incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject Re: [RELEASE] NOTICE and LICENSE file
Date Fri, 23 Mar 2012 17:10:15 GMT
On Fri, Mar 23, 2012 at 12:09 PM, Pedro Giffuni <> wrote:
> On 03/23/12 10:47, Rob Weir wrote:
>> On Fri, Mar 23, 2012 at 11:25 AM, Pedro Giffuni<>  wrote:
>>> On 03/23/12 08:43, Rob Weir wrote:
>>>> ...
>>>> Further searching helps here ;-)
>>>> I have found [4]:
>>>> <quote>
>>>> ...
>>>> All the licenses on all the files to be included within a package should
>>>> be
>>>> included in the LICENSE document. This LICENSE (courtesy of Apache
>>>> HTTPD)
>>>> is
>>>> a good example. The Apache License is at the top of the LICENSE
>>>> document.
>>>> After that, the license for each non-Apache licensed component is
>>>> included,
>>>> along with a clear explanation of which files that license applies to.
>>>> ...
>>>> </quote>
>>>> Thus, I derive from this best practice that an identification of the
>>>> files
>>>> to which the mentioned license in the LICENSE file applies to should be
>>>> given.
>>>> But note the further complexity with AOO, that we have binary as well
>>>> as source packages in our release.  And our binary packages includes
>>>> 3rd party category-b libraries that are not included in our source
>>>> package.  So we need to make this clear somehow in our LICENSE.
>>>> Maybe we need a LICENCE_source and LICENCE_binary file in SVN that
>>>> contains the respective.  Then we can rename or cat that together to
>>>> produce the appropriate license for a package.
>>> This is not accurate.
>>> As I have mentioned tirelessly there is not such thing as a
>>> source release and a binary release, just a release. That
>>> means the one true LICENSE file includes all the source
>>> and binary components.
>> And again Pedro, I have not used the term "source release" or "binary
>> release". I said, "we have binary as well as source packages in our
>> release.".  That is perfectly accurate.
> I noticed but you implied it when speaking of LICENSE_source
> LICENSE_binary.

Our binary and source packages contain different code, with different
licensees and different notice requirements.   Of course it makes
sense to think of these as different.  The point about releases is
that at Apache we're not just making applications available to users.
We're making open source code available to other developers, to use as
they wish.  The source code package should not just be an after
thought.  It is an important part of what we're doing.  And an
important part is to make sure we get the LICENSE and NOTICE correct,
and not mix up the source and binary package obligations.  He help
developers who use our code if we get this right.

>>> Rob's statement is not exactly false because we have an
>>> exception in our release process as for the italian case
>>> (and so far only the italian case) we will be bundling GPLd
>>> dictionaries.
>> Not exactly false == true
> You really need to take a course on logic.
>>> Adding the GPL to our LICENSE file would be pretty
>>> confusing for our users, besides this is only for the
>>> italian case, so I think for that case having the GPL
>>> in the dictionary should be enough. Also, we should
>>> add a disclaimer that dictionaries (if included) don't
>>> constitute derivate works.
>>> All just IMHO, I won't block any attempt to automate
>>> the generation of those files, in fact, I think I'll just not
>>> touch those files anymore :).
>> Think of it this way:  Are there any additional obligations placed on
>> someone who redistributes our binary packages, based on the additional
>> components included there?  Does the ASF have any obligations, in
>> terms of required notices, etc., for the binaries we distribute?
>> Note, for example, clause 3.3 of the MPL 1.1:
> We include MPL already in the LICENSE (category B section).

This would be wrong if this is in our source package, since our source
package does not include any MPL code.

Remember,the binaries we have in our binary packages are just one of a
wide spectrum of binaries that a developer could produce from our
source package.  With different choice of flags, they could exclude or
include many different 3rd party OSS dependencies.  So it is
inaccurate and not-helpful for us to list the arbitrary choices from
our binary packages, and assume that applies to everyone who builds
from our source package.

If we want to provide supplemental documentation that explains the
required licence and notice implications based on each build flag,
then that would be fine.  But we should not assume a developer is
making identical choices to us.

> Even lawyers can distinguish if they are using binaries or source.

Per above, this is not a simple either/or alternative.   Our source
package only needs to cover the requirements of what our source
package includes.  It should not be guessing at what build flag the
developer might enable or disable.  However, our binary package should
be explicit, since we know exactly what we built.

> Pedro.

View raw message