www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <ralph.go...@dslextreme.com>
Subject Re: LICENSE vs. NOTICE (Was: Proposal: Apache Third Party License Policy)
Date Mon, 18 May 2015 20:19:22 GMT
Thanks Marvin, that all makes sense to me.

Ralph

> On May 18, 2015, at 12:12 PM, Marvin Humphrey <marvin@rectangular.com> wrote:
> 
> I wrote:
> 
>> LICENSE and NOTICE are only for bundled bits.  If the dependency is not
>> bundled, it shouldn't be mentioned in either LICENSE or NOTICE.
> 
> Ralph Goers replied:
> 
>> Somehow that doesn’t seem right.  We have said that we can have optional
>> dependencies on libraries under the LGPL.  Why wouldn’t we want to make it
>> known in the NOTICE file that optional component Foo requires a work
>> licensed under the LGPL to function?
> 
> That is useful information, but the NOTICE file is not a good vehicle for
> conveying it.
> 
> For starters, the licenses of dependencies which are *not* bundled cannot be
> guaranteed.  Dependencies may change licenses between versions.  First-order
> dependencies may pull in second-order dependencies, introducing yet more
> uncertainty.
> 
> Untrustworthy dependency licensing information is worse than nothing.  The
> only sane way to assemble a product from components is to keep careful track
> of which components you add and to know the exact licensing of each and every
> one.
> 
> SPDX is a better approach.
> 
> The requirements of the NOTICE file are defined by section 4d of the ALv2.  We
> intend that every Apache release fulfill those requirements.
> 
> Many of our releases also lard up NOTICE (and LICENSE) with material which is
> *not* required to be there -- in particular, with information about bits which
> are not bundled.  This is unfortunate, because it imposes costs on downstream
> consumers who must work harder to understand the actual licensing of a
> component.  At least our releases fulfill the legal requirements spelled out in
> the ALv2, though.
> 
> I would oppose changing Apache policy to add any more requirements to NOTICE.
> Our projects expend considerable energy complying with the existing
> requirements.
> 
> Marvin Humphrey
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message