geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <kevan.mil...@gmail.com>
Subject Re: More to be added to licenses file for 1.1.1 ?
Date Thu, 20 Jul 2006 01:38:11 GMT

On Jul 19, 2006, at 2:12 AM, Jason Dillon wrote:

> Technically... its bad for a module to need to access bits from ../  
> (or ../../ or ../../../../../../).  The proper way to do this would  
> be to add them to a new license module, then have each module  
> depend on it, using dependency plugin to download unpack and then  
> antrun to copy into place.
>
> Still easier to have LICENSE.txt and NOTICE.txt local to the  
> module.  Most of them will be the same, so not much work to  
> maintain... a few will need to be customized to keep us legal.
>
> If we want to have a global... then we gotta write up some custom  
> plugin to handle that automatically for us.

I'd be proposing that the LICENSE and NOTICE files be local to the  
module. That's what we currently have.

The "distribution" license and notice files are in modules/scripts/ 
src/resources. They are currently built by hand. I'm assuming that  
they will continue to be built by hand. Automatically generating the  
license/module information would be great (I'm just a little doubtful  
that it's going to happen...) You have to include license/notice info  
for all of our generated modules -- that seems doable. However, the  
harder part is compiling license/notice information for dependencies  
that are loaded into our repository. We'd need to capture that  
information as meta-data, then accumulate during the assembly.

We need to be more rigorous in maintaining our LICENSE and NOTICE  
information. IMO, identifying and compiling the information is the  
hard part, not getting them into the necessary format...

--kevan

>
> --jason
>
>
> On Jul 18, 2006, at 8:04 PM, Kevan Miller wrote:
>
>>
>> On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
>>
>>> Kevan Miller wrote:
>>>>
>>>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>>>
>>>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me  
>>>>> to acknowledge the Sun license at http://developers.sun.com/ 
>>>>> license/berkeley_license.html when caching the j2ee schema  
>>>>> files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>>>
>>>>> This made me wonder whether this license has been included for  
>>>>> Geronimo (since we redistribute schema files) and it appears  
>>>>> the LICENSE.txt file in 1.1 doesn't contain it.
>>>>>
>>>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>>>
>>>>> Can anyone think of any other licenses or notices we may have  
>>>>> overlooked?
>>>>
>>>> Yes. Would appreciate your thoughts on the following:
>>>>
>>>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util  
>>>> (currently they are only Bouncy Castle -- I believe that we have  
>>>> ASL code in there, also).
>>> I think we should do it
>>>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and  
>>>> NOTICE files (i.e. branches/1.1/modules/scripts/src/ 
>>>> resources/) ? I think yes.
>>>> 3) Insure NOTICE files are included in our jar files (currently  
>>>> only LICENSE files are there)
>>>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
>>>> 5) Can the "global" LICENSE and NOTICE files be used in all our  
>>>> generated artifacts (distributions, jars, cars)? Or do we need  
>>>> global files and specific license/notice files for generated  
>>>> module jars and car files?
>>>>
>>>> --kevan
>>> 2-4 should be run by legal, no?
>>>
>>> To support #5, I hope we don't need some kind of maven magic.
>>
>> I think 1,2,3 are must do's. I think we can ignore 4. There are  
>> some CAR "files" in ibiblio -- http://www.ibiblio.org/maven/ 
>> geronimo/cars/ However, I'm not sure why they are there... They  
>> are all "1.0" and dated December 22nd. Should we have them  
>> removed? To my knowledge, we don't build or distribute CAR files  
>> in 1.1 (we do have ".car" directories in our repository, but IMO  
>> that's no different from any other directory name we might have...)
>>
>> Regarding 5, I think the right thing to do is have a global  
>> LICENSE and NOTICE file in the base of our distributions. We  
>> currently have this. Each of our jar files should have LICENSE and  
>> NOTICE files specific to each jar. I don't think that this is hard  
>> to do. Am I wrong? They all need standard ASL license and notice  
>> files. util needs to include bouncy castle info. Are there other  
>> geronimo generated jars with any licensing requirements beyond ASL 2?
>>
>> --kevan
>>
>>
>>
>


Mime
View raw message