www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shane Isbell" <shane.isb...@gmail.com>
Subject Re: Legal files and maven automation
Date Mon, 10 Mar 2008 19:10:58 GMT
This sounds good to me. I recently tried to release a first version of
Apache NMaven in the incubator and got blocked on this very issue of having
the dependency info in the Notice file. Any solution would be appreciated.

Shane

On Mon, Mar 10, 2008 at 11:44 AM, David Jencks <david_jencks@yahoo.com>
wrote:

> IIUC we've previously agreed that the only LICENSE and NOTICE files
> that actually need to be in svn are at the root of expected checkouts
> such as trunk, branches/xxx, and tags/xxx; all other LICENSE and
> NOTICE files in distributable artifacts can be generated by some
> process.  Projects that use maven often want to use the maven-remote-
> resources-plugin to generate these files since typically many of them
> are identical.
>
> Furthermore as Roy pointed out recently the NOTICE file should be
> really really minimal and only include information relevant to what
> is actually in the distribution unit such as a jar.  There's been a
> lot of complaint about the resource bundles typically used with  the
> maven-remote-resources-plugin since the NOTICE files include
> essentially a list of the transitive dependencies of the maven
> project.  I think many people find this dependency information useful
> but it clearly does not belong in the NOTICE file.
>
> At Geronimo I've developed a resource bundle that attempts to address
> these issues.  I'd like to find out if there are any objections to it
> and if not propose it as the standard resource bundle for use at
> apache by the maven-remote-resources-plugin.  Right now its in the
> voting stage of release and can be checked out at
>
> https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4/
> legal-bundle
> and viewed at
> http://people.apache.org/~djencks/staging-repo/org/apache/geronimo/
> genesis/legal-bundle/1.4/legal-bundle-1.4.jar
>
>
> Here's what it does:
> By default, the LICENSE file is the standard apache license.  The
> NOTICE file is generated from a velocity template; here's an example
> of the output (between ----- lines which are not included)
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
>
> In the 99% of the time when this is the correct LICENSE and NOTICE,
> that's all you do.  In the remaining 1% of the time where additional
> information is needed appended to these standard files, you put the
> additions in
> src/main/appended-resources/LICENSE
> and
> src/main/appended-resources/NOTICE
>
> In the remaining 0.1% of the time where the standard files are not
> correct you can arrange by other means to insert custom LICENSE and
> NOTICE files.
>
> In addition, there is a generated DEPENDENCIES file that lists the
> transitive dependencies of the project, determined from the poms,
> organized by organization, with the known license info.  Here's an
> example of such a DEPENDENCIES file:
>
> // ------------------------------------------------------------------
> // Transitive dependencies of this project determined from the
> // maven pom organized by organization.
> // ------------------------------------------------------------------
>
> Genesis Plugins :: Tools
> From: 'an unknown organization'
>   - Unnamed - ant:ant:jar:1.6.5  ant:ant:jar:1.6.5
>
>   - Unnamed - junit:junit:jar:3.8.1  junit:junit:jar:3.8.1
>
>
> From: 'Apache Software Foundation' (http://www.apache.org/)
>   - Maven Artifact (http://maven.apache.org/maven-artifact)
> org.apache.maven:maven-artifact:jar:2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Artifact Manager (http://maven.apache.org/maven-artifact-
> manager) org.apache.maven:maven-artifact-manager:jar:2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Model (http://maven.apache.org/maven-model)
> org.apache.maven:maven-model:jar:2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Plugin API (http://maven.apache.org/maven-plugin-api)
> org.apache.maven:maven-plugin-api:jar:2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Profile Model (http://maven.apache.org/maven-profile)
> org.apache.maven:maven-profile:jar:2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Project Builder (http://maven.apache.org/maven-project)
> org.apache.maven:maven-project:jar:2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Repository Metadata Model (http://maven.apache.org/maven-
> repository-metadata) org.apache.maven:maven-repository-metadata:jar:
> 2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Local Settings Model (http://maven.apache.org/maven-
> settings) org.apache.maven:maven-settings:jar:2.0.4
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>   - Maven Wagon API  org.apache.maven.wagon:wagon-provider-api:jar:
> 1.0-alpha-6
>     License: The Apache Software License, Version 2.0  (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>
> From: 'Codehaus' (http://codehaus.org)
>   - Plugin Support (http://mojo.codehaus.org/plugin-support)
> org.codehaus.mojo:plugin-support:jar:1.0-alpha-1
>
>
> From: 'Codehaus' (http://www.codehaus.org/)
>   - Default Plexus Container  org.codehaus.plexus:plexus-container-
> default:jar:1.0-alpha-9
>
>   - Plexus Common Utilities  org.codehaus.plexus:plexus-utils:jar:1.2
>
>
> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
>   - Commons JEXL (http://jakarta.apache.org/commons/jexl/) commons-
> jexl:commons-jexl:jar:1.1
>     License: The Apache Software License, Version 2.0  (/LICENSE.txt)
>   - Lang (http://jakarta.apache.org/commons/lang/) commons-
> lang:commons-lang:jar:2.3
>     License: The Apache Software License, Version 2.0  (/LICENSE.txt)
>   - Logging (http://jakarta.apache.org/commons/logging/) commons-
> logging:commons-logging:jar:1.0.4
>     License: The Apache Software License, Version 2.0  (/LICENSE.txt)
>
> From: 'The Codehaus' (http://codehaus.org/)
>   - classworlds (http://classworlds.codehaus.org/)
> classworlds:classworlds:jar:1.1-alpha-2
>
>
> ------------------------------------------------------------------
>
> As with any resource bundle for the m-r-r-p, you can supply missing
> information such as organization and license in a src/main/remote-
> resources/supplemental-models.xml file.
>
> ------------------------------------------------------------------
> Note on javaee5 artifacts:
> Some javaee5 artifacts such as wars and ears when built by maven
> usually physically include all or some of the dependencies of the
> maven project.  While it might be nice to have the m-r-r-p roll up
> the LICENSE and NOTICE files from the contents and come up with
> something, that is out of scope of this proposal.  I expect anyone
> building such an assembly will examine the contents and construct by
> hand suitable files to append to the standard LICENSE and NOTICE files.
>
> ------------------------------------------------------------------
> Objections? Comments?
>
> many thanks
> david jencks
>
>
>

Mime
View raw message