commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Kitching <>
Subject Re: [IO] Planning IO 1.4 release
Date Thu, 01 Jan 1970 00:00:00 GMT
---- Jochen Wiedmann <> schrieb:
> On Jan 9, 2008 11:16 PM, Dennis Lundberg <> wrote:
> > No, not in my opinion. We've agreed to disagree on which way to go with
> > this. There are two option, each with its merits and flaws.
> >
> > A) Use maven-remote-resources-plugin
> > B) Keep manually edited files in SVN and copy them manually to the
> > correct places

Sorry to repeat myself again, but I really do not think the maven-remote-resources approach
is even legal. IANAL, but as I understand things, we *must* not use this.

When we release an artifact, we are required:
(a) to acknowledge all copyright holders in the artifact, and
(b) to assert that the aggregated work can be used and redistributed under the terms of the
APL 2.0.

AIUI, we are *not* required to assert either (a) or (b) with regards to dependencies of the
artifact (and we have never done so in the past) [1]. And to do so exposes the ASF to legal
danger if we make a false assertion. Now the way that the maven-remote-resources plugin wanders
through the poms of all dependencies, pulls out data and sticks it in the NOTICE file seems
to me to completely break this; it causes the NOTICE file to contain legal assertions that
we do NOT need to make when releasing an artifact, and it can make false assertions if the
pom it reads from is not right.

Note that distributing a "bundle" (eg things other than just simple jarfiles) is different;
we are talking here about what files go *inside* a jarfile.

I have asked on the legal-discuss list for an expert opinion on this view, but received no
responses, so this is just my untrained opinion.

[1] There is an ASF policy that we should not release artifacts that have mandatory dependencies
on artifacts with incompatible licenses because that might "trap" users into making legal
mistakes. But that is ASF policy, not a legal matter.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message