activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiram Chirino" <>
Subject Re: Legal goo problems
Date Mon, 31 Mar 2008 20:12:36 GMT
On Fri, Mar 28, 2008 at 7:04 PM, David Jencks <> wrote:
> In my hopefully finite-length effort to get a 4.1.2 release out I've
>  been looking a little bit at the LICENSE and NOTICE files in the 4.1
>  branch and trunk and think many of them have big problems.
>  Current thinking expressed on the legal-discuss is that:
>  A source code unit expected to be checked out from svn needs LICENSE
>  and NOTICE files in svn at the root of the checkout.  These files
>  should apply exactly to the source code checked out, and not include
>  any language only appropriate for dependencies that may be needed to
>  build or run the software.  These are the only LICENSE and NOTICE
>  files that need to be actually present in svn.
>  Each artifact distributed needs a LICENSE and NOTICE file.  These may
>  be hardcoded in svn or generated.  These files should accurately
>  describe the license(s) and required notices of what is actually in
>  the distribution unit (e.g. jar, war, tar.bz2) and not describe
>  anything not included that might be necessary to use the software.
>  Artifacts can also have descriptions of dependencies needed to use
>  the software but these descriptions should not be in the LICENSE or
>  NOTICE files.
>  so....
>  Looking around there are 2 problems:
>  - some of the LICENSE and possibly NOTICE files look like they have
>  generally large amounts of text appropriate for dependencies, not
>  what they actually apply to

What do you mean by "not what they actually apply to"?

>  - some LICENSE files are decidedly incomplete.  For instance the
>  activemq-web-console includes all the sun jaxb jars but no CDDL

Ah lets add that asap.

>  license.  The trunk root LICENSE.txt file doesn't include the
>  licenses for the javascript in the activemq-web-console.

All those bits are in the distro NOTICE I think.

>  Possible solutions....
>  The root LICENSE and NOTICE files have to be fixed by hand AFAIK.
>  All the others can be generated using the maven-remote-resources
>  plugin.  Thanks to Dan Kulp the latest apache resource bundle
>  actually generates stuff compliant with the apparent policy.  What
>  needs to happen is that modules that have extra LICENSE or NOTICE
>  requirements need the extra stuff to be put into
>  src/main/appended-resources/META-INF/LICENSE and src/main/appended-
>  resources/META-INF/NOTICE
>  I can help with setting this up but I don't know what code might need
>  such extra legal goo.  If I'm going to be able to help I'd need
>  accurate information on this.

This sounds like a good plan.  Perhaps we should dissect the current
LICENSE and NOTICE distro files since that what got all the attention
last time we reviewed the release legal bits.

>  There's also a geronimo maven plugin that can verify that legal files
>  are present in all the artifacts you build (jar, war, javadoc,
>  source, etc).  I think it's a big help in release auditing to include
>  this plugin in the regular build to  catch problems early.

Sounds good.

>  thanks
>  david jencks



Open Source SOA

View raw message