Hi, Matthieu,
It sounds like you folks are trying hard to get this right -- kudos!
On Wed, Apr 3, 2013 at 11:10 AM, Matthieu Morel <mmo...@apache.org> wrote:
> 1/ about the content of LICENSE and NOTICE, is the following correct?
>
> - in the LICENSE file of the binary distribution, in addition to references
> to non-ASL included dependencies (already there), we need to reference all
> included dependencies that use ASL2, with the following statement: "The
> Apache License, Version 2.0 applies to the following libraries: A, B, C"
I haven't reviewed the release candidate, but that description sounds fine.
Some might argue that it's not necessary, but it doesn't hurt -- and if one of
those libraries ever changes its license, the discrepancy should serve as a
red flag for you to review and fix.
> - in the NOTICE file of the binary distribution, we add notices that
> dependency libraries explicitly ask for. That is already done and no
> change is required.
That also sounds correct, assuming that your interpretation of "notices that
the dependency libraries explicitly ask for" and what the dependency licenses
actually require are in harmony. :) Hopefully the Licensing How-to gives you
enough information to guide your choices. For BSD-3, MIT, and ALv2
dependencies, the requirements are reasonably straightforward.
http://www.apache.org/dev/licensing-howto.html#permissive-deps
The NOTICE requirements for other licenses are not yet documented by Apache
Legal Affairs; this is an area where the ASF needs to do some work, so that
our PMCs and PPMCs don't have to pore over licenses making judgment calls.
> 2/ about the inclusion of the gradle wrapper jar + script in the source
> distribution:
>
> We currently use gradle for building the project. Gradle provides a basic
> wrapper script so that the project can be built without installing gradle
> beforehand. That is why we include the script + wrapper lib.
> http://www.apache.org/legal/resolved.html#build-tools says that specific
> [build] tools have been OK'ed for inclusion in Apache distribution when used
> for that specific purpose [of building].
>
> Should we exclude the gradle wrapper from our distribution?
Since Gradle appears to be under the Apache License 2.0, the section on the
"build tools" doesn't really come into play. That passage refers to certain
tools with licenses which would ordinarily raise concerns.
The rationale for not including the gradle wrapper jar file in the canonical
source distribution is that a jar file is not source code. There was a
discussion on this topic in March 2012 on general@; here's ASF Board member
Roy Fielding:
http://markmail.org/message/a4kbf33vn57dkz2j
Class files are not open source. Jar files filled with class files are not
open source. The fact that they are derived from open source is applicable
only to what we allow projects to be dependent upon, not what we vote on
as a release package. Release votes are on verified open source artifacts.
Binary packages are separate from source packages. One cannot vote to
approve a release containing a mix of source and binary code because the
binary is not open source and cannot be verified to be safe for release
(even if it was derived from open source).
Feel free to bundle ALv2 tools with the binary redistribution, or in a
separate `-deps` package, though.
Marvin Humphrey
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
