www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Yandell" <bay...@apache.org>
Subject Re: NOTICEs in Maven projects
Date Wed, 11 Jun 2008 15:30:36 GMT
On Wed, Jun 11, 2008 at 5:16 AM, Jukka Zitting <jukka.zitting@gmail.com> wrote:
> Hi,
>
> Consider a Maven project X that has a dependency to some artifact Y
> with some attribution requirements.
>
> 1) Should the NOTICE file in the source release of project X include
> the attribution for Y even if Y is not included in the release
> package? Note that the build instructions (typically "mvn install")
> will cause Y to be automatically downloaded.
>
> 2) If X results in a jar artifact deployed to the Maven repository,
> should the NOTICE included in that artifact contain attribution for Y
> even if Y is not included in the jar file? Note that any downstream
> project that depends on X will also automatically depend on Y due to
> the transitive dependency.
>
> 3) If X results in a war artifact (or any other bundle) that contains
> Y, should the NOTICE included in that artifact contain attribution for
> Y? What if the Y artifact already contains it's own NOTICE file?
>
> My best understanding is that the answer to 1 and 2 is no and the
> answer to 3 is yes, based on the idea that attribution for Y is only
> required when Y is actually being distributed.

Agreed. I'd rather that 3) was also generally no - that attribution
clauses in a war would generally be handled by the LICENSE (and NOTICE
if need be) of Y being placed near Y. The first party project's
LICENSE and NOTICE should be reserved for items appearing within the
source of X and not for 2nd party or 3rd party products that happen to
exist in the same collection.

We debated a little while back about whether the 1st party
LICENSE/NOTICE should link to them or not. I'm still on a no there,
but only because I'd rather see that be a separate file to make life
easier for the projects themselves. Putting it in the notice/license
will require build scripting imo as you point out below.

> The interesting effect of this interpretation is that there are
> projects whose source and binary releases should have different
> NOTICEs. This doesn't seem right, so currently I'm answering yes to
> question 1 if the project build results in a bundle (war, rar, etc.)
> that contains Y.

So we differ in our solution - I'd rather answer no to 3) and if we
have to have an index, then have a THIRD_PARTY.txt of some kind.

> WDYT?

That we don't have consensus on this yet :)

Hen

---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message