www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: CDDL + GPL license
Date Tue, 10 Feb 2015 02:53:19 GMT
On Sat, Feb 7, 2015 at 10:30 PM, amareshwarisr . <amareshwari@gmail.com> wrote:

> I have updated LICENSE and NOTICE required for source and convenient binary
> distribution for Apache Lens. Raised review request at
> https://reviews.apache.org/r/30770/ and https://reviews.apache.org/r/30772
>
> If you can provide your feedback on them that would be great.

I'll go over LICENSE and NOTICE in both official source release and
convenience binary in turn.

---

First, LICENSE in the official source release:

It is unusual and IMO not desirable to list dozens of individual PNG,
powerpoint, data, README, and dotfiles in LICENSE.  Especially when they are
under the ALv2.  I suggest stripping out this list.

The MIT licenses look acceptable.  Some of us might have preferred to see
pointers rather multiple copies of the MIT license, but your approach complies
with policy.

---

Second, NOTICE in the official source release:

The required text at the top (as specified in src-headers.html) seems
right.

However, it is not appropriate to add copyright notices for MIT-licensed
dependencies to NOTICE under ordinary circumstances.

The NOTICE file is not for conveying information to downstream consumers -- it
is a way to *compel* downstream consumers to *relay* certain required notices.
For a source distribution, the MIT license is satisfied by leaving any license
headers intact in any bundled source files.  There is no need to add any
mention of them to NOTICE, and adding such bloat to NOTICE makes it more
complicated and expensive to determine how to comply with the licensing of our
products.

Here's past Board member Roy Fielding on the subject:

    http://s.apache.org/0e

    Hey, I'm all for people having opinions on development and credits and
    documentation.  NOTICE and LICENSE are none of those.  They are not open
    to anyone's opinions other than the copyright owners that require such
    notices, and they must not be added where they are not required.  Each
    additional notice places a burden on the ASF and all downstream
    redistributors.

    Please, folks, I am not even a Sling committer.  I am speaking as the
    author of the Apache License.  Don't screw with what I have changed.
    I have way more experience in these matters than everyone else at the
    ASF combined.  If you put stuff in NOTICE that is not legally required
    to be there, I will remove it as an officer of the ASF.  If you add it
    back in, I will have to duplicate the effort of removing it again.
    That will not make me a happy camper.

Sometimes, a copyright holder will insist on putting their copyright notice
into the NOTICE file.  Once that happens, we are compelled -- by law -- not to
remove or modify their copyright notice without their permission.  But we
should not be making decisions to propagate copyright notices into NOTICE
unilaterally.

---

Next, LICENSE for the convenience binary (and associated LICENSE-* files):

As with LICENSE in the source release, I suggest stripping out the list of
miscellaneous files under ALv2.

This comma seems like a typo:

    For org.hsqldb,

The approach taken in the rest of it seems OK.  Kudos for not embedding the
longer licenses, but instead including additional files like `LICENSE-EPL`.

---

Finally, NOTICE for the convenience binary:

The required info from src-headers.html seems right.

The links for "category B" dependencies seem appropriate.

Mentions for MIT or 2/3-clause BSD deps in the NOTICE file for *binary*
distributions is an unsettled subject at the ASF as far as I know -- and since
we don't release binaries, I don't know how soon there will be guidance, if
ever.  But note that both licenses contain relevant provisions (BSD is clear
about binary redistribition, MIT is ambiguous):

    BSD:

        2. Redistributions in binary form must reproduce the above copyright
           notice, this list of conditions and the following disclaimer in the
           documentation and/or other materials provided with the
           distribution.

    MIT:

        The above copyright notice and this permission notice shall be
        included in all copies or substantial portions of the Software.

Note the both licenses require propagation of the *entire* license text, so a
link in NOTICE does not suffice.  I imagine that the appropriate place for
achieving compliance is A) not NOTICE and B) dependent on the binary format
and where a consumer would be expected to look for such licensing information.
For a jar file, I'd speculate that inclusion in META-INF/LICENSE is good
enough?

---

Standard IANAL disclaimers apply.  Licensing for the convenience binary is the
primary responsibility of the producer, not the ASF.  I only performed a
superficial review -- going over such complicated licensing is exhausting and
I didn't have time to go line by line, confirm that licensing documentation
actually matches the bundled content, etc.

HTH,

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message