You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2017/12/20 09:56:22 UTC

[GitHub] ivankelly commented on a change in pull request #888: Rework of binary distribution licenses

ivankelly commented on a change in pull request #888: Rework of binary distribution licenses
URL: https://github.com/apache/bookkeeper/pull/888#discussion_r157979629
 
 

 ##########
 File path: bookkeeper-dist/src/assemble/bin-all.xml
 ##########
 @@ -50,6 +50,11 @@
         <include>${basedir}/*.txt</include>
       </includes>
     </fileSet>
+    <fileSet>
+      <directory>../src/main/resources/deps</directory>
 
 Review comment:
   I've moved all the NOTICE stuff into the NOTICE, so that doesn't link anywhere.
   
   The ASF licensing recommendations (http://www.apache.org/dev/licensing-howto.html#permissive-deps) actually say to bundle the license file, instead of putting directly in the LICENSE file unless the license is very short. I actually prefer it like this. 
   https://github.com/ivankelly/bookkeeper/blob/license-rework/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt is easier to read than https://github.com/apache/bookkeeper/blob/master/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt. 
   
   LICENSE-all.bin.txt would get huge if we flattened them all. I'm particularly eager to keep the CDDL out of it, that license is huge.
   
   > The check script should parse pom files or the assemble tarballs to see what dependencies are included, and fetch their corresponding notices and 
   
   We should check on the final output (i.e. the assemble tarball) as that is what we distribute. 
   
   > verify if the NOTICE file includes all dependencies or not and if their licenses are matched and notices are attached.
   
   This verification is very hard to do in an automated fashion. How will a machine know that the protobuf license contains stuff that isn't relevant? How will it work out which part of the netty NOTICE needs to be pulled in and which doesn't?
   
   It's not hard for a human, but the human will need guidelines which we should put in the wiki.
   
   I've added a check to the script to check if the bundled license files are linked, and ensure all linked files exist.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services