incubator-odf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Hopf <mailingli...@florian-hopf.de>
Subject Re: [VOTE][DISCUSS] Release Apache ODF Toolkit 0.6-incubating
Date Sat, 02 Mar 2013 10:08:25 GMT
On 02.03.2013 07:50, Florian Hopf wrote:
>> I'm not saying it is impossible, but we do need to make sure that our
>> LICENSE and NOTICE files reflect what we're actually distributing.  So
>> if we distribute additional 3rd party code (in the form of a
>> dependencies JAR) then we may need to add their info.  But I'm not
>> 100% certain.  Maybe someone knows for sure what the policy on this
>> is?
>>
>
> Ok, this seems to be more complicated than I thought. I just had a look
> at the clerezza project that we are using. They are including some of
> the dependencies in the NOTICE file (among those  WYMIWYG which is also
> a transitive dependency for us) and some additional licenses in their
> LICENSE file.
>
> Which information needs to be included depends on the license:
> http://www.apache.org/legal/resolved.html#required-third-party-notices
>
> I guess we could obtain a lot of the required information from the
> direct dependencies we have as those are all Apache projects. But I am
> OK with distributing the current release without the dependencies and
> have a look at this for the release after that. I'd just like to add
> links to the projects to the README file.
>

Unfortunately I suspect we need to do this even for our current release 
as we are distributing the dependencies in the validator web archive.

I am not in the position to decide on these legal issues and what we 
need to do but if there are concrete steps I can help with let me know.

I had a look at all dependencies. I expect that if a library is hosted 
at apache we don't need to do anything special? What about notices that 
are contained in these libraries, e.g. clerezza-rdf-core contains this, 
what I expect to be a fragment for a notices file:

Contains code from the following book:
Jonathan Knudsen, "Java Cryptography", O'Reilly Media, Inc., 1998

Contains code from mulgara project for sparql query parsing

http://svn.apache.org/viewvc/incubator/clerezza/trunk/rdf.core/src/main/appended-resources/META-INF/NOTICE?view=markup

Do we need to add this too?

This is a list of all compile time dependencies not hosted at Apache. I 
expect that we don't need to do anything if a license is considered 
similar to Apache:

com.hp.hpl.jena:iri:jar:0.8:compile

Part of Apache Jena

com.ibm.icu:icu4j:jar:3.4.4:compile

License is considered similar to Apache 
http://www.apache.org/legal/resolved.html#category-a

com.sun.msv.datatype.xsd:xsdlib:jar:2009.1:compile
com.sun.msv.datatype.xsd:xsdlib:jar:2010.1:compile

Already contained in our NOTICE file so I guess this already has been 
checked

isorelax:isorelax:jar:20030108:compile

MIT is considered similar to Apache 
http://www.apache.org/legal/resolved.html#category-a

javax.activation:activation:jar:1.1:compile

Common Development and Distribution License (CDDL) v1.0, should be easy 
to find out as this is a commonly used artifact

net.java.dev.msv:msv-core:jar:2009.1:compile
net.java.dev.msv:msv-core:jar:2011.1:compile
net.java.dev.msv:msv-testharness:jar:2009.1:compile

Already contained in our NOTICE file so I guess this already has been 
checked

net.rootdev:java-rdfa-htmlparser:jar:0.4.2-RC2:compile
net.rootdev:java-rdfa:jar:0.4.2-RC2:compile
nu.validator.htmlparser:htmlparser:jar:1.2.0:compile

This needs to be stated in the notice, we should be able to get those 
from the clerezza NOTICE and LICENSE files (this seems to be part of the 
license: https://github.com/shellac/java-rdfa/wiki/licence)

org.iso_relax.verifier.jaxp.validation:isorelax-jaxp-bridge:jar:1.0:compile

Already contained in our NOTICE file so I guess this already has been 
checked

org.osgi:org.osgi.compendium:jar:4.2.0:compile
org.osgi:org.osgi.core:jar:4.2.0:compile

Not sure if we need to do something about those. The clerezza notice and 
license for the submodules doesn't state anything but this notice is 
contained in the binary distribution: The OSGi Alliance 
(http://www.osgi.org/)

org.slf4j:jcl-over-slf4j:jar:1.6.4:compile
org.slf4j:slf4j-api:jar:1.6.4:compile
org.slf4j:slf4j-log4j12:jar:1.6.4:compile

MIT is considered similar to Apache 
http://www.apache.org/legal/resolved.html#category-a

org.wymiwyg:wymiwyg-commons-core:jar:0.7.6:compile

Seems to be part of Clerezza? Not sure. Is contained in the global 
NOTICE file for Clerezza.

Regards
Florian

-- 
Florian Hopf
Freelance Software Developer

http://blog.florian-hopf.de

Mime
View raw message