www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lawrence Rosen" <lro...@rosenlaw.com>
Subject RE: [jira] [Updated] (LEGAL-155) Please help us educate projects about LICENSE and NOTICE
Date Sun, 13 Jan 2013 23:48:35 GMT
Benson Margulies wrote:
> In this area, I have a particular curiosity and concern about convenience binaries.
> A typical Apache project has very limited needs for complexity in these files for 
> its *releases*. Only sources with external provenance (e.g., results of an SGA) 
> or bundled dependencies trigger it. Far more dependencies get bundled in 
> convenience binaries. But convenience binaries are, merely, conveniences, 
> not legally, releases from the foundation. I've never seen any discussion of
> this; does the foundation's liability umbrella even extend over them? I doubt it,
> for all the usual reasons given in emphasizing that the real release is the
> source release. So I wonder about what policies or guidelines should exist
> for their legal boilerplate.


Thanks for raising these questions, Benson. I've also wondered about some of these undocumented
Apache procedures. It sounds like you've given them careful thought, at least in the Incubator.

>From a legal perspective, Apache shouldn't need to distinguish between binary distribution
and source distribution of FOSS works. Even the US Copyright Act and the Library of Congress
do not consider these to be independent works for copyright purposes (although the procedures
for registering copyrights in “trade secret" software might apply if we weren’t entirely
open source). There is no such thing as a "convenience binary", except perhaps as a special
Apache term I’ve never heard before. 

For FOSS and certainly for Apache software that we distribute, I believe a *source version*
is always made available. Otherwise, it isn’t FOSS and it certainly isn’t from Apache.
Do any Apache projects ever distribute binary software that is not also *available* from us
in source form? 

Meanwhile, the choice of whether to distribute source or binary version(s) has nothing to
do with legal convenience. The decision should be entirely a technical one, based on customer
convenience mostly, as determined by the project itself. Perhaps that's what Benson means
by "convenience binary"? 

As for LICENSE and NOTICE files, I would expect these to accompany *every* Apache distribution
regardless of whether it is in binary or source form. These LICENSE and NOTICE files can be
created according to specific guidelines (TBD), but they should be made available with each
distribution of Apache software so that downstream redistributors and end-users have full
knowledge of the important licenses and notices that apply to that Apache software regardless
of which form they find it in.

I generally advise my clients (but Apache is NOT one of my clients, so do your own thing!)
to follow these simple rules for LICENSE and NOTICE files:

1. Always publish in the LICENSE file the text of any licenses that apply to the software,
in addition to the Apache License. In some situations it is more convenient to publish that
text on a website and merely point to it from the LICENSE file. 

2. Always make the complete source version of whatever is distributed available on a website
and point to it from a NOTICE file. Sometimes it is more convenient to simply distribute the
source version directly, but that shouldn't stop you from also including a NOTICE file with
an appropriate permanent website link.

3. Other contents of the NOTICE file would probably be project-specific. For example (and
this is NOT Apache policy but my own suggestion), it is very helpful to downstream redistributors
and users of Apache software to learn about patent assertions (even if you don't agree with
them); standards compliance of the software;  special compatibility announcements; links back
to the Apache project; etc. Perhaps every NOTICE file ought to contain a standard Apache disclaimer
of liability or warranty?


To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message