www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Müller <christian.muel...@gmail.com>
Subject Re: transitive 3rd party dependencies
Date Wed, 02 Jul 2014 21:30:21 GMT
We do released the camel-infinispan component, but without the required
dependencies.

The transitive dependency to the LGPL licensed artifact was not by design.
By using a ASL 2.0 licensed dependency we thought all its dependencies are
ok. Sorry for not being carefully enough.

We are also happy that we could resolve this issue and any new release will
be again conform to the ASF policies.

Thanks for your help,

Christian
-----------------

Software Integration Specialist

Apache Member
V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer
Apache Incubator PMC Member

https://www.linkedin.com/pub/christian-mueller/11/551/642


On Sun, Jun 29, 2014 at 9:34 PM, Kevan Miller <kevan.miller@gmail.com>
wrote:

>
> On Sun, Jun 29, 2014 at 4:36 AM, Christian Müller <
> christian.mueller@gmail.com> wrote:
>
>> If you build camel-infinispan by your own, Maven will download the
>> required dependencies (also the prohibited dependencies) and it will work.
>>
>
> Was some action taken when building your release binaries to remove the
> prohibited dependencies? Or is it that you don't have a camel-infinispan in
> your binary download? Anyway, it sounds like your current camel-infinispan
> releases violate ASF licensing policy.
>
>
>> If you run camel-infinispan without the prohibited dependencies in your
>> classpath, you will end up with ClassNotFound exceptions. In general, our
>> users use some Maven plugins to collect all required dependencies (if they
>> do it not by hand) and put they together in a WAR/ZIP/... file.
>> If a user has problems to collect the required dependencies, we point him
>> to our pom.xml file and the Maven dependency plugin. We do not provide
>> additional instructions (as we release 170+ components with each release
>> which have totally different dependencies).
>>
>
> If you had wanted to have an LGPL licensed dependency, you could have done
> so. However, it would require documentation for your users -- to insure
> they understand the consequences of their actions. E.g. commenting out the
> jboss-marshalling dependency in a pom.xml file with comments that explain
> to users the consequences of enabling the dependency.
>
> Your community is responsible for policing your releases and insuring they
> conform to ASF policies, period. Regardless of the number of components
> being released.
>
> Luckily, you have a pretty simple fix...
>
> --kevan
>

Mime
View raw message