with a >DEPENDENCIES-BY-LICENSE file that's generated with the >license-maven-plugin, dunno if there's an equivalent for an ant build. >You can see how that's setup at >http://svn.apache.org/repos/asf/incubator/stanbol/branches/0.9.0-incubatin >g/parent/pom.xml >and the result in the Stanbol release at >http://apache.org/dist/incubator/stanbol/ > >> ...4. If we include a jar that includes other stuff and has NOTICES >>and LICENSES from its dependencies to we pull them all up into our >>LICENSE? I've seen lots of questions about this and I still don't >>understand what the right way to do this is. >... > >We don't include jars - an Apache release consists of source code only. > >If Flex wants to provide a convenience package of binary dependencies, >that's possible but does not have much to do with the actual release >process. > >From the release point of view, what's required is that: > >-The LICENSE and NOTICE files match the source code that's being released > >-All required dependencies have compatible licenses as per >http://apache.org/legal/resolved.html > >-Users can easily find out what those compatible licenses are > >The idea with not including binaries is that you can't realistically >trust a binary that you didn't build yourself. It's not common in the >Java world to build all your dependencies from trusted source, but >that's really what people should do if they want to be sure what >they're running. > >> ...If you know of any projects that you think are good examples I would >>be happy to take a look. Last time I tried to look >> for examples I didn't find a consistent way of doing things so I >>couldn't tell what was the preferred way. > >The best example is probably >http://svn.apache.org/repos/asf/httpd/httpd/trunk > >-Bertrand
