incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <rohit.ya...@citrix.com>
Subject Re: Automating ASL license check
Date Thu, 06 Sep 2012 13:17:29 GMT

On 06-Sep-2012, at 6:17 PM, Chip Childers <chip.childers@sungard.com> wrote:

> On Thu, Sep 6, 2012 at 12:47 AM, Rohit Yadav <rohit.yadav@citrix.com> wrote:
>> Hi Chip,
>> 
>> On 06-Sep-2012, at 12:55 AM, Chip Childers <chip.childers@sungard.com> wrote:
>> 
>>> On Mon, Sep 3, 2012 at 6:51 AM, Rohit Yadav <rohit.yadav@citrix.com> wrote:
>>>> Do we need to fix/add Apache license for:
>>>> - text files (README, INSTALL, NOTICE etc.)
>>>> - configuration files
>>>> - awsapi (top level LICENSE suggest they're BSD 3-clause)
>>>> - deps
>>>> - docs
>>>> - patches/
>>>> - plugins
>>>> - apidocs/
>>>> - tools
>>>> - ui
>> 
>> What about these files/dirs? They don't have Apache or any other license.
> 
> Most of them actually do (which I certainly hope is still the case,
> since myself and others spend days getting it done).
> 
>> As we already removed most dependencies from the source tree, do we need to remove
non-jars deps like jquery as well?
> 
> No, they do NOT need to be removed if they have compatible licenses.
> 
> They are what I have been calling "known exceptions".  For example,
> things like the jQuery scripts are NOT ours, so we can't change the
> license in them.  Also, some of the DEB packaging files are not
> allowed to have comments. The same holds true for certificate and key
> files.  Source files from other projects should be included in the
> tools/whisker/descriptor.xml file, which I use to generate the LICENSE
> and NOTICE files at the top level of the repo.
> 
> Basically, we should have three different answers to the file header question:
> 
> 1 - Default answer is that the file needs an appropriate license header.
> 2 - If it's a file type that is not capable of having a license
> header, then it can't have one.
> 3 - If it's a source file from another project, then we don't have the
> right to put the ASF header in it.  That file needs to be accounted
> for in the descriptor.xml file.  The actual license of the file must
> also be Apache 2 compatible (per ASF compatibility decisions).
> 
> Make sense?

+1

Thanks Chip!

Regards,
Rohit Yadav

> 
>>> This is very cool, but doesn't RAT do most of this for us?
>>> 
>>> I know that we had some issues with the initial reports not providing
>>> an accurate indication of the stray Citrix license headers, but I
>>> think that is resolved now.  I would suggest that another manual QA of
>>> the files would be helpful.
>> 
>> Okay I'll check them manually this weekend but I trust grep/sed :)
>> 
>>> Once we are at a stable state (with the appropriate exclude properties
>>> set the RAT Maven plugin config at the top level pom.xml), we would
>>> have an automatic solution tied into Maven for auditing compliance.
>>> 
>>> Does that work?
>> 
>> As soon as we fix the build system issues, I'll give RAT a try, probably research
on maven and maven plugins this weekend.
>> 
>> Regards,
>> Rohit
>> 
>>> 
>>> -chip
>> 
>> 


Mime
View raw message