[jira] Created: (LEGAL-26) LICENSE and NOTICE in svn

["Stefano Bagnara (JIRA)" <ji...@apache.org>]

LICENSE and NOTICE in svn
-------------------------

                 Key: LEGAL-26
                 URL: https://issues.apache.org/jira/browse/LEGAL-26
             Project: Legal Discuss
          Issue Type: Question
            Reporter: Stefano Bagnara


www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.

I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
-------
expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
-------

The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".

Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
http://www.apache.org/legal/src-headers.html

references:
http://markmail.org/message/jangmpbssvvd73az
http://markmail.org/message/lbhyjzh5ynizhdx3


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Henri Yandell (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732396#action_12732396 ] 

Henri Yandell commented on LEGAL-26:
------------------------------------

No consensus showing here. 

Legal PMC hat on... I'm going to propose text of:

"Not having a LICENSE/NOTICE in SVN is not against policy. It does however confuse things for contributors and users who rely on the SVN tree, so it is strongly recommended that SVN locations contributors are expected to check out contain the LICENSE and NOTICE files, or how to generate the current LICENSE and NOTICE files. "

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Roy T. Fielding (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732924#action_12732924 ] 

Roy T. Fielding commented on LEGAL-26:
--------------------------------------

I just wanted to document the rationale.

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Henri Yandell (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12615403#action_12615403 ] 

Henri Yandell commented on LEGAL-26:
------------------------------------

Not seeing a problem - in a multimodule maven project each module is its own package and should have its own LICENSE and NOTICE.

"release tags" is meaningless (by which I mean I don't know what you mean by release tags).

If you view it as pointless to have a LICENSE file in an svn co, then I think either you're saying:

* A distribution doesn't need a LICENSE either, it should just be on every file.
or:
* People shouldn't use code, or fork code, from SVN.

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Henri Yandell (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732831#action_12732831 ] 

Henri Yandell commented on LEGAL-26:
------------------------------------

Full agreement from me on your comment Roy, but I've felt many were disagreeing. I'll post to the list to state this is consensus and challenge for disagreement.

Was the FTR targeted at a particular comment/statement?

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Roy T. Fielding (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732742#action_12732742 ] 

Roy T. Fielding commented on LEGAL-26:
--------------------------------------

FTR: If a project contains source code that, as part of its copyright license, requires the retention of notices or of a specific attribution clause, then the way that we fulfill that license is by including the required notice or attribution in the NOTICE file according to the terms described in the LICENSE file.  In other words, any such distribution (which includes non-releases like snapshots or subversion) that fails to include the NOTICE and LICENSE file would not satisfy our upstream licensees and thus not be legal.

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Roy T. Fielding (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732740#action_12732740 ] 

Roy T. Fielding commented on LEGAL-26:
--------------------------------------

Consensus on the list (and board policy since before 1999) is that all distribution points have proper licensing, and the only way that can happen is if the LICENSE and NOTICE files do appear in an obvious location within subversion source code trees.  Normally that is at the top of the tree.  The contents are for that source and should be the same as for our source releases.

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Stefano Bagnara (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12619574#action_12619574 ] 

Stefano Bagnara commented on LEGAL-26:
--------------------------------------

@Henri
Yes, my personal opinion is that "People shouldn't use code, or fork code, from SVN." or better they can do that but we shouldn't "fool" them with a possibly not-up-to-date LICENSE/NOTICE files. In my opinion the PMCs cannot ensure that the LICENSE/NOTICE that are in svn are correct and updated all the time, otherwise we won't need a release procedure and we won't vote on releases but on every commit. I would prefer to have a private svn server instead of having to worry about keep updating every LICENSE/NOTICE file we have in every folder of the asf repository (related: what is a folder wrt distributions?).

@David: I don't share your source definition. IMHO we release a source package, the fact that we use an svn server to work on this sources does not make svn "the source". We don't release svn tags, we release packages. In fact we (and I think most PMCs) vote packages, not svn tags.

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["David Jencks (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12615682#action_12615682 ] 

David Jencks commented on LEGAL-26:
-----------------------------------

Roland --
English is slippery.  I don't regard what I was calling source jars to be source releases.  The projects I work on all do something like this for a release:

- produce an svn tag containing the exact stuff used to build other artifacts in a release
- use maven to build a lot of jars and a few other artifacts (tar.gz, zip) that are released.  

These built artifacts are of the following types:
- binary jars containing java class files and other goo such as configuration files
- "source" jars containing the .java source files that correspond to one of the binary jars (possibly including generated source, such as from xmlbeans or jaxb or antlr etc etc)
- "javadoc" jars containing the generated javadoc corresponding to one of the binary jars.
- distributions of a lot of the binary jars in an appropriate structure to be used, with accompanying scripts etc to run them.

For all practical purposes the "source" and "javadoc" jars are only useful in IDEs that help you navigate through binary dependencies (class inheritance for instance).  Anyone who actually wants to work on the code is going to need to check out the tag from svn in order to get the crucial information in the build system, directory layout, etc etc.

To me, all the jars, tar.gz, etc are all secondary artifacts that need accurate LICENSE and NOTICE files but are not source releases: therefore these LICENSE and NOTICE files can be generated in any way as long as they  are accurate. The only source release I see is the svn tag from which everything else is derived.  I thought the point of this jira was to establish clearly that svn tags and whatever they are copied from need accurate LICENSE and NOTICE files at or near the checkout root.

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["David Jencks (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12615452#action_12615452 ] 

David Jencks commented on LEGAL-26:
-----------------------------------

Henri, I think you missed the background or point to this question.

Most of the (java) projects I'm involved with are using the maven-remote-resources-plugin to install (often partially generated) LICENSE and NOTICE files in the generated binary, source, and javadoc jars.  Thus, each maven module does not have any complete LICENSE or NOTICE file in svn.

There were some strong statements earlier on legal-discuss that svn checkouts should be considered distributions and have appropriate LICENSE and NOTICE files.  With the use of the m-r-r-p these aren't going to be the LICENSE and NOTICE files included in the distributed jars, so what should they be?  My position is that we should only regard "complete projects" as svn distributions and these should have a single LICENSE/NOTICE file pair applying to the entire checkout.

Now, people change the code all the time and may not always update LICENSE and NOTICE files appropriately in the same commit as code changes that make existing LICENSE/NOTICE files inaccurate. In this situation all we can do is fix problems when they arise or are noticed ("best-effort").  However, for releases I think its reasonable to expect the pmc to review the accuracy of the LICENSE/NOTICE files and include that as a criterion in the release vote.  Again in all the projects I work in a release is marked by an svn tag (copy to "tags/") so to me this seems to translate to an expectation that svn tags of voted-on releases should have accurate LICENSE and NOTICE files in svn.

> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

[jira] Commented: (LEGAL-26) LICENSE and NOTICE in svn

["Roland Weber (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12615500#action_12615500 ] 

Roland Weber commented on LEGAL-26:
-----------------------------------

> Most of the (java) projects I'm involved with are
> using the maven-remote-resources-plugin to install
> (often partially generated) LICENSE and NOTICE files in
> the generated binary, source, and javadoc jars.

I have read statements that if a release artifact contains anything that is generated, it is by definition NOT a source release.
So how do you bring LICENSE and NOTICE files into real source releases that contain only the sources from which any generation starts?

cheers,
  Roland


> LICENSE and NOTICE in svn
> -------------------------
>
>                 Key: LEGAL-26
>                 URL: https://issues.apache.org/jira/browse/LEGAL-26
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> www.apache.org documentation/policy make it clear that we have to include a NOTICE/LICENSE in released package, but a question raise from time to time in mailing lists and big discussions about the need for a NOTICE/LICENSE in some svn folder.
> I personally don't like to have to do that and I don't share the legal references made to justify the existence of this policy, but I agree that most people in the legal-discuss thread back from january agreed on something along these line:
> -------
> expected svn checkout points are supposed to include LICENSE and NOTICE files at their root covering everything in the checkout, and nothing else.  These should be kept up to date via "best-effort" by the pmc and committers, and should definitely be accurate for svn tags.
> -------
> The problem with this sentence is "expected checkout" related to the "checkout points" that is not so defined. Expecially with multimodule maven project: many times people simply checkout a single module and not the whole project.
> Furthermore the "definitely be accurate for svn tags" is a problem: tags and branches in svn are simple copies. If that sentence is needed I would suggest to replace it with "for releases tags".
> Anyway my personal opinion/preference on this "policy" is worthless (I'm not a lawyer, I'm not an ASF member, I'm a simple PMC committer), I just open this issue because I would really like to see this policy, a similar policy or something telling there is not such a policy about NOTICE and LICENSE in svn trees added to this page:
> http://www.apache.org/legal/src-headers.html
> references:
> http://markmail.org/message/jangmpbssvvd73az
> http://markmail.org/message/lbhyjzh5ynizhdx3

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org