www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Mclean (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-262) NOTICE requirements of dependencies with overly verbose NOTICE files
Date Thu, 07 Jul 2016 22:42:10 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366901#comment-15366901

Justin Mclean commented on LEGAL-262:

While including all of NOTICE is the safest/simplest way.

I also think removal of obvious things that shouldn't be there is also safe. i.e.
- Don't include ASF duplicate ASF copyright/this product developed at the ASF lines [1]
- Remove anything that should be in LICENSE (that is already there) i.e. MIT and BSD license
information [2]
- Remove any copyright lines from MIT and BSD (but not ASL 2.0) permissive licenses, who headers
are still in place in other files [3]
- Only include parts if they are bundled in your release [4]

Perhaps also politely ask / provide a patch to the upstream project to fix their NOTICE file?

1. http://www.apache.org/dev/licensing-howto.html#bundle-asf-product
2. http://www.apache.org/dev/licensing-howto.html#permissive-deps
3. http://www.apache.org/dev/licensing-howto.html#mod-notice
4. http://www.apache.org/dev/licensing-howto.html#guiding-principle

> NOTICE requirements of dependencies with overly verbose NOTICE files
> --------------------------------------------------------------------
>                 Key: LEGAL-262
>                 URL: https://issues.apache.org/jira/browse/LEGAL-262
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Andrew Wang
> We're working on cleaning up our L&N over at HADOOP-12893. One question that came
up is what we should add to our NOTICE for dependencies that have overly verbose NOTICE files.
> For example, this is the Jetty NOTICE file:
> https://github.com/eclipse/jetty.project/blob/jetty-9.3.x/NOTICE.txt
> It lists out its dependencies and licenses, but that's not what NOTICE is for. We also
already have LICENSE and NOTICE entries for all of these transitive dependencies.
> This is the Xerces NOTICE:
> https://svn.apache.org/repos/asf/xerces/java/trunk/NOTICE
> We're also an Apache project, so it seems like the ASF lines are unnecessary. The copyright
attributions also seem potentially unnecessary, considering this code was donated to the ASF
when it became an ASF project.
> Finally, here is the snappy-java NOTICE:
> https://github.com/xerial/snappy-java/blob/master/NOTICE
> These don't look like legally required notices either. 3-clause BSD doesn't require a
NOTICE IIUC, we don't need to NOTICE our own code from Hadoop, and listing contributors isn't
what NOTICE is for either. Not sure about the statically linked libstdc++, but LEGAL-230 did
clear snappy-java for ASF use.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message