taverna-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gale Naylor <Ga...@noventussolutions.com>
Subject Re: [DISCUSS] Release candidate 2 of Command-line Tool 3.1.0-incubating
Date Sat, 04 Jun 2016 16:30:52 GMT
Thanks for the explanations, Stian. A vote-email script might not be a bad
idea! It certainly
seems to be a complicated thing to pull together.

In response to Stian's email, I found some additional, related ASF
resources that support not
requiring license headers in files whose content cannot be copyrighted
(e.g., files that contain
"Hello"). Here is the link:
http://www.apache.org/legal/src-headers.html#faq-exceptions

The exception also applies to "Test data for which the addition of a source
header would cause
the tests to fail."

It seems that most of the files that currently do not have license headers,
including
files in the services sub-directories, meet the criteria of being exempt
from the license header
requirement.

----------------
    However, it sounds like we SHOULD add license headers to the
package.html files.
    Do we want to do that way now, and then later convert to
package-info.java files?
----------------

I also found an ASF link that confirms what Stian said about only BUNDLED
dependencies
needing to be included in NOTICE files. Good to know.
(http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled)


Also, regarding 3rd party copyrighted works:  I found an ASF link that
explicitly states:
        -- not to modify/remove copyright headers from 3rd party works;
-- not to add the standard ASF license header to 3rd party works.
http://www.apache.org/legal/src-headers.html#3party


One remaining question about 3rd party license in
src/license/THIRD-PARTY.properties:

    javax.transaction--com.springsource.javax.transaction--1.1.0  (CDDL 1.0)

    Is this an exception to the category-b license "binary only" rule because
we use only
    a small amount of source code?


One observation about headers in JSON files
    Most of the JSON files have the header you described (http://purl.org.
..).
    Is it okay if the JSON file header uses ##? (See below).

            taverna-activity-archetype\src\main\resources\archetype-resource
                 \__rootArtifactId__-activity\src\main\resources\schema.json

               ##    Licensed to the Apache Software Foundation (ASF) under
one or more
               ##    contributor license agreements.  See the NOTICE file
distributed with
               ##    this work for additional information regarding
copyright ownership.
               ##    The ASF licenses this file to You under...
            ....
               ##    See the License for the specific language governing
permissions and
               ##    limitations under the License


    Also, this statement is after the license:

               ## Note: Above Velocity comment should NOT be included in
generated
               ## code from the archetype

    Just wondering what this is. Does it need to be at the end of all
License headers?


Thanks,

Gale


On Fri, Jun 3, 2016 at 8:39 AM Stian Soiland-Reyes <stain@apache.org> wrote:

> On 2 June 2016 at 19:50, Gale Naylor <GaleN@noventussolutions.com> wrote:
> > I'm so sorry - I've been replying to the VOTE thread.
> >
> > I'll copy my comments here:
> >
> > ------------------------------------------
> > UP-FRONT CHECKS
> > ------------------------------------------
> > The MD5 checksums in the [VOTE] email are the same as the SHA1 checksums.
> > I'm using the downloaded MD5 and SHA-1.
>
> Yes, I copy-pasted wrong! :(
>
> db4309131f4330832736586f6357d691
> apache-taverna-commandline-3.1.0-incubating-source-release.zip
> 03c62e8d0d8a8862638655a3591597ba
> apache-taverna-common-activities-2.1.0-incubating-source-release.zip
> 8113656bf4ac8ed4e5ed88cb1b0da15d
> apache-taverna-engine-3.1.0-incubating-source-release.zip
>
>
> (Perhaps we need a vote-email script!
>
> > -------------------
> > GNU License?
> >
> > The list of # Already used licenses in project : includes
> >
> > # - GNU Lesser General Public License, Version 2.1
> > Isn't this a category-x license? (It doesn't show up in the
> > "Please fill in the missing licenses" list at the bottom of the file.)
>
> I assume you mean
> apache-taverna-engine-3.1.0-incubating/src/license/THIRD-PARTY.properties
>
> which is used if you run manually:
>
> mvn license:aggregate-add-third-party
>
>
> http://www.mojohaus.org/license-maven-plugin/aggregate-add-third-party-mojo.html
>
> which will generate
>
> target/generated-sources/license/THIRD-PARTY.txt
>
> based on the <dependencies> and transitive dependencies.
>
>
> Usually the plugin picks up license info from the POM <licenses>
> section, but some projects don't provide that, in which case the
> properties file can fill in the blanks.
>
> The "Already used" section is written by the plugin if you use
> -Dlicense.useMissingFile=true
>
>
> But all the LGPL licenses in the report are dual-licensed also as
> Apache license:
>
> stain@biggiebuntu:~/rc/dist/test/apache-taverna-engine-3.1.0-incubating$
> grep GNU target/generated-sources/license/THIRD-PARTY.txt
>      (GNU Lesser General Public License, Version 2.1) (The Apache
> Software License, Version 2.0) Jackson-annotations
> (com.fasterxml.jackson.core:jackson-annotations:2.2.2 -
> http://wiki.fasterxml.com/JacksonHome)
>      (GNU Lesser General Public License, Version 2.1) (The Apache
> Software License, Version 2.0) Jackson-annotations
> (com.fasterxml.jackson.core:jackson-annotations:2.3.0 -
> http://wiki.fasterxml.com/JacksonHome)
>      (GNU Lesser General Public License, Version 2.1) (The Apache
> Software License, Version 2.0) Jackson-annotations
> (com.fasterxml.jackson.core:jackson-annotations:2.3.3 -
> http://wiki.fasterxml.com/JacksonHome)
>      (GNU Lesser General Public License, Version 2.1) (The Apache
> Software License, Version 2.0) Jackson-core
> (com.fasterxml.jackson.core:jackson-core:2.2.2 -
> http://wiki.fasterxml.com/JacksonHome)
>      (GNU Lesser General Public License, Version 2.1) (The Apache
> Software License, Version 2.0) Jackson-core
> (com.fasterxml.jackson.core:jackson-core:2.3.3 -
> http://wiki.fasterxml.com/JacksonHome)
>      (GNU Lesser General Public License, Version 2.1) (The Apache
> Software License, Version 2.0) jackson-databind
> (com.fasterxml.jackson.core:jackson-databind:2.2.2 -
> http://wiki.fasterxml.com/JacksonHome)
>      (GNU Lesser General Public License, Version 2.1) (The Apache
> Software License, Version 2.0) jackson-databind
> (com.fasterxml.jackson.core:jackson-databind:2.3.3 -
> http://wiki.fasterxml.com/JacksonHome)
>
>
>
> >
> > -------------------
> > Missing license information:
> >
> > # http://x-stream.github.io/license.html - this link says BSD (but not
> > which type);
> > should this copyright be included in our Notice file?
>
> Not in our NOTICE file yet, as we don't bundle the x-stream library,
> we just depend on it.
>
> But we would need to include that (and much more) in the NOTICE of the
> ZIP-file from taverna-commandline-product when/if we decide to
> distribute that as a binary release.
>
>
> > org.aopalliance--com.springsource.org.aopalliance--1.0.0  - no license
> > listed
>
> Should be clean:
>
> http://aopalliance.sourceforge.net/
>
> > LICENCE: all the source code provided by AOP Alliance is Public Domain.
>
> (Oh my, that dependency is more than 12 years old..!)
>
>
>
> > # https://github.com/hunterhacker/jdom/blob/jdom-1.1/core/LICENSE.txt  -
> > this link has a copyright;
> > include in Notice file? What do we use for "type" of license?
> "Copyright?"
> > Or is this also a "JDOM License" like
> > org.jdom--com.springsource.org.jdom--1.1.0?
>
> I think we can just call it the "JDOM license".   Same as above, no
> need for NOTICE as we don't bundle the JAR.
>
> > # http://www.xmlpull.org/  - no license listed
>
>
>
> > Aren't the following licenses listed under category-b, binary release
> only?
>
> But we only have <dependency> on them, they are not distributed by ASF
> (you won't find these dependencies in our source archive), so that is
> OK.
>
>
>
> > 1) University of Manchester copyright in taverna-provenanceconnector
> > files (see previous email).
>
> Bah! Well spotted! Danger of just disabling a Maven module!
>
> That is however an (appearant) violation as it claims to be under
> incompatible LGPL license -- that code was however covered by the
> software grant and should have ASF headers.
>
> I think we might have to pull the RC for this (we could get it through
> the incubator if it was the first release, but this is our third!).
>
>
>
> > 2) taverna-execution-hadoop Crossproduct.java file contains copyright
> > by Adam Pingel and no ASF license.
> >
> >      I know this is copyright is included in the top level NOTICE
> >      file, but doesn't it have to be removed from the Java file?
>
> Strictly speaking we don't need to include that text in the NOTICE if
> it is also in the file header, however we need it in the NOTICE so
> that it also comes along in JARs in Maven Central.
>
> I don't think we can move this away from the file header, as then
> downstream consumers who decide to copy that file might then easily
> violate:
>
> > Redistributions of source code must retain the above copyright
> > notice, this list of conditions and the following disclaimer.
>
>
> > 1) Two README files without license headers:
> > /taverna-engine-rc2/taverna-prov/README.md
> > /taverna-engine-rc2/taverna-reference-types/README.md
>
> I think it should be added - but personally I wouldn't block the
> release for that alone.
>
>
> > 2) One JSON file without license header
> > /taverna-engine-rc2/taverna-run-impl/src/test/resources/workflowrun.json
>
> It's tricky to add to JSON as it has no comment headers, but it's
> possible to add something like this:
>
>
>   "http://purl.org/dc/terms/rights": "Licensed to the Apache Software
> Foundation (ASF) under one or more contributor license agreements.
> See the NOTICE file distributed with this work for additional
> information regarding copyright ownership.  The ASF licenses this file
> to You under the Apache License, Version 2.0 (the 'License'); you may
> not use this file except in compliance with the License.  You may
> obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0 Unless required by
> applicable law or agreed to in writing, software distributed under the
> License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR
> Cse": {"@id": "http://www.apache.org/licenses/LICENSE-2.0"},
> ONDITIONS OF ANY KIND, either express or implied.  See the License for
> the specific language governing permissions and limitations under the
> License.",
>   "http://purl.org/dc/terms/licen
>
> > 3) Miscellaneous text and html files don't have a license header.
> > (Also spring.handlers and spring.schemas.)
> > Are these not considered "code?"
>
> Not having checked deeper, but I think the spring.* files can't have
> license headers. (They don't even have a newline!)
>
> The spring-files are very small and not copyrightable (does not
> achieve Work height) - so it's not a big issue they are missing
> headers.
>
> The HTML files should have license headers.  Also I think it's cleaner
> to use package-info.java with regular Javadoc instead of package.html
>
>
> > Examples:
> > taverna-activity-archetype...goal.txt,
> > taverna-credential-manager...text.html,
> > taverna-prov...3a/3a82e39d-a537-40cf-91a0-2c89d4a2e62b.txt
> > taverna-prov...greeting.txt
> > taverna-prov...mimetype
> > taverna-workflowmodel-impl...package.html
> > taverna-reference-impl...spring.handlers (and spring.schemas)
>
> Most of these are test resources which must match 1:1 -
> documented in the RAT exclusions of pom.xml:
>
>                         <exclude>**/*.txt</exclude> <!-- workflow values
> -->
>
> <exclude>**/src/main/resources/archetype-resources/</exclude> <!--
> Don't want our archetype to generate ASF headers -->
>                         <exclude>**/META-INF/spring.*</exclude> <!--
> Miniscule spring marker files -->
>                         <exclude>**/workflowrun.json</exclude> <!--
> example workflow run report -->
>
>
> > 4) Files in services subdirectories also do not have a license headers.
> Are
> > they exempt?
> >
> > Examples:
> > taverna-credential-manager...services/
> > org.apache.taverna.security.credentialmanager.CredentialProviderSPI
> > taverna-dataflow-activity.../services/
> > net.sf.taverna.t2.workflowmodel.health.HealthChecker
>
> They are also very small (just listing classnames) and so would not be
> copyrightable. However they would support a ## style copyright header
> which we can add.
>
>
>
> Thanks for a thorough check!
>
> --
> Stian Soiland-Reyes
> Apache Taverna (incubating), Apache Commons
> http://orcid.org/0000-0001-9842-9718
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message