www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: CDDL + GPL license
Date Wed, 11 Feb 2015 20:20:16 GMT
On Tue, Feb 10, 2015 at 9:09 PM, amareshwarisr . <amareshwari@gmail.com> wrote:
> Thanks Marvin. The detailed feedback provided not just improved LICENSE and
> NOTICE of the project, but got to learn a lot with respect to how to update
> them.

Glad to hear that, Amareshwari -- and thank you for your persistence and for
striving to understand these challenging issues.  While we surely do not get
everything right all the time, such efforts are part of what makes Apache
products attractive, particularly to businesses.

> For source release :
>
> For changes in license suggested, I have a question that how is it conveyed
> that the source files that are missing license headers are fine?
>
> I see the following in http://www.apache.org/legal/src-headers.html,
>
>   Why is a licensing header necessary?
>
>   License headers allow someone examining the file to know the terms for the
>   work, even when it is distributed without the rest of the distribution.
>   Without a licensing notice, it must be assumed that the author has
>   reserved all rights, including the right to copy, modify, and
>   redistribute.
>
> So, how do we convey that the files with missing headers are actually with
> Apache license. I could not get an answer from the page
> http://www.apache.org/legal/src-headers.html

The key phrase in that passage is "Without a licensing notice".  When files
without licensing headers are included in a package, it's reasonable to assume
that they are available under the global licensing of the package.  Such files
do not need to be called out individually in the top-level licensing files,
and there is benefit to downstream in keeping things short.  (If there's a
whitelist of licensed files in LICENSE, what does it mean a file is missing
from that list??)

> For Binary distribution :

---->8 snip 8<----

> For MIT and BSD notice, Full text of license and copyright is already part
> of top level LICENSE and a web link is provided in NOTICE file.

I disagree with adding web links for BSD and MIT dependencies to the NOTICE
file for a convenience binary.  However, this is only my opinion and the
existence of such links should not block the addition of a convenience
binary to a project dist area.

Apache's present release policy page indicates that PMCs are "responsible" for
the content of their dist area.

  http://www.apache.org/dev/release#what-must-every-release-contain

  Note that the PMC is responsible for all artifacts in their distribution
  directory, which is a subdirectory of www.apache.org/dist/ ; and all
  artifacts placed in their directory must be signed by a committer,
  preferably by a PMC member. It is also necessary for the PMC to ensure that
  the source package is sufficient to build any binary artifacts associated
  with the release.

However, it doesn't spell out just what "responsible" means, and we have
established that release VOTEs only endorse the the offical source release as
an act of the Foundation.

In my view, it suffices for a PMC to trust the judgment of whoever supplied
any convenience binaries unless there is a clear legal violation, and that
lazy consensus applies for PMC approval of artifacts to be uploaded.  Others
may hold divergent views. :)

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message