directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Legal files goo
Date Fri, 21 Mar 2008 21:18:37 GMT
Shared notes..

asn1 claims to have bouncy castle code in it.  There are some files  
without apache license headers but I don't see any indication on any  
of the files I looked at that they might have come from bouncy  
castle.  I think all the files need apache headers.  I'd be happier  
if the bc files had some indication of that even though the bc  
originals don't.

My interpretation of the bc license is that we just need to include  
the license in LICENSE and no other notice is required.  I'm asking  
the on the geronimo list about other opinions.


I will tackle installers another day...  IIUC I only need to worry  
about apacheds/branches/bigbang, shared/branches/bigbang, installers/ 
branches/bigbang, and project/branches/bigbang

david jencks

On Mar 21, 2008, at 1:14 PM, David Jencks wrote:

> On Mar 21, 2008, at 11:12 AM, Alex Karasulu wrote:
>> Hi David,
>> On Fri, Mar 21, 2008 at 1:40 PM, David Jencks  
>> <> wrote:
>> Thanks to Dan Kulp the new remote-resources bundle consistent with
>> the apparent policy expressed on legal-discuss on the content of
>> LICENSE and NOTICE files has been released so I can update the builds
>> to use them.
>> Great news thanks for following through and keeping us up to date  
>> on this.
>> I need to know:
>> - which builds I should update (branches/bigbang? trunk? which
>> projects?)
>> Bigbang is best.  We'll simple replace the trunks with these  
>> branches instead of merging.
>> - which modules have additional notice requirements beyond the
>> standard apache notice.  This would typically be because we've copied
>> over code from some other (probably non-apache) project that has a
>> NOTICE requirement.
>> I think this information was in those old notice files that were  
>> in subversion.  I don't know anymore off the top of my head.  I  
>> think we probably fixed most of these issues - namely in the  
>> kerberos module of ApacheDS.  Emmanuel might also have a better  
>> memory than I here.  Emm what do you think are we clear here?
>> For the time being can you consult the original NOTICE files in  
>> SVN for this information?
> OK.  From looking at a few they  are very unreliable and seem to  
> take the point of view that some of the dependencies should be  
> listed in the NOTICE file and the licenses for dependencies copied  
> into the LICENSE file.  This is wrong....
> I'll do my best.
> Questions/comments.
> Are there openLDAP files anywhere except schema-bootstrap?  What  
> version of openldap were they derived from?  I've used the license/ 
> copyright notice files from openldap 2.4.8 which may be too recent.
> Does antlr have a runtime component or are we only using the  
> generated parser code directly?  Is antlr used anywhere except in  
> core-plugin?
> These are the only two items I see that require additional NOTICE  
> or LICENSE content.
> I think I recall rumors that there might be copies of jdbm or  
> bouncycastle code somewhere. I haven't found them, so.... if they  
> exist please let me know.
> So far I've just scanned apacheds, not shared or daemons.   
> Distributing bouncycastle jars from apache is a bit iffy due to  
> some peculiar patent issues.  In geronimo we copied the code we  
> needed which did not relate to the patents in order to avoid this  
> issue.  I haven't looked at if/how bouncycastle is actually used or  
> included yet.
> thanks
> david jencks
>> To summarize what we need:
>> each unit likely to be checked out independently needs a LICENSE and
>> NOTICE file in svn
>> everything else (all the maven  generated jars etc) can have a
>> generated LICENSE and NOTICE file.  The NOTICE file needs to be  
>> minimal.
>> In geronimo I also set up some stuff that made it easier for me to
>> stage release candidates and maven generated site release
>> candidates.  I'll look into whether I think this kind of stuff would
>> be appropriate for apacheds when I look at the legal files setup.
>> That's great Dave thanks!
>> Alex

View raw message