www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: LICENSE vs. NOTICE (Was: Proposal: Apache Third Party License Policy)
Date Mon, 18 May 2015 19:12:09 GMT
I wrote:

> LICENSE and NOTICE are only for bundled bits.  If the dependency is not
> bundled, it shouldn't be mentioned in either LICENSE or NOTICE.

Ralph Goers replied:

> Somehow that doesn’t seem right.  We have said that we can have optional
> dependencies on libraries under the LGPL.  Why wouldn’t we want to make it
> known in the NOTICE file that optional component Foo requires a work
> licensed under the LGPL to function?

That is useful information, but the NOTICE file is not a good vehicle for
conveying it.

For starters, the licenses of dependencies which are *not* bundled cannot be
guaranteed.  Dependencies may change licenses between versions.  First-order
dependencies may pull in second-order dependencies, introducing yet more
uncertainty.

Untrustworthy dependency licensing information is worse than nothing.  The
only sane way to assemble a product from components is to keep careful track
of which components you add and to know the exact licensing of each and every
one.

SPDX is a better approach.

The requirements of the NOTICE file are defined by section 4d of the ALv2.  We
intend that every Apache release fulfill those requirements.

Many of our releases also lard up NOTICE (and LICENSE) with material which is
*not* required to be there -- in particular, with information about bits which
are not bundled.  This is unfortunate, because it imposes costs on downstream
consumers who must work harder to understand the actual licensing of a
component.  At least our releases fulfill the legal requirements spelled out in
the ALv2, though.

I would oppose changing Apache policy to add any more requirements to NOTICE.
Our projects expend considerable energy complying with the existing
requirements.

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message