flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ufuk Celebi <...@apache.org>
Subject Re: Listing Apache-2.0 dependencies in LICENSE file
Date Mon, 15 Jun 2015 08:57:53 GMT
To summarize:

1. Your PR changes are necessary. Thanks for doing it.

2. The consensus (PR comments + ML) is to skip other Apache licensed dependencies.

3. Shaded Jars need LICENSE and NOTICE in META-INF.

Let's wrap this up today and get it out of the way of the release. :-)

– Ufuk

On 15 Jun 2015, at 10:37, Till Rohrmann <trohrmann@apache.org> wrote:

> Hi Henry,
> 
> there are actually two licensing questions and one update for the current
> release going on but all of them are orthogonal and therefore I would like
> to keep them separate.
> 
> The PR [1] which you referred to are the necessary updates for the source
> and binary distribution of the upcoming release. There it's important that
> maybe another pair of eyes takes a look at it.
> 
> Then we have the question whether we have to include a LICENSE and NOTICE
> file in our jars because they contain shaded dependencies.
> 
> And last but not least, the question of this thread is whether we want to
> keep the list of Apache-2.0 dependencies in our LICENSE files or not. Thus,
> let's first discuss and then maybe decide later on this issue here in this
> thread.
> 
> Cheers,
> Till
> 
> On Sun, Jun 14, 2015 at 8:03 PM Henry Saputra <henry.saputra@gmail.com>
> wrote:
> 
>> Hi Till,
>> 
>> There are several discussions about LICENSE for dependencies happening
>> at the same time so I would like to make sure we merge them into a
>> decision in dev@ list.
>> 
>> Is this related to PR https://github.com/apache/flink/pull/830 for
>> updating LICENSE and NOTCE of Flink dependencies?
>> 
>> - Henry
>> 
>> On Sun, Jun 14, 2015 at 6:28 AM, Maximilian Michels <mxm@apache.org>
>> wrote:
>>> Hi Till,
>>> 
>>> That's correct, It is not necessary to include Apache 2.0-licensed
>> projects
>>> in the LICENSE file, unless they contain non-Apache 2.0-licensed code. We
>>> should definitely remove those entries from the LICENSE file.
>>> 
>>> Best,
>>> Max
>>> 
>>> On Sat, Jun 13, 2015 at 4:51 PM, Aljoscha Krettek <aljoscha@apache.org>
>>> wrote:
>>> 
>>>> If it is not against the Apache Guidelines I would vote for removing
>> them.
>>>> I'm always in favour of keeping things simple.
>>>> 
>>>> On Fri, 12 Jun 2015 at 18:34 Till Rohrmann <trohrmann@apache.org>
>> wrote:
>>>> 
>>>>> Hi guys,
>>>>> 
>>>>> I just updated our LICENSE of the binary distribution and noticed
>> that we
>>>>> also list dependencies which are licensed under Apache-2.0. As far as
>> I
>>>>> understand the ASF guidelines [1], this is not strictly necessary.
>> Since
>>>> it
>>>>> is a lot of work to keep the list up to date, I was wondering whether
>> we
>>>>> want to remove Apache-2.0 dependencies from this list or not. I would
>> be
>>>> in
>>>>> favour of this if it does not contradict an ASF policy which I miss.
>>>>> 
>>>>> This might even have another advantage. Currently, we're shading in
>> many
>>>>> modules the Guava and ASM dependency away. Thus their binary data is
>>>>> contained in nearly every jar we publish on maven. If we wanted to be
>>>>> consistent with our license policy then we would have to add in each
>> of
>>>>> these jars a LICENSE/NOTICE file which lists these two dependencies,
>> IMO.
>>>>> 
>>>>> Cheers,
>>>>> Till
>>>>> 
>>>>> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
>>>>> 
>>>> 
>> 


Mime
View raw message