directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <>
Subject Re: Release fo shared
Date Sun, 13 Feb 2011 00:40:51 GMT
Comments on line
> Thanks.
> I'm not sure when those notices should/must be added.

Let's try to figure out...
> It's clear, when distributing a binary distribution (e.g.
> where third-party dependencies are included that the
> licenses and notices of those third-party dependencies have to be
> added.

> But is the attribution also required in the JARs (both, binary or
> source, there in META-INF/LICENSE and META-INF/NOTICE) that are
> distributed via maven?

> I see the following different cases:
> 1) In shared-ldap-model we use Antlr to generate Java files. So I
> think in the distributed shared-ldap-model-X.Y.Z.jar the Antlr
> attribution is required.
> 2) The common case that a 3rd-party libary is used/linked in main code
> (e.g. dom4j or slf4j). Our distributed JAR only contains our
> .java/.class files. The third-party jar is not redistributed. The
> dom4j and slf4j licenses say that attribution is required in case the
> software is 'used'. Does 'use' already include the case that their
> classes are linked? But in that case we
As soon as we distribute something which makes necessary to include a 
thrid party jar, I think we should also include the 3rd party licenses.

Remember that we release *sources*, not binaries. Binaries are just 
generated for convenience. But in any case, we release in order for 
users to be able to get our packages, and use them in their own 
products. Somehow, we have to make them safe when doing so, that means 
include the mandatory licenses and notice to spare the the burden to do so.

At least, this is how I understand the way we should do things at the ASF...

> 3) Similar like 2, but the 3rd-party is only used as test dependency
> (like junit). Here the code is not distributed at all.
Still, we distribute sources, which means tests, and users should be 
able to build the project by downloading our sources. That include 
tests. Of course, we don't distribute the associated jars (I was 
thinking about findbugs), so in this case, we are not forced to inject 
the associated license. Tests are supposed to be run using Maven, 
pointing to external dependencies we *don't* provide. However, I still 
think it's safe to add a reference to the used libs in the NOTICE.

> 4) 3rd-party source code is included (e.g. in apacheds/jdbm or in
> junit-addons). Here it is clear that attribution is required.

Note that this is my perception of the way we should handle those 
license/notice thingy. I may be wrong...

Hope it helps...

Emmanuel L├ęcharny

View raw message