edgent-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dale LaBossiere (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (EDGENT-271) binary-release conform better to license&notice for 3rd party content
Date Fri, 11 Nov 2016 17:49:58 GMT

    [ https://issues.apache.org/jira/browse/EDGENT-271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15657634#comment-15657634
] 

Dale LaBossiere commented on EDGENT-271:
----------------------------------------

I believe all of the noted concerns have been addressed via https://github.com/apache/incubator-edgent/pull/234
merge to release1.0.0

The binary-release's LICENSE and NOTICE contain pointers to files (under licenses) containing
the component's actual/full license and notice info.

The pi4j issue was previously addressed - the jar has been removed

> binary-release conform better to license&notice for 3rd party content
> ---------------------------------------------------------------------
>
>                 Key: EDGENT-271
>                 URL: https://issues.apache.org/jira/browse/EDGENT-271
>             Project: Edgent
>          Issue Type: Task
>            Reporter: Dale LaBossiere
>            Assignee: Dale LaBossiere
>             Fix For: Apache Edgent 1.0.0
>
>
> In response to review of binary release LICENSE/NOTICE and the reference and content
of binary-release-bundled-content:
> The info looks good, but it’s not really in line with what is recommend to do [1] If
it put up for an incubator vote, it IMO is likely to pass (given everything else is good)
but is likely to get a few “please fix in next release” comments.
> My minor concerns are:
> - LICENSE doesn’t include the text of 3rd party licenses but points to another file.
> - Some license are referred to by URL, information at that URL can change over time.
It’s best to download and include a copy of that license.
> - pointing to content inside a jar required the user to unpack that jar to se ether information.
IMO better to copy all license files into a seperate directory where they can be clearly seen.
> - May not be complying with some 3rd party license terms. While the licenses are permissive
most licenses state you need to include the full text of the license in anything you distribute.
> - NOTICE refers to the same external file as LICENSE. NOTICE and LICENSE are for different
purposes and in general NOTICE doesn't include licensing information.
> - NOTICE may be missing [2] information from bundled ASLv2 software NOTICE files. [2]
> Thanks,
> Justin
> 1. http://www.apache.org/dev/licensing-howto.html
> 2. http://www.apache.org/dev/licensing-howto.html#mod-notice
> -----------------------------------------------
> A separate jira has been created for the pi4J issue:
> - javax.servlet-api-3.1.0.jar is CDDL-2 and GPL.  
> See [4] and https://glassfish.java.net/nonav/public/CDDL+GPL.html <https://glassfish.java.net/nonav/public/CDDL+GPL.html>
> - javax.websocket-api-1.0.jar is CDDL-1.1 and GPL-2
> See [5] and https://glassfish.java.net/public/CDDL+GPL_1_1.html <https://glassfish.java.net/public/CDDL+GPL_1_1.html>
> The above is fine as you can select the license to use from any dual licensed software
and CDDL is category B and is allowed to be used in a convenience binary.
> - pi4j-core-1.0.jar is LGPL-3.0
> See [6] and http://www.gnu.org/licenses/lgpl.txt <http://www.gnu.org/licenses/lgpl.txt>
> This would not be allowed. You could ask VP legal togged permission to make a release
if you going to be removed in the next incubating release.
> Thanks,
> Justin



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message