www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Witt <joe.w...@gmail.com>
Subject Re: dependency on CDDL binary
Date Thu, 18 Feb 2016 04:21:22 GMT
I should clarify that CDDL is category-b as per [1].  So with that in
mind the guidance on that same category-b listing states "By including
only the object/binary form, there is less exposed surface area of the
third-party work from which a work might be derived; this addresses
the second guiding principle of this policy. By attaching a prominent
label to the distribution and requiring an explicit action by the user
to get the reciprocally-licensed source, users are less likely to be
unaware of restrictions significantly different from those of the
Apache License. Please include the URL to the product's homepage in
the prominent label."

Would the NOTICE then be the right place for that or is it still
readme even for a bundled artifact in a convenience binary
distribution?

[1] http://www.apache.org/legal/resolved.html#category-b

On Wed, Feb 17, 2016 at 11:13 PM, Joe Witt <joe.witt@gmail.com> wrote:
> Henri
>
> Is it correct to say your response applies only to the source release?
>  If they were to have a convenience binary release that bundled that
> third party dependency then I believe the NOTICE would actually need
> to reflect that CDDL licensed work as per [1] and specifically this
> line "There are a number of other "permissive" licenses which are
> approved for use by the ASF Legal Affairs Committee. Some of these may
> require additions to NOTICE".  This is also of the understanding that
> the CDDL is one of these 'permissive' category-A licenses [2].
>
> If my understanding is correct I believe this is a good example of
> where confusion can leak in regarding LICENSE/NOTICE handling.
> Responses to these sorts of questions often do not specify whether the
> guidance is for a source release or a convenience binary distribution
> nor do the questions often specify one or the other.  So the guidance
> tends to be about a source release and projects tend to follow the
> source (largely non-bundled dependency) guidance and think it is
> sufficient for their convenience binary distributions.
>
> [1] http://www.apache.org/dev/licensing-howto.html
> [2] http://www.apache.org/legal/resolved.html#category-a
>
> Thanks
> Joe
>
> On Wed, Feb 17, 2016 at 10:53 PM, Henri Yandell <bayard@apache.org> wrote:
>> Appropriately labelled.
>>
>> High-level-speak for:
>>
>> Make sure the users is aware that a CDDL licensed piece is included in the
>> Apache work. Include the CDDL license, name of project, url to project.
>>
>> Or if only a dependency, then a note in the README to the effect that the
>> project relies upon a CDDL licensed piece of work (url to project, name of
>> project).
>>
>> Hen
>>
>>
>> On Wed, Feb 17, 2016 at 1:23 PM, Jun Rao <junrao@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> We just realized that Apache Kafka started to have a dependency on Jersey
>>> jars (https://jersey.java.net/license.html) since 0.9.0.0 released last
>>> November. Jersey is dual licensed under CDDL and GPL. From Apache's website,
>>> it says that it's ok to have a binary dependency on CDDL but the inclusion
>>> must be properly labelled. Could you clarify what exactly properly labelled
>>> means?
>>>
>>> Thanks,
>>>
>>> Jun
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message