felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard S. Hall" <he...@ungoverned.org>
Subject Re: [CONF] Apache Felix > DEPENDENCIES file template
Date Wed, 26 Jan 2011 19:57:54 GMT
This is just Felix policy about a file named DEPENDENCIES. The document 
evolved from a NOTICE file policy, so those references to a "notice 
file" are from that history...I've now edited them out.

The purpose of the DEPENDENCIES file is for us to be able to audit our 
license dependencies (and to give some credit to other projects). We 
have the possibility to generate this in some cases, but nothing that 
works in all cases, so that does suck.

Regardless, the cost is usually a one-time investment with potential 
incremental changes in the future if dependencies change.

-> richard

On 1/26/11 14:41, David Jencks wrote:
> Is this about a file named DEPENDENCIES or a file named NOTICE?  Does "must" mean apache
policy or felix policy?  If it's about a file named DEPENDENCIES I suggest you don't call
it a notice file;  I was confused enough to write this note.
> By apache policy, a DEPENDENCIES file is completely optional and has no specified content.
 The maven-remote-resources plugin generates one but I'm starting to think it was a bad idea
that I shouldn't have introduced.
> This does not relate well to whats needed in a NOTICE file either.  The NOTICE file should
not mention non-included content nor licenses of included content.
> I think it's really confusing to duplicate content between the (apache-optional) DEPENDENCIES
file and the required NOTICE and LICENSE files.  The LICENSE file needs complete license info
for what's in the artifact.  This appears to munge together the license info for the contents
and the dependencies.  The text at the top looks confusingly similar to the text of the apache
NOTICE file.  Judging by the amount of confusion here at apache about NOTICE file text, I
think having anything that looks even vaguely similar in another non-legal file is just going
to make the actual license requirements incomprehensible to any outsider.
> david jencks
> On Jan 26, 2011, at 10:00 AM, confluence@apache.org wrote:
>> DEPENDENCIES file template
>> Page edited by Richard S. Hall
>> Changes (0)
>> ...
>> Full Content
>> Each released software archive must a notice file in it to declare third-party dependencies
and their licenses. The following template should be used:
>> Apache Felix AAA
>> Copyright BBB The Apache Software Foundation
>> This software was developed at the Apache Software Foundation
>> (http://www.apache.org) and may have dependencies on other
>> Apache software licensed under Apache License 2.0.
>> I. Included Third-Party Software
>> CCC
>> II. Used Third-Party Software
>> DDD
>> III. Overall License Summary
>> - Apache License 2.0
>> - EEE
>> Where the placeholders have the following meaning:
>> AAA - Name of the Felix subproject.
>> BBB - Copyright year or range of years.
>> CCC - List of third-party software included in the archive.
>> DDD - List of third-party software used (but not included) by the archive.
>> EEE - List of additional third-party licenses as a result of the dependencies.
>> The format for an individual third-party dependency is flexible, but should try to
include the name of the developing organization or individual, a URL, a copyright, and the
license. For example, a dependency on OSGi software would look like this:
>> This product includes software developed at
>> The OSGi Alliance (http://www.osgi.org/).
>> Copyright (c) OSGi Alliance (2000, 2009).
>> Licensed under the Apache License 2.0.
>> If you need additional examples on how to file out a NOTICE file, look at other examples
in the SVN repo or ask on the dev@felix mailing list.
>> Change Notification PreferencesView Online | View Changes | Add Comment

View raw message