Return-Path: 
 <legal-discuss-return-2518-apmail-legal-discuss-archive=apache.org@apache.org>
Delivered-To: apmail-legal-discuss-archive@www.apache.org
Received: (qmail 33511 invoked from network); 10 Mar 2008 18:44:50 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 10 Mar 2008 18:44:50 -0000
Received: (qmail 51993 invoked by uid 500); 10 Mar 2008 18:44:45 -0000
Delivered-To: apmail-legal-discuss-archive@apache.org
Received: (qmail 51851 invoked by uid 500); 10 Mar 2008 18:44:45 -0000
Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:legal-discuss-help@apache.org>
List-Unsubscribe: <mailto:legal-discuss-unsubscribe@apache.org>
List-Post: <mailto:legal-discuss@apache.org>
List-Id: <legal-discuss.apache.org>
Delivered-To: mailing list legal-discuss@apache.org
Received: (qmail 51796 invoked by uid 99); 10 Mar 2008 18:44:45 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Mar 2008 11:44:45 -0700
X-ASF-Spam-Status: No, hits=3.8 required=10.0
	tests=HTML_MESSAGE,MIME_QP_LONG_LINE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [98.136.44.58] (HELO smtp103.prem.mail.sp1.yahoo.com)
 (98.136.44.58)
    by apache.org (qpsmtpd/0.29) with SMTP; Mon, 10 Mar 2008 18:43:54 +0000
Received: (qmail 44114 invoked from network); 10 Mar 2008 18:44:14 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Received:X-Yahoo-Newman-Property:Mime-Version:To:Message-Id:Content-Type:Cc:Subject:From:Date:X-Mailer;
  b=suyp9LexwJzBYJBKEtHVGt6POwYSpcRUyA2y52cyW4nwPhUCVRmbByurA8qAK7McZadbZQ64FsTiTbV3Jp3YW+XW6uynpqPHPbKLLbJAE4OhC43LE2QSeHj91HgBcoHL41RtRSK3i50EgSoneQt7VF03HG/MXRZNTrq9U+5xnxE=
  ;
Received: from unknown (HELO ?192.168.1.103?) (david_jencks@67.102.173.8 with
 plain)
  by smtp103.prem.mail.sp1.yahoo.com with SMTP; 10 Mar 2008 18:44:12 -0000
X-Yahoo-Newman-Property: ymail-3
Mime-Version: 1.0 (Apple Message framework v753)
To: Legal Discuss <legal-discuss@apache.org>
Message-Id: <77DFE643-F330-4F72-A397-95BBB5B6F25C@yahoo.com>
Content-Type: multipart/alternative; boundary=Apple-Mail-30--765778974
Cc: Maven Developers List <dev@maven.apache.org>
Subject: Legal files and maven automation
From: David Jencks <david_jencks@yahoo.com>
Date: Mon, 10 Mar 2008 11:44:47 -0700
X-Mailer: Apple Mail (2.753)
X-Virus-Checked: Checked by ClamAV on apache.org

--Apple-Mail-30--765778974
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

IIUC we've previously agreed that the only LICENSE and NOTICE files  
that actually need to be in svn are at the root of expected checkouts  
such as trunk, branches/xxx, and tags/xxx; all other LICENSE and  
NOTICE files in distributable artifacts can be generated by some  
process.  Projects that use maven often want to use the maven-remote- 
resources-plugin to generate these files since typically many of them  
are identical.

Furthermore as Roy pointed out recently the NOTICE file should be  
really really minimal and only include information relevant to what  
is actually in the distribution unit such as a jar.  There's been a  
lot of complaint about the resource bundles typically used with  the  
maven-remote-resources-plugin since the NOTICE files include  
essentially a list of the transitive dependencies of the maven  
project.  I think many people find this dependency information useful  
but it clearly does not belong in the NOTICE file.

At Geronimo I've developed a resource bundle that attempts to address  
these issues.  I'd like to find out if there are any objections to it  
and if not propose it as the standard resource bundle for use at  
apache by the maven-remote-resources-plugin.  Right now its in the  
voting stage of release and can be checked out at

https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4/ 
legal-bundle
and viewed at
http://people.apache.org/~djencks/staging-repo/org/apache/geronimo/ 
genesis/legal-bundle/1.4/legal-bundle-1.4.jar


Here's what it does:
By default, the LICENSE file is the standard apache license.  The  
NOTICE file is generated from a velocity template; here's an example  
of the output (between ----- lines which are not included)
------------------------------------------------------
Geronimo :: Directory Plugin
Copyright 2003-2008 Apache Software Foundation
This product includes software developed at
Apache Software Foundation (http://www.apache.org/).
------------------------------------------------------

In the 99% of the time when this is the correct LICENSE and NOTICE,  
that's all you do.  In the remaining 1% of the time where additional  
information is needed appended to these standard files, you put the  
additions in
src/main/appended-resources/LICENSE
and
src/main/appended-resources/NOTICE

In the remaining 0.1% of the time where the standard files are not  
correct you can arrange by other means to insert custom LICENSE and  
NOTICE files.

In addition, there is a generated DEPENDENCIES file that lists the  
transitive dependencies of the project, determined from the poms,  
organized by organization, with the known license info.  Here's an  
example of such a DEPENDENCIES file:

// ------------------------------------------------------------------
// Transitive dependencies of this project determined from the
// maven pom organized by organization.
// ------------------------------------------------------------------

Genesis Plugins :: Tools
From: 'an unknown organization'
   - Unnamed - ant:ant:jar:1.6.5  ant:ant:jar:1.6.5

   - Unnamed - junit:junit:jar:3.8.1  junit:junit:jar:3.8.1


From: 'Apache Software Foundation' (http://www.apache.org/)
   - Maven Artifact (http://maven.apache.org/maven-artifact)  
org.apache.maven:maven-artifact:jar:2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Artifact Manager (http://maven.apache.org/maven-artifact- 
manager) org.apache.maven:maven-artifact-manager:jar:2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Model (http://maven.apache.org/maven-model)  
org.apache.maven:maven-model:jar:2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Plugin API (http://maven.apache.org/maven-plugin-api)  
org.apache.maven:maven-plugin-api:jar:2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Profile Model (http://maven.apache.org/maven-profile)  
org.apache.maven:maven-profile:jar:2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Project Builder (http://maven.apache.org/maven-project)  
org.apache.maven:maven-project:jar:2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Repository Metadata Model (http://maven.apache.org/maven- 
repository-metadata) org.apache.maven:maven-repository-metadata:jar: 
2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Local Settings Model (http://maven.apache.org/maven- 
settings) org.apache.maven:maven-settings:jar:2.0.4
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)
   - Maven Wagon API  org.apache.maven.wagon:wagon-provider-api:jar: 
1.0-alpha-6
     License: The Apache Software License, Version 2.0  (http:// 
www.apache.org/licenses/LICENSE-2.0.txt)

From: 'Codehaus' (http://codehaus.org)
   - Plugin Support (http://mojo.codehaus.org/plugin-support)  
org.codehaus.mojo:plugin-support:jar:1.0-alpha-1


From: 'Codehaus' (http://www.codehaus.org/)
   - Default Plexus Container  org.codehaus.plexus:plexus-container- 
default:jar:1.0-alpha-9

   - Plexus Common Utilities  org.codehaus.plexus:plexus-utils:jar:1.2


From: 'The Apache Software Foundation' (http://jakarta.apache.org)
   - Commons JEXL (http://jakarta.apache.org/commons/jexl/) commons- 
jexl:commons-jexl:jar:1.1
     License: The Apache Software License, Version 2.0  (/LICENSE.txt)
   - Lang (http://jakarta.apache.org/commons/lang/) commons- 
lang:commons-lang:jar:2.3
     License: The Apache Software License, Version 2.0  (/LICENSE.txt)
   - Logging (http://jakarta.apache.org/commons/logging/) commons- 
logging:commons-logging:jar:1.0.4
     License: The Apache Software License, Version 2.0  (/LICENSE.txt)

From: 'The Codehaus' (http://codehaus.org/)
   - classworlds (http://classworlds.codehaus.org/)  
classworlds:classworlds:jar:1.1-alpha-2


------------------------------------------------------------------

As with any resource bundle for the m-r-r-p, you can supply missing  
information such as organization and license in a src/main/remote- 
resources/supplemental-models.xml file.

------------------------------------------------------------------
Note on javaee5 artifacts:
Some javaee5 artifacts such as wars and ears when built by maven  
usually physically include all or some of the dependencies of the  
maven project.  While it might be nice to have the m-r-r-p roll up  
the LICENSE and NOTICE files from the contents and come up with  
something, that is out of scope of this proposal.  I expect anyone  
building such an assembly will examine the contents and construct by  
hand suitable files to append to the standard LICENSE and NOTICE files.

------------------------------------------------------------------
Objections? Comments?

many thanks
david jencks



--Apple-Mail-30--765778974
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">IIUC we've previously agreed =
that the only LICENSE and NOTICE files that actually need to be in svn =
are at the root of expected checkouts such as trunk, branches/xxx, and =
tags/xxx; all other LICENSE and NOTICE files in distributable artifacts =
can be generated by some process. =A0Projects that use maven often want =
to use the maven-remote-resources-plugin to generate these files since =
typically many of them are identical.<div><br =
class=3D"webkit-block-placeholder"></div><div>Furthermore as Roy pointed =
out recently the NOTICE file should be really really minimal and only =
include information relevant to what is actually in the distribution =
unit such as a jar. =A0There's been a lot of complaint about the =
resource bundles typically used with =A0the =
maven-remote-resources-plugin since the NOTICE files include essentially =
a list of the transitive dependencies of the maven project. =A0I think =
many people find this dependency information useful but it clearly does =
not belong in the NOTICE file.</div><div><br =
class=3D"webkit-block-placeholder"></div><div>At Geronimo I've developed =
a resource bundle that attempts to address these issues. =A0I'd like to =
find out if there are any objections to it and if not propose it as the =
standard resource bundle for use at apache by the =
maven-remote-resources-plugin. =A0Right now its in the voting stage of =
release and can be checked out at</div><div><br =
class=3D"webkit-block-placeholder"></div><div><a =
href=3D"https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4=
/legal-bundle">https://svn.apache.org/repos/asf/geronimo/genesis/tags/gene=
sis-1.4/legal-bundle</a></div><div>and viewed at</div><div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" style=3D"font: =
12.0px Helvetica"><a =
href=3D"http://people.apache.org/~djencks/staging-repo/org/apache/geronimo=
/genesis/legal-bundle/1.4/legal-bundle-1.4.jar">http://people.apache.org/~=
djencks/staging-repo/org/apache/geronimo/genesis/legal-bundle/1.4/legal-bu=
ndle-1.4.jar</a></font></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><br =
class=3D"webkit-block-placeholder"></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Here's what =
it does:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">By default, the LICENSE file is =
the standard apache license. =A0The NOTICE file is generated from a =
velocity template; here's an example of the output (between ----- lines =
which are not included)</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
">------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><div>Geronimo :: Directory =
Plugin</div><div>Copyright 2003-2008 Apache Software =
Foundation</div><div>This product includes software developed =
at</div><div>Apache Software Foundation (<a =
href=3D"http://www.apache.org">http://www.apache.org</a>/).</div><div>----=
--------------------------------------------------</div></div></div><div><=
br class=3D"webkit-block-placeholder"></div><div>In the 99% of the time =
when this is the correct LICENSE and NOTICE, that's all you do. =A0In =
the remaining 1% of the time where additional information is needed =
appended to these standard files, you put the additions =
in=A0</div><div>src/main/appended-resources/LICENSE</div><div>and</div><di=
v>src/main/appended-resources/NOTICE</div><div><br =
class=3D"webkit-block-placeholder"></div><div>In the remaining 0.1% of =
the time where the standard files are not correct you can arrange by =
other means to insert custom LICENSE and NOTICE files.</div><div><br =
class=3D"webkit-block-placeholder"></div><div>In addition, there is a =
generated DEPENDENCIES file that lists the transitive dependencies of =
the project, determined from the poms, organized by organization, with =
the known license info. =A0Here's an example of such a DEPENDENCIES =
file:</div><div><br class=3D"webkit-block-placeholder"></div><div><div>// =
------------------------------------------------------------------</div><d=
iv>// Transitive dependencies of this project determined from =
the</div><div>// maven pom organized by organization.</div><div>// =
------------------------------------------------------------------</div><d=
iv><br class=3D"webkit-block-placeholder"></div><div>Genesis Plugins :: =
Tools</div><div>From: 'an unknown organization'</div><div>=A0=A0- =
Unnamed - ant:ant:jar:1.6.5 =A0ant:ant:jar:1.6.5</div><div><br =
class=3D"webkit-block-placeholder"></div><div>=A0=A0- Unnamed - =
junit:junit:jar:3.8.1 =A0junit:junit:jar:3.8.1</div><div><br =
class=3D"webkit-block-placeholder"></div><div>=A0=A0 =A0</div><div>From: =
'Apache Software Foundation' (<a =
href=3D"http://www.apache.org">http://www.apache.org</a>/)</div><div>=A0=A0=
- Maven Artifact (<a =
href=3D"http://maven.apache.org/maven-artifact">http://maven.apache.org/ma=
ven-artifact</a>) org.apache.maven:maven-artifact:jar:2.0.4</div><div>=A0=A0=
 =A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Artifact =
Manager (<a =
href=3D"http://maven.apache.org/maven-artifact-manager">http://maven.apach=
e.org/maven-artifact-manager</a>) =
org.apache.maven:maven-artifact-manager:jar:2.0.4</div><div>=A0=A0 =
=A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Model (<a =
href=3D"http://maven.apache.org/maven-model">http://maven.apache.org/maven=
-model</a>) org.apache.maven:maven-model:jar:2.0.4</div><div>=A0=A0 =
=A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Plugin API (<a =
href=3D"http://maven.apache.org/maven-plugin-api">http://maven.apache.org/=
maven-plugin-api</a>) =
org.apache.maven:maven-plugin-api:jar:2.0.4</div><div>=A0=A0 =A0License: =
The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Profile Model =
(<a =
href=3D"http://maven.apache.org/maven-profile">http://maven.apache.org/mav=
en-profile</a>) org.apache.maven:maven-profile:jar:2.0.4</div><div>=A0=A0 =
=A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Project =
Builder (<a =
href=3D"http://maven.apache.org/maven-project">http://maven.apache.org/mav=
en-project</a>) org.apache.maven:maven-project:jar:2.0.4</div><div>=A0=A0 =
=A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Repository =
Metadata Model (<a =
href=3D"http://maven.apache.org/maven-repository-metadata">http://maven.ap=
ache.org/maven-repository-metadata</a>) =
org.apache.maven:maven-repository-metadata:jar:2.0.4</div><div>=A0=A0 =
=A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Local Settings =
Model (<a =
href=3D"http://maven.apache.org/maven-settings">http://maven.apache.org/ma=
ven-settings</a>) org.apache.maven:maven-settings:jar:2.0.4</div><div>=A0=A0=
 =A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0- Maven Wagon API =
=A0org.apache.maven.wagon:wagon-provider-api:jar:1.0-alpha-6</div><div>=A0=
=A0 =A0License: The Apache Software License, Version 2.0 =A0(<a =
href=3D"http://www.apache.org/licenses/LICENSE-2.0.txt">http://www.apache.=
org/licenses/LICENSE-2.0.txt</a>)</div><div>=A0=A0 =A0</div><div>From: =
'Codehaus' (<a =
href=3D"http://codehaus.org">http://codehaus.org</a>)</div><div>=A0=A0- =
Plugin Support (<a =
href=3D"http://mojo.codehaus.org/plugin-support">http://mojo.codehaus.org/=
plugin-support</a>) =
org.codehaus.mojo:plugin-support:jar:1.0-alpha-1</div><div><br =
class=3D"webkit-block-placeholder"></div><div>=A0=A0 =A0</div><div>From: =
'Codehaus' (<a =
href=3D"http://www.codehaus.org">http://www.codehaus.org</a>/)</div><div>=A0=
=A0- Default Plexus Container =
=A0org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9</div><div>=
<br class=3D"webkit-block-placeholder"></div><div>=A0=A0- Plexus Common =
Utilities =A0org.codehaus.plexus:plexus-utils:jar:1.2</div><div><br =
class=3D"webkit-block-placeholder"></div><div>=A0=A0 =A0</div><div>From: =
'The Apache Software Foundation' (<a =
href=3D"http://jakarta.apache.org">http://jakarta.apache.org</a>)</div><di=
v>=A0=A0- Commons JEXL (<a =
href=3D"http://jakarta.apache.org/commons/jexl/">http://jakarta.apache.org=
/commons/jexl/</a>) commons-jexl:commons-jexl:jar:1.1</div><div>=A0=A0 =
=A0License: The Apache Software License, Version 2.0 =
=A0(/LICENSE.txt)</div><div>=A0=A0- Lang (<a =
href=3D"http://jakarta.apache.org/commons/lang/">http://jakarta.apache.org=
/commons/lang/</a>) commons-lang:commons-lang:jar:2.3</div><div>=A0=A0 =
=A0License: The Apache Software License, Version 2.0 =
=A0(/LICENSE.txt)</div><div>=A0=A0- Logging (<a =
href=3D"http://jakarta.apache.org/commons/logging/">http://jakarta.apache.=
org/commons/logging/</a>) =
commons-logging:commons-logging:jar:1.0.4</div><div>=A0=A0 =A0License: =
The Apache Software License, Version 2.0 =A0(/LICENSE.txt)</div><div>=A0=A0=
 =A0</div><div>From: 'The Codehaus' (<a =
href=3D"http://codehaus.org">http://codehaus.org</a>/)</div><div>=A0=A0- =
classworlds (<a =
href=3D"http://classworlds.codehaus.org">http://classworlds.codehaus.org</=
a>/) classworlds:classworlds:jar:1.1-alpha-2</div><div><br =
class=3D"webkit-block-placeholder"></div><div>=A0=A0 =
=A0</div><div>------------------------------------------------------------=
------</div><div><br class=3D"webkit-block-placeholder"></div><div>As =
with any resource bundle for the m-r-r-p, you can supply missing =
information such as organization and license in a =
src/main/remote-resources/supplemental-models.xml file.</div><div><br =
class=3D"webkit-block-placeholder"></div><div>----------------------------=
--------------------------------------</div><div>Note on javaee5 =
artifacts:</div><div>Some javaee5 artifacts such as wars and ears when =
built by maven usually physically include all or some of the =
dependencies of the maven project. =A0While it might be nice to have the =
m-r-r-p roll up the LICENSE and NOTICE files from the contents and come =
up with something, that is out of scope of this proposal. =A0I expect =
anyone building such an assembly will examine the contents and construct =
by hand suitable files to append to the standard LICENSE and NOTICE =
files.</div><div><br =
class=3D"webkit-block-placeholder"></div><div>----------------------------=
--------------------------------------</div><div>Objections? =
Comments?</div><div><br class=3D"webkit-block-placeholder"></div><div>many=
 thanks</div><div>david jencks</div><div><br =
class=3D"webkit-block-placeholder"></div></div><div><br =
class=3D"webkit-block-placeholder"></div></body></html>=

--Apple-Mail-30--765778974--