www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: CDDL + GPL license
Date Sat, 31 Jan 2015 18:02:09 GMT
On Sat, Jan 31, 2015 at 8:17 AM, amareshwarisr . <amareshwari@gmail.com> wrote:
> Thank you all for the quick responses.
>
> Here is what i understand, please correct me if I'm wrong.
>
> For source distribution- LICENSE and NOTICE will contain only Apache License
> and nothing else.

Assuming that the source release for Lens does not bundle any dependencies,
that's almost correct.  You'll also need some content in NOTICE as described
here:

    http://www.apache.org/legal/src-headers.html#notice

> For convenience binary distribution, top level LICENSE file can contain
> Apache License, and NOTICE file must contain dependency dual licensing
> information with a web link.

The short blurb describing the dependency licensing (in this case dual
licensing under the CDDL and GPL) should go in LICENSE.  The web link should
go in NOTICE.

NOTICE is not informational; it is specifically reserved for notices which are
*legally required*, and section 4d of the Apache License 2.0 imposes extra
demands on downstream consumers with regards to content in NOTICE.

    https://www.apache.org/licenses/LICENSE-2.0#redistribution

The web link pointing to the source for a bundled binary CDDL dependency is an
example of such a legally required notice -- without it, a distribution does
not comply with the CDDL, leaving the redistributor without a license for the
redistributed content and in violation of copyright law.

In contrast, omitting the dual-licensing blurb from the top-level
LICENSE/NOTICE does not result in copyright violation.  That blurb is what
some of us call "licensing documentation", and getting it wrong results in
what is sometimes called a "licensing documentation bug".

Like other bugs, licensing documentation bugs can have mild or severe impact
on users and may or may not precipitate new releases or release candidates.
We have far less flexibility when it comes to copyright violation.

Please work hard to keep LICENSE and NOTICE both correct and minimal, to keep
down the legal costs of using our work.  People like me who participate in
licensing review (for either commercial or open source products) will
appreciate it.

> Ross, I'm assuming when a dependency is available under dual license and one
> of them is compatible with apache license, then it is an acceptable
> distribution.

Correct.

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message