activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Legal goo problems
Date Fri, 28 Mar 2008 23:04:53 GMT
In my hopefully finite-length effort to get a 4.1.2 release out I've  
been looking a little bit at the LICENSE and NOTICE files in the 4.1  
branch and trunk and think many of them have big problems.

Current thinking expressed on the legal-discuss is that:

A source code unit expected to be checked out from svn needs LICENSE  
and NOTICE files in svn at the root of the checkout.  These files  
should apply exactly to the source code checked out, and not include  
any language only appropriate for dependencies that may be needed to  
build or run the software.  These are the only LICENSE and NOTICE  
files that need to be actually present in svn.

Each artifact distributed needs a LICENSE and NOTICE file.  These may  
be hardcoded in svn or generated.  These files should accurately  
describe the license(s) and required notices of what is actually in  
the distribution unit (e.g. jar, war, tar.bz2) and not describe  
anything not included that might be necessary to use the software.

Artifacts can also have descriptions of dependencies needed to use  
the software but these descriptions should not be in the LICENSE or  
NOTICE files.

so....

Looking around there are 2 problems:
- some of the LICENSE and possibly NOTICE files look like they have  
generally large amounts of text appropriate for dependencies, not  
what they actually apply to
- some LICENSE files are decidedly incomplete.  For instance the  
activemq-web-console includes all the sun jaxb jars but no CDDL  
license.  The trunk root LICENSE.txt file doesn't include the  
licenses for the javascript in the activemq-web-console.

Possible solutions....

The root LICENSE and NOTICE files have to be fixed by hand AFAIK.   
All the others can be generated using the maven-remote-resources  
plugin.  Thanks to Dan Kulp the latest apache resource bundle  
actually generates stuff compliant with the apparent policy.  What  
needs to happen is that modules that have extra LICENSE or NOTICE  
requirements need the extra stuff to be put into

src/main/appended-resources/META-INF/LICENSE and src/main/appended- 
resources/META-INF/NOTICE

I can help with setting this up but I don't know what code might need  
such extra legal goo.  If I'm going to be able to help I'd need  
accurate information on this.

There's also a geronimo maven plugin that can verify that legal files  
are present in all the artifacts you build (jar, war, javadoc,  
source, etc).  I think it's a big help in release auditing to include  
this plugin in the regular build to  catch problems early.

thanks
david jencks


Mime
View raw message