www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Yandell <bay...@apache.org>
Subject Re: Re: wicket git commit: Update license information
Date Fri, 18 Mar 2016 16:48:27 GMT
Inline.

On Fri, Mar 18, 2016 at 2:27 AM, Martijn Dashorst <
martijn.dashorst@gmail.com> wrote:

> What the actual question is:
>
>  - we have a module M that has a dependency on a EPL licensed binary A
>  - we don't ship our dependencies in our source tars
>  - we do publish a convenience binary for an example project E that
> includes the combination of our module M and the EPL licensed binary A
>

All of this seems to fit with:
http://www.apache.org/legal/resolved.html#category-b


>
> Wicket is a Java multi-module project that uses Maven for the dependency
> management and we just publish tar balls the source code of our project as
> release artifacts, and deploy convenience binaries to Maven Central of each
> sub-module. We don't ship any third-party binaries with our source tar
> balls, nor publish any of those to Maven Central, *apart* from the
> aforementioned examples project, that by virtue of its purpose aggregates
> all dependencies of our modules.
>
> Questions:
>
> - Do we need to add an EPL notice to the notice of our source tars?
>

No, not if the EPL bytes are not present.


> - Do we need to add the EPL to the license file of our source tars?
>

No, not if the EPL bytes are not present.


> - What are the things we need to do for the example project?
>

Include the EPL license.

I woudl also point to where the user can get the EPL source (the home page
of AspectJ should be fine) - to match the intent of section 3(iv) in the
EPL.


> - How would life be easier if we wouldn't publish the example project to
> maven central?
>

Doesn't seem that there should be undue stress from the above, so I'm not
understanding


>
> The general tenet of these questions is:
> - if we have an external dependency on a 3rd party library that is managed
> outside our distribution through a package management system (i.e. Maven),
> - the dependency is not optional for a given module (however users are
> free to consider the module optional)
> - do we need to add this 3rd party dependency's requirements for notice
> and license files?
>

My view is that we should when that 3rd party's library license would be a
surprise/affect the whole. Covered more formally here:
http://www.apache.org/legal/resolved.html#criteria

An EPL'd jar is, for typical uses, not going to cause any surprises (i.e.
it'd be unusual for someone to edit a jar file directly in such a way that
they felt they had 'lost' their changes to the required licensing).


>
> IANAL so that is why we ask here, but in my understanding, as long as we
> don't actually ship the 3rd party library with our code base because is
> managed externally, we don't have to add the library's notice and license
> requirements.
>

Probably, and yes in this use case, though bear in mind the no surprise
principle.

For example, if our code base required a commercial, money required,
library, and the user only finds out 30 days into using our code, then I
would absolutely want that highlighted prominently to avoid surprise
(assuming we'd even be happy with such a thing as a community - it's a
conceived example :) ).  If however our code base is written for a
commercial operating system, it seems unlikely the user would be surprised
as it was implicit in the context of their choice to download the software
(and also probably prominently highlighted as a part of downloading).

Hen

Mime
View raw message