Hi Sebb,
2013/4/17 sebb <seb...@gmail.com> > > > > > We had long discussions about the content of the NOTICE files. We > followed > > as much as possible the guidelines on the ASF websites (which are > sometimes > > a bit contradictory) > > > Please can you advise where the contradictions are so they can be sorted > out? > Yes, sure. There are currently the following documents (at least the ones I am aware of) that are somehow related to LICENSE and NOTICE: 1. http://www.apache.org/dev/licensing-howto.html 2. http://www.apache.org/legal/3party.html 3. http://www.apache.org/legal/src-headers.html 4. http://incubator.apache.org/guides/releasemanagement.html#best-practice-license While similar in the most important issues, all four documents vary in some of the details. For example: - The section "NOTICE file" in [3] says that "The NOTICE file may also include copyright notices moved from source files submitted to the ASF". The 3rd party Javascript files we include are "submitted to the ASF", but they are often under MIT license and therefore category A in [2]. If I read the document correctly, category A only requires to include notices if a NOTICE file is contained in the product. According to [1], MIT and New BSD even can have a reduced entry in LICENSE. [4] says, however, that "All the licenses on all the files to be included within a package should be included in the LICENSE document. " - for dependencies of category B, [2] specifies that "Although the source must not be included in Apache products, the NOTICE file, which is required to be included in each ASF distribution, must point to the source form of the included binary (more on that in the forthcoming "Receiving and Releasing Contributions" document).", a fact that is not mentioned in any of the other documents. - The labelling requirement "source access" in [2] requires that the NOTICE file contains pointers to the location of the source code for any 3rd party library that is bundled in a binary distribution (not only category B). [1] on the other hand does not mention this requirement and says that everything that is not legally necessary does not belong into NOTICE. - [1] says that NOTICE must only include notices not satisfied by "licensing information embedded within the dependency subtree". [2] says "Users of Apache products must be provided with all licensing terms applicable to any part of the product and must be given prominent notice" as fourth guiding principle (emphasis on *prominent*, which for me means not somewhere in the dependency subtree) Maybe "contradictory" was too strong a word. But all the four documents are incomplete in the guidance they provide. What I found very helpful, though, are the 4 guiding principles mentioned in [2]. Also very helpful was looking at how other projects are doing it, in particular we looked at SOLR and Geronimo, as they are also web frameworks bundling many different libraries. For example, SOLR has a very extensive NOTICE file: http://svn.apache.org/repos/asf/lucene/dev/trunk/solr/NOTICE.txt For future podlings, what would be very helpful is to improve the document [1] as a "single point of guidance" that collects all the information from the other documents (if it is correct). In particular, best practices for different types of projects would also help a lot, especially to people who are not legal experts (like me). Because apparently, many of the top level projects (like SOLR) are not really best practices. What would also help is to give more understanding what a notice actually means. For example, if I understand correctly, the Apache License, when used by 3rd party libraries, always requires notice. How can I see whether other licenses also require this notice? As an example, consider the MIT license. It explicitly says "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.". Does this mean that a copyright notice must go into the NOTICE file (under guiding principle number 4 I would read it like "yes")? If so, then there is a contradiction with [1]. > > > > and also the examples of several other well-known > > Apache projects that are of similar nature (e.g. Apache SOLR also has > > similar NOTICE files, likewise ODE and Geronimo). See e.g. the original > > discussion [1] and the refinements we did after the recommendations of > our > > mentors [2]. > > > > > From Marvin's recent post in another VOTE thread: > > The ASF now has documentation which describes a formulaic approach to > creating > LICENSE and NOTICE. If you follow the recipe, you should be OK. > > http://www.apache.org/dev/licensing-howto.html We followed this document very closely (I can almost recite it in my sleep). If the recipe was complete, yes :-) But recipes typically do not contain sentences like "NOTICE is reserved for a certain subset of legally required notifications". :-P Thanks for checking, BTW. From your point of view, is the NOTICE and LICENSE we have for Marmotta too extensive? Where and how could it be improved? Greetings, Sebastian
