www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Connolly <stephen.alan.conno...@gmail.com>
Subject Re: Do the NOTICE and LICENSE files have to be at the top level of SCM?
Date Fri, 13 Sep 2013 17:40:28 GMT
On Friday, 13 September 2013, sebb wrote:

> On 13 September 2013 18:09, Stephen Connolly
> <stephen.alan.connolly@gmail.com <javascript:;>> wrote:
> >
> >
> > On Friday, 13 September 2013, sebb wrote:
> >>
> >> On 13 September 2013 17:31, Stephen Connolly
> >> <stephen.alan.connolly@gmail.com <javascript:;>> wrote:
> >> > On 13 September 2013 08:11, Kevan Miller <kevan.miller@gmail.com<javascript:;>>
> wrote:
> >> >>
> >> >>
> >> >> On Sep 12, 2013, at 9:33 AM, Stephen Connolly
> >> >> <stephen.alan.connolly@gmail.com <javascript:;>> wrote:
> >> >>
> >> >> > The Maven PMCs current understanding is that the answer is no.
> These
> >> >> > files need to be in the source distributions published on each
> >> >> > project's
> >> >> > dist dir in the Apache web site.
> >> >>
> >> >> My answer would be yes, the files do need to be there.
> >> >>
> >> >> It seems like a very good practice to keep LICENSE/NOTICE files in
> >> >> obvious
> >> >> places. It certainly seems helpful for our users… And yes, IMO, the
> >> >> files
> >> >> should be in both our source distributions and our svn. And, finally,
> >> >> I'd
> >> >> say that the most *obvious* place for these files is the root release
> >> >> points
> >> >> (e.g. branches/trunk directories) of the project.
> >> >>
> >> >> Projects that I'm aware of have all followed this general practice.
> And
> >> >> I
> >> >> haven't noticed that it was a terrible burden for them.
> >> >>
> >> >> If we need to resolve Jira's / make documentation clearer/dogmatic,
> we
> >> >> can
> >> >> do that...
> >> >
> >> >
> >> > The problem is:
> >> >
> >> > Projects built by Maven have *LOTS* of potential check-out points...
> >> > basically everywhere there is a pom.xml in Subversion, that is a
> >> > potential
> >> > checkout directory...
> >> >
> >> > But our release roots are a lot fewer...
> >> >
> >> > With GIT things are easier, you'd just put the LICENSE and NOTICE
> files
> >> > at
> >> > the root of the git repo and be done... because you cannot checkout
> part
> >> > of
> >> > a GIT repository... you have to clone the whole thing or do complex
> >> > things
> >> > such that you'd kind of have to know that you might not be seeing
> >> > everything.
> >> >
> >> > Subversion is much more lax.
> >> >
> >> > How we have traditionally solved this is by having Maven generate
> these
> >> > files and put the resulting files into the source bundle (i.e.
> >> > .src.tar.gz
> >> > and .src.zip) that we put into dist (the source bundle is distinct
> from
> >> > the
> >> > IDE helper -sources.jar file... the source bundle is a buildable
> >> > complete
> >> > release while the -sources.jar file is just a convenience for IDE
> users)
> >> >
> >>
> >> Surely the source bundle corresponds to a part of the SVN tree?
> >>
> >> Where one finds the POM that builds the source and packages it?
> >>
> >> For example.
> >>
> >>
> >>
> https://svn.apache.org/repos/asf/maven/plugins/trunk/maven-compiler-plugin/
> >
> >
> > That is a release root, in other words it is a bit we release at its own
> > cadence.
> >
> > The SCM project root is:
> > https://svn.apache.org/repos/asf/maven/plugins/trunk/
> >
> > And oh look there are LICENSE.txt and NOTICE.txt files there which are
> > supposed to apply for all projects in that SCM trunk
>
> The NOTICE.txt file currently says:
>
> =================
>
> Maven Plugins
> Copyright 2002-2009 The Apache Software Foundation
>
> This product includes software developed at
> The Apache Software Foundation (http://www.apache.org/).
> ==================
>
> Assuming it's OK to have such a generic notice file, it ought at least
> to say "Apache Maven Plugins"
> Not sure the copyright years are appropriate.
>
> [Trivial nit: the leading blank line should be dropped]
>
> > Now that they have the .txt extension is a different issue, but let's put
> > that aside from this issue.
>
> *.txt is permitted.
>
> > Technically what we have done is put those license files into the maven
> > repository when releasing the root pom and then the child projects pull
> them
> > back down again.
> >
> > From that view SCM is not the whole truth of our source, but given that
> > maven repositories are write once and all the content is held on ASF
> managed
> > server (repository.apache.org) that to me is not an issue.
> >
> > The real issue at hand is do we need to have 50-100 copies of LICENSE and
> > NOTICE in every subfolder of
> > https://svn.apache.org/repos/asf/maven/plugins/trunk/ just because
> somebody
> > could checkout and build that folder by virtue of the SCM being
> Subversion?
>
> They are independent plugins, and could potentially have different
> licenses or notice requirements
>
> >
> >>
> >>
> >> > Maintaining LICENSE and NOTICE files at every conceivable checkout
> root
> >> > is
> >> > just nuts.
>
> There is very little maintenance needed, but it is important that
> developers consider whether any code that has been added might affect
> the N&L files.


The issue is will developers actually take the time to do it right. If I
see the *same* file in 50 plugin directories and I am adding plugin 51 but
it needs a different license, will I know to put the different content
there and ensure it is correct.... Or will I "monkey see, monkey do" and
assume this is a template and just copy one of the others?

Part of our tooling was to ensure the source and binary distributions have
the correct NOTICE and LICENSE files as appropriate to their content (the
tooling may be imperfect, but if the principle is not acceptable no point
fixing the tooling)

>
> >> >
> >> > There has to be a better way
> >>
> >> >>
> >> >>
> >> >> --kevan
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<javascript:;>
> >> >> For additional commands, e-mail: legal-discuss-help@apache.org<javascript:;>
> >> >>
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<javascript:;>
> >> For additional commands, e-mail: legal-discuss-help@apache.org<javascript:;>
> >>
> >
> >
> > --
> > Sent from my phone
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<javascript:;>
> For additional commands, e-mail: legal-discuss-help@apache.org<javascript:;>
>
>

-- 
Sent from my phone

Mime
View raw message