chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller <florian.muel...@alfresco.com>
Subject Re: Validation of release packages
Date Thu, 09 Sep 2010 13:17:15 GMT
Hi,

Gab and my interpretation of the Apache third-party rules [1] is that 
all dependencies with Category B licences have to be mentioned in the 
NOTICE files with a link to the source code.

We have a bunch of CDDL dependencies. The names and links are already in 
the DEPENDENCIES files. We think copying the CDDL entries to NOTICE 
files should sufficient.


Any comments? Experts?


- Florian

[1] http://www.apache.org/legal/3party.html



On 08/09/2010 14:59, Nick Burch wrote:
> On Wed, 1 Sep 2010, Gabriele Columbro wrote:
>> One question to conclude: referring to Nick's comments at [4], do you
>> think we should have anything else in NOTICE for all packages? In
>> other words, which of the licenses mentioned in the various
>> DEPENDENCIES files actually require a NOTICE?
>
> The NOTICE file should contain as little as possible. Everything else
> should go in DEPENDENCIES, a readme, the website etc
>
> The reason for this is that every downstream user has to include
> everything in our NOTICE file in their own notices. So, we want it to
> include all the required notices of our upstream dependencies, along
> with our own notice. However, we don't want to full the NOTICE file up
> with things that aren't required, as we don't want to burden our users!
>
> To review the NOTICE files, take a look at what's in there, and compare
> that to the dependencies list (which is hopefully correct, since maven
> generated it!). The notice file should have our notice in it, and after
> that any dependency ones. If a dependency is under a license that
> requires a notice, it should be there. (If not, it shouldn't. The main
> apache 3rd party licenses page may give some help on this)
>
> Does this make sense to everyone?
>
> Nick


Mime
View raw message