www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Do the NOTICE and LICENSE files have to be at the top level of SCM?
Date Fri, 13 Sep 2013 17:27:40 GMT
On 13 September 2013 18:09, Stephen Connolly
<stephen.alan.connolly@gmail.com> wrote:
>
>
> On Friday, 13 September 2013, sebb wrote:
>>
>> On 13 September 2013 17:31, Stephen Connolly
>> <stephen.alan.connolly@gmail.com> wrote:
>> > On 13 September 2013 08:11, Kevan Miller <kevan.miller@gmail.com> wrote:
>> >>
>> >>
>> >> On Sep 12, 2013, at 9:33 AM, Stephen Connolly
>> >> <stephen.alan.connolly@gmail.com> wrote:
>> >>
>> >> > The Maven PMCs current understanding is that the answer is no. These
>> >> > files need to be in the source distributions published on each
>> >> > project's
>> >> > dist dir in the Apache web site.
>> >>
>> >> My answer would be yes, the files do need to be there.
>> >>
>> >> It seems like a very good practice to keep LICENSE/NOTICE files in
>> >> obvious
>> >> places. It certainly seems helpful for our users… And yes, IMO, the
>> >> files
>> >> should be in both our source distributions and our svn. And, finally,
>> >> I'd
>> >> say that the most *obvious* place for these files is the root release
>> >> points
>> >> (e.g. branches/trunk directories) of the project.
>> >>
>> >> Projects that I'm aware of have all followed this general practice. And
>> >> I
>> >> haven't noticed that it was a terrible burden for them.
>> >>
>> >> If we need to resolve Jira's / make documentation clearer/dogmatic, we
>> >> can
>> >> do that...
>> >
>> >
>> > The problem is:
>> >
>> > Projects built by Maven have *LOTS* of potential check-out points...
>> > basically everywhere there is a pom.xml in Subversion, that is a
>> > potential
>> > checkout directory...
>> >
>> > But our release roots are a lot fewer...
>> >
>> > With GIT things are easier, you'd just put the LICENSE and NOTICE files
>> > at
>> > the root of the git repo and be done... because you cannot checkout part
>> > of
>> > a GIT repository... you have to clone the whole thing or do complex
>> > things
>> > such that you'd kind of have to know that you might not be seeing
>> > everything.
>> >
>> > Subversion is much more lax.
>> >
>> > How we have traditionally solved this is by having Maven generate these
>> > files and put the resulting files into the source bundle (i.e.
>> > .src.tar.gz
>> > and .src.zip) that we put into dist (the source bundle is distinct from
>> > the
>> > IDE helper -sources.jar file... the source bundle is a buildable
>> > complete
>> > release while the -sources.jar file is just a convenience for IDE users)
>> >
>>
>> Surely the source bundle corresponds to a part of the SVN tree?
>>
>> Where one finds the POM that builds the source and packages it?
>>
>> For example.
>>
>>
>> https://svn.apache.org/repos/asf/maven/plugins/trunk/maven-compiler-plugin/
>
>
> That is a release root, in other words it is a bit we release at its own
> cadence.
>
> The SCM project root is:
> https://svn.apache.org/repos/asf/maven/plugins/trunk/
>
> And oh look there are LICENSE.txt and NOTICE.txt files there which are
> supposed to apply for all projects in that SCM trunk

The NOTICE.txt file currently says:

=================

Maven Plugins
Copyright 2002-2009 The Apache Software Foundation

This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
==================

Assuming it's OK to have such a generic notice file, it ought at least
to say "Apache Maven Plugins"
Not sure the copyright years are appropriate.

[Trivial nit: the leading blank line should be dropped]

> Now that they have the .txt extension is a different issue, but let's put
> that aside from this issue.

*.txt is permitted.

> Technically what we have done is put those license files into the maven
> repository when releasing the root pom and then the child projects pull them
> back down again.
>
> From that view SCM is not the whole truth of our source, but given that
> maven repositories are write once and all the content is held on ASF managed
> server (repository.apache.org) that to me is not an issue.
>
> The real issue at hand is do we need to have 50-100 copies of LICENSE and
> NOTICE in every subfolder of
> https://svn.apache.org/repos/asf/maven/plugins/trunk/ just because somebody
> could checkout and build that folder by virtue of the SCM being Subversion?

They are independent plugins, and could potentially have different
licenses or notice requirements

>
>>
>>
>> > Maintaining LICENSE and NOTICE files at every conceivable checkout root
>> > is
>> > just nuts.

There is very little maintenance needed, but it is important that
developers consider whether any code that has been added might affect
the N&L files.

>> >
>> > There has to be a better way
>>
>> >>
>> >>
>> >> --kevan
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> >> For additional commands, e-mail: legal-discuss-help@apache.org
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>
>
> --
> Sent from my phone

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message