www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: Simplfying requirements for LICENSE and NOTICE
Date Tue, 09 Feb 2016 03:02:36 GMT
On Mon, Feb 8, 2016 at 10:21 AM, Roy T. Fielding <fielding@gbiv.com> wrote:

> Then recipients will have to dumpster dive for REQUIRED run-time notices.

Having been on the front lines educating our projects about licensing
documentation for a few years now, I've seen our volunteers expend prodigious
amounts of time and energy trying to understand and execute our
recommendations regarding LICENSE and NOTICE.

Despite those good-faith efforts, my advice to anyone who consumes one of our
products is: if you want a high degree of confidence that you are in
compliance with all licensing, you should dive through the source yourself.

Consider the Incubator as an example community.  You would think if any group
of people would have mastered NOTICE by now, it would be the Incubator's
Mentors.  Yet the arrival on general@incubator of a podling release candidate
with a perfect NOTICE file -- all required notices included and everything
unnecessary omitted -- is a rare event.

Grokking NOTICE is just hard.  Without both a solid grounding in open source
licensing and extensive specialized expertise in notification requirements and
the subtleties of the ALv2 NOTICE file in particular, I am concerned that the
task of identifying and selecting excerpts from dependency licensing to
populate NOTICE cannot be accomplished reliably.

> No, that depends on the license in question.  In order to subsume a BSD
> license, for example, the attribution clause (if any) must be placed
> somewhere that will ensure it is bound by our license terms on the NOTICE
> file.

Which clause are you referring to as the "attribution clause"?  I don't
understand how any of the 3 clauses in the BSD-3-clause license require it to
be connected to our NOTICE provisions in order to be subsumed.  Do you mean
the "advertising clause" which is only present in the obsolete BSD-4-clause
license?

It seems to me your example applies to the attribution clause of the
Apache Software License 1.1, which is a BSD derivative.  But how many other
licenses on the "Category A" list have such requirements?

> If you have a project that can be simplified in this way, then there is no
> problem with encouraging them to do so.  However, this cannot be ASF policy
> because it is an unnecessary constraint on how projects maintain their own
> products.  Good practices can be documented as good practices.

The burning question is, what should the Incubator teach?  Because having to
teach the current recommendations is a huge pain.  If there's not an ironclad
legal justification for putting our volunteers through this, I wish we could
find another way.  People would be so grateful if they could just assemble a
list of dependencies instead of agonizing over NOTICE.

Perhaps an alternative would be for a project to provide SPDX data describing
its licensing?  I don't know enough about SPDX to recommend it yet, but it
seems like it might be worth looking into.

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message