polygene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Merlin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZEST-15) Review legal compliance
Date Fri, 24 Apr 2015 12:46:38 GMT

    [ https://issues.apache.org/jira/browse/ZEST-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14510970#comment-14510970
] 

Paul Merlin commented on ZEST-15:
---------------------------------

>From what I understand in http://www.apache.org/dev/licensing-howto.html the `LICENSE`
and `NOTICE` files are required in released distributions only, and, that `NOTICE` file needs
special attention for *bundled* dependencies only.
>From http://incubator.apache.org/guides/release-java.html I learned that repository artifacts
are concerned too, including sources and javadoc JARs.

Our source and binary release distributions could include the gradle wrapper jar only. Gradle
downloading dependencies as needed. The `NOTICE` would then be pretty simple. To ease offline
usage we can include a way to download all needed dependencies in the binary distribution
(script, pom ...).

Our repository artifacts JARs should include basic `LICENSE` and `NOTICE` files in the `META-INF`
directory.

I see no source bundled in the Qi4j codebase that's from a third-party.

So from what I understand, if we don't bundle dependencies in our distributions, we don't
need complex `NOTICE` files.
Am I right?

Remain the cryptographic related issue that I did not dug into yet.


> Review legal compliance
> -----------------------
>
>                 Key: ZEST-15
>                 URL: https://issues.apache.org/jira/browse/ZEST-15
>             Project: Zest
>          Issue Type: Sub-task
>            Reporter: Niclas Hedhman
>
> Review legal compliance on all dependencies, in particular NOTICE file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message