www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: Simplfying requirements for LICENSE and NOTICE
Date Mon, 08 Feb 2016 18:21:51 GMT
> On Feb 7, 2016, at 9:04 PM, Marvin Humphrey <marvin@rectangular.com> wrote:
> Greetings,
> Despite our best efforts, confusion about the requirements for LICENSE
> and NOTICE continues to frustrate our volunteers. Over time, I have become
> increasingly convinced that those requirements are simply unrealistic and
> that the problems we face are not solvable through improved documentation.
> Therefore, I propose exploring the following changes in how we handle
> licensing documentation for official Apache source releases:
> 1.  Cease propagating *any* content from bundled dependencies into the
>    top-level NOTICE file.

Then recipients will have to dumpster dive for REQUIRED run-time notices.

> 2.  Cease the practice of copying dependency licenses verbatim into LICENSE.

That's fine if the terms are subsumed by our license.

> 3.  Recommend that LICENSE consist of the ALv2, plus a filepath
>    pointer to each bundled dependency along with the dependency's version
>    identifier and an SPDX license identifier[1].


> As far as I know, there are two rationales for the current practice of
> "bubbling up" dependency licensing information and notification requirements
> into the top-level LICENSE and NOTICE files. First, to comply with any
> relevant provisions in the licenses of bundled dependencies. Second, to
> provide aggregate licensing information as a convenience to downstream
> consumers.
> With regards to notifications, I question whether "bubbling up" anything is
> legally required for source redistribution. I submit that for source
> releases, bundling any dependency in source form suffices to satisfy typical
> notification requirements[2] so long as the dependency licensing
> documentation remains intact in the dependency source code subtree.

No, that depends on the license in question.  In order to subsume a BSD license,
for example, the attribution clause (if any) must be placed somewhere that will
ensure it is bound by our license terms on the NOTICE file.  Also, you are assuming
that code under other licenses is cleanly separated into a different library
or some hierarchy.  In practice, that is not always true.  E.g., cut and paste.

If you have a project that can be simplified in this way, then there is no
problem with encouraging them to do so.  However, this cannot be ASF policy
because it is an unnecessary constraint on how projects maintain their own
products.  Good practices can be documented as good practices.


To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message