edgent-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dale LaBossiere (JIRA)" <j...@apache.org>
Subject [jira] [Created] (EDGENT-271) binary-release conform better to license&notice for 3rd party content
Date Mon, 10 Oct 2016 13:50:22 GMT
Dale LaBossiere created EDGENT-271:

             Summary: binary-release conform better to license&notice for 3rd party content
                 Key: EDGENT-271
                 URL: https://issues.apache.org/jira/browse/EDGENT-271
             Project: Edgent
          Issue Type: Task
            Reporter: Dale LaBossiere

In response to review of binary release LICENSE/NOTICE and the reference and content of binary-release-bundled-content:

The info looks good, but it’s not really in line with what is recommend to do [1] If it
put up for an incubator vote, it IMO is likely to pass (given everything else is good) but
is likely to get a few “please fix in next release” comments.

My minor concerns are:
- LICENSE doesn’t include the text of 3rd party licenses but points to another file.
- Some license are referred to by URL, information at that URL can change over time. It’s
best to download and include a copy of that license.
- pointing to content inside a jar required the user to unpack that jar to se ether information.
IMO better to copy all license files into a seperate directory where they can be clearly seen.
- May not be complying with some 3rd party license terms. While the licenses are permissive
most licenses state you need to include the full text of the license in anything you distribute.
- NOTICE refers to the same external file as LICENSE. NOTICE and LICENSE are for different
purposes and in general NOTICE doesn't include licensing information.
- NOTICE may be missing [2] information from bundled ASLv2 software NOTICE files. [2]


1. http://www.apache.org/dev/licensing-howto.html
2. http://www.apache.org/dev/licensing-howto.html#mod-notice

A separate jira has been created for the pi4J issue:

- javax.servlet-api-3.1.0.jar is CDDL-2 and GPL.  
See [4] and https://glassfish.java.net/nonav/public/CDDL+GPL.html <https://glassfish.java.net/nonav/public/CDDL+GPL.html>

- javax.websocket-api-1.0.jar is CDDL-1.1 and GPL-2
See [5] and https://glassfish.java.net/public/CDDL+GPL_1_1.html <https://glassfish.java.net/public/CDDL+GPL_1_1.html>

The above is fine as you can select the license to use from any dual licensed software and
CDDL is category B and is allowed to be used in a convenience binary.

- pi4j-core-1.0.jar is LGPL-3.0
See [6] and http://www.gnu.org/licenses/lgpl.txt <http://www.gnu.org/licenses/lgpl.txt>

This would not be allowed. You could ask VP legal togged permission to make a release if you
going to be removed in the next incubating release.


This message was sent by Atlassian JIRA

View raw message