You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by Alex Harui <ah...@adobe.com> on 2015/06/12 01:15:56 UTC
LICENSE and NOTICE for EXE and DMG files
Hi,
For one of our releases, the “convenience binary” is an application, IOW,
an EXE on Windows or a DMG file on Mac. A PMC member is claiming that
this distribution needs a LICENSE and NOTICE file per [1] that describes
the 3rd-party dependencies that were downloaded (and not bundled in the
source distribution) in the compiling and linking of the application. I
would think that for non-Java Windows and Mac applications, where the bits
of the 3rd-party dependencies aren't really separable would be an
exception to this rule.
Thoughts?
-Alex
[1] 1. http://www.apache.org/dev/licensing-howto.html#guiding-principle
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: LICENSE and NOTICE for EXE and DMG files
Posted by Ted Dunning <te...@gmail.com>.
On Thu, Jun 11, 2015 at 11:42 PM, Alex Harui <ah...@adobe.com> wrote:
>
> Interesting. I thought an application wasn’t a derivative work because
> (from the AL):
>
> "Derivative Works shall not include works that remain
> separable from, or merely link (or bind by name) to the interfaces of,
> the Work and Derivative Works thereof.”
>
> Now one of the downloaded libraries we link to is BSD and BSD doesn’t seem
> to be so clear on how they define derivative works. How have other
> projects handled this? Must you have a popup in your GUI that displays
> LICENSE and NOTICE? Can you co-locate LICENSE and NOTICE in the same
> folder as the EXE on dist.a.o? Can you point folks to a web page with the
> LICENSE and NOTICE text in it?
IANAL, but derivative work is a very simple concept. A binary formed by
compiling source code is *definitely* a derivative work (could you create
it without reference to the source code?)
The splash screen on Adobe products is a good example of one way to attach
a notice. That can refer to a file in the executables folder (on a Mac).
Another option is to put a menu item under Help that lets you pop up a
window containing all the notices.
Note that the notices on a convenience binary are typically different from
the notices on the source.
Re: LICENSE and NOTICE for EXE and DMG files
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
> On Jun 12, 2015, at 2:01 PM, Alex Harui <ah...@adobe.com> wrote:
>
> On 6/12/15, 1:29 PM, "Roy T. Fielding" <fi...@gbiv.com> wrote:
>> Nobody cares about the details. Just follow the intent and we are fine.
>> It is usually sufficient to provide the file separately if each separable
>> part contains summary+links back to the long form, but that is only done
>> when there is a definite reason why the LICENSE and NOTICE cannot be
>> embedded
>> inside the distributed artifact.
>
> OK, thanks. One more question while I have folks’ attention:
>
> This is not the first release of this product. What is the Apache policy
> on IP issues found in already-shipped releases? Do projects have to go
> back and fix them? Remove the artifacts from dist and archive? Or just
> fix it in the next release? I’m not talking about any really big issue
> like bundling GPL or proprietary code, but for releases where we realize
> now that we didn’t follow the L & N How-to correctly.
They are convenience binaries, not releases. We should not have any old ones
laying around apache.org, unless they are needed for testing. If so, you can
stick them in a subdirectory with the appropriate notices beside them.
It would only be a major concern if one of the copyright owners complain,
in which case we would probably delete them.
....Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: LICENSE and NOTICE for EXE and DMG files
Posted by Alex Harui <ah...@adobe.com>.
On 6/12/15, 1:29 PM, "Roy T. Fielding" <fi...@gbiv.com> wrote:
>Nobody cares about the details. Just follow the intent and we are fine.
>It is usually sufficient to provide the file separately if each separable
>part contains summary+links back to the long form, but that is only done
>when there is a definite reason why the LICENSE and NOTICE cannot be
>embedded
>inside the distributed artifact.
OK, thanks. One more question while I have folks’ attention:
This is not the first release of this product. What is the Apache policy
on IP issues found in already-shipped releases? Do projects have to go
back and fix them? Remove the artifacts from dist and archive? Or just
fix it in the next release? I’m not talking about any really big issue
like bundling GPL or proprietary code, but for releases where we realize
now that we didn’t follow the L & N How-to correctly.
Thanks in advance,
-Alex
Re: LICENSE and NOTICE for EXE and DMG files
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
> On Jun 11, 2015, at 11:42 PM, Alex Harui <ah...@adobe.com> wrote:
> On 6/11/15, 4:37 PM, "Roy T. Fielding" <fi...@gbiv.com> wrote:
>
>>> On Jun 11, 2015, at 4:15 PM, Alex Harui <ah...@adobe.com> wrote:
>>>
>>> Hi,
>>>
>>> For one of our releases, the “convenience binary” is an application,
>>> IOW,
>>> an EXE on Windows or a DMG file on Mac. A PMC member is claiming that
>>> this distribution needs a LICENSE and NOTICE file per [1] that describes
>>> the 3rd-party dependencies that were downloaded (and not bundled in the
>>> source distribution) in the compiling and linking of the application. I
>>> would think that for non-Java Windows and Mac applications, where the
>>> bits
>>> of the 3rd-party dependencies aren't really separable would be an
>>> exception to this rule.
>>>
>>> Thoughts?
>>> -Alex
>>>
>>>
>>> [1] 1. http://www.apache.org/dev/licensing-howto.html#guiding-principle
>>
>> We have to obey all of the requirements of all of the bits in the
>> distribution
>> that might be copyrighted, including our own and anyone else's.
>> How that is accomplished, precisely, depends on all of those bits.
>>
>> For the Apache License, distribution in binary form requires:
>>
>> (a) You must give any other recipients of the Work or
>> Derivative Works a copy of this License; and
>>
>> (d) If the Work includes a "NOTICE" text file as part of its
>> distribution, then any Derivative Works that You distribute must
>> include a readable copy of the attribution notices contained
>> within such NOTICE file, excluding those notices that do not
>> pertain to any part of the Derivative Works, in at least one
>> of the following places: within a NOTICE text file distributed
>> as part of the Derivative Works; within the Source form or
>> documentation, if provided along with the Derivative Works; or,
>> within a display generated by the Derivative Works, if and
>> wherever such third-party notices normally appear. The contents
>> of the NOTICE file are for informational purposes only and
>> do not modify the License. You may add Your own attribution
>> notices within Derivative Works that You distribute, alongside
>> or as an addendum to the NOTICE text from the Work, provided
>> that such additional attribution notices cannot be construed
>> as modifying the License.
>>
>> I hope that helps,
>
> Interesting. I thought an application wasn’t a derivative work because
> (from the AL):
>
> "Derivative Works shall not include works that remain
> separable from, or merely link (or bind by name) to the interfaces of,
> the Work and Derivative Works thereof.”
That isn't relevant here -- the compiled version of our software is a derivative
work of our software, and the compiled version of any libraries you happen to
include in that application or EXE are derived works of wherever they came from.
We have to obey the requirements of the copyright owners of every copyrightable
bit in the distribution package, each according to the license assigned by their
copyright owner, in order to legally distribute that package.
> Now one of the downloaded libraries we link to is BSD and BSD doesn’t seem
> to be so clear on how they define derivative works. How have other
> projects handled this? Must you have a popup in your GUI that displays
> LICENSE and NOTICE? Can you co-locate LICENSE and NOTICE in the same
> folder as the EXE on dist.a.o? Can you point folks to a web page with the
> LICENSE and NOTICE text in it?
BSD with the advertising clause requires the advertising to be added to NOTICE,
as requested. Just follow the instructions. There isn't any one way to do it,
but most groups follow the habits of their community (e.g., java folks add them
to the manifest so they get loaded on top of a jar, EXE folks use a static array
or build tool to place them at the top of bottom of the EXE, programs with a UI
usually have an About box somewhere, etc). A DMG is a compressed disk -- just
include the files inside that disk when the DMG is created.
Nobody cares about the details. Just follow the intent and we are fine.
It is usually sufficient to provide the file separately if each separable
part contains summary+links back to the long form, but that is only done
when there is a definite reason why the LICENSE and NOTICE cannot be embedded
inside the distributed artifact.
....Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
RE: LICENSE and NOTICE for EXE and DMG files
Posted by "Dennis E. Hamilton" <de...@acm.org>.
I am confused about the ambiguous use of "BSD" below.
If I understand the discussion at other places on this list, binaries are subject to the copyright and the notices applicable to components that pertain to the source codes from which they are derived, whether or not those source codes are part of the ASF Project release.
This means to me that if you embed code in the binary that is not part of the ASF Project source release, then the license applicable to that binary component need to be honored, and this might have to be reflected in LICENSE and NOTICE files that are part of the distributed binary. In addition, many licenses specify how notices are to be made with respect to binaries as a kind of attribution condition. Terms of those licenses often specify a notice requirement.
So, to Alex's original question, yes, there must be a LICENSE and NOTICE and perhaps other files that are part of the configured executable installation that account for what is installed, not just what the ASF Project source release contains.
The specifics of this will depend on the nature of the binary distribution and the additional bits that are not part of the ASF project source.
I think the key has to do with where you are standing in the matter of serving the public interest and honoring the contributors of the works your project depends upon. It is good to be exemplary of how this is done well.
Additional comment in-line.
-----Inline Comments Below To-----
From: Alex Harui [mailto:aharui@adobe.com]
Sent: Thursday, June 11, 2015 23:43
To: legal-discuss@apache.org
Subject: Re: LICENSE and NOTICE for EXE and DMG files
[ ... ]
Now one of the downloaded libraries we link to is BSD and BSD doesn’t seem
to be so clear on how they define derivative works. How have other
projects handled this? Must you have a popup in your GUI that displays
LICENSE and NOTICE? Can you co-locate LICENSE and NOTICE in the same
folder as the EXE on dist.a.o? Can you point folks to a web page with the
LICENSE and NOTICE text in it?
<orcmid>
I don't understand what it means to say that "one of the downloaded libraries we link to is BSD."
Do you mean that a BSD-licensed library (a .lib or .dll or other kind of shared or embedded library) is incorporated in the build of the binary distribution?
Or do you download the source and compile it into the binary even though it is not part of the ASF Project released source code?
I think you need to account for it either way, such that the terms of the BSD license are honored. There are various ways that honor the requirement that "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution." Ideally, the corresponding terms of other license (including ALv2) can be honored together by common means.
I suggest investigation of how other projects and software products accomplish this.
If your product operates in a GUI, there will be a variety of ways to provide the necessary information. It will be different with a console/terminal/command-line program. In all cases, you'll (also) want LICENSE, NOTICE and possibly other files at the location where the installed binaries are configured for operation on the target platform.
</orcmid>
Thanks,
-Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: LICENSE and NOTICE for EXE and DMG files
Posted by Sam Ruby <ru...@intertwingly.net>.
On Fri, Jun 12, 2015 at 2:42 AM, Alex Harui <ah...@adobe.com> wrote:
>
> On 6/11/15, 4:37 PM, "Roy T. Fielding" <fi...@gbiv.com> wrote:
>>
>>We have to obey all of the requirements of all of the bits in the
>>distribution
>>that might be copyrighted, including our own and anyone else's.
>>How that is accomplished, precisely, depends on all of those bits.
>>
> Interesting. I thought an application wasn’t a derivative work because
> (from the AL):
>
> "Derivative Works shall not include works that remain
> separable from, or merely link (or bind by name) to the interfaces of,
> the Work and Derivative Works thereof.”
>
> Now one of the downloaded libraries we link to is BSD and BSD doesn’t seem
> to be so clear on how they define derivative works.
Forgive me, but I think you are starting at the wrong place.
Some licenses will place additional restrictions based on how the
"bits" are used. Some don't. Those that do will generally define the
terms used by those definitions.
The place to start is with the license in question, not with
definition of term that may relevant to other licenses.
Here is an example of a license that does not depend on what
definition you may use for 'derivative work':
http://www.wtfpl.net/about/
BSD's "three clauses" are clear. The second one is specific to binary
redistributions.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: LICENSE and NOTICE for EXE and DMG files
Posted by Alex Harui <ah...@adobe.com>.
On 6/11/15, 4:37 PM, "Roy T. Fielding" <fi...@gbiv.com> wrote:
>> On Jun 11, 2015, at 4:15 PM, Alex Harui <ah...@adobe.com> wrote:
>>
>> Hi,
>>
>> For one of our releases, the “convenience binary” is an application,
>>IOW,
>> an EXE on Windows or a DMG file on Mac. A PMC member is claiming that
>> this distribution needs a LICENSE and NOTICE file per [1] that describes
>> the 3rd-party dependencies that were downloaded (and not bundled in the
>> source distribution) in the compiling and linking of the application. I
>> would think that for non-Java Windows and Mac applications, where the
>>bits
>> of the 3rd-party dependencies aren't really separable would be an
>> exception to this rule.
>>
>> Thoughts?
>> -Alex
>>
>>
>> [1] 1. http://www.apache.org/dev/licensing-howto.html#guiding-principle
>
>We have to obey all of the requirements of all of the bits in the
>distribution
>that might be copyrighted, including our own and anyone else's.
>How that is accomplished, precisely, depends on all of those bits.
>
>For the Apache License, distribution in binary form requires:
>
> (a) You must give any other recipients of the Work or
> Derivative Works a copy of this License; and
>
> (d) If the Work includes a "NOTICE" text file as part of its
> distribution, then any Derivative Works that You distribute must
> include a readable copy of the attribution notices contained
> within such NOTICE file, excluding those notices that do not
> pertain to any part of the Derivative Works, in at least one
> of the following places: within a NOTICE text file distributed
> as part of the Derivative Works; within the Source form or
> documentation, if provided along with the Derivative Works; or,
> within a display generated by the Derivative Works, if and
> wherever such third-party notices normally appear. The contents
> of the NOTICE file are for informational purposes only and
> do not modify the License. You may add Your own attribution
> notices within Derivative Works that You distribute, alongside
> or as an addendum to the NOTICE text from the Work, provided
> that such additional attribution notices cannot be construed
> as modifying the License.
>
>I hope that helps,
Interesting. I thought an application wasn’t a derivative work because
(from the AL):
"Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.”
Now one of the downloaded libraries we link to is BSD and BSD doesn’t seem
to be so clear on how they define derivative works. How have other
projects handled this? Must you have a popup in your GUI that displays
LICENSE and NOTICE? Can you co-locate LICENSE and NOTICE in the same
folder as the EXE on dist.a.o? Can you point folks to a web page with the
LICENSE and NOTICE text in it?
Thanks,
-Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: LICENSE and NOTICE for EXE and DMG files
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
> On Jun 11, 2015, at 4:15 PM, Alex Harui <ah...@adobe.com> wrote:
>
> Hi,
>
> For one of our releases, the “convenience binary” is an application, IOW,
> an EXE on Windows or a DMG file on Mac. A PMC member is claiming that
> this distribution needs a LICENSE and NOTICE file per [1] that describes
> the 3rd-party dependencies that were downloaded (and not bundled in the
> source distribution) in the compiling and linking of the application. I
> would think that for non-Java Windows and Mac applications, where the bits
> of the 3rd-party dependencies aren't really separable would be an
> exception to this rule.
>
> Thoughts?
> -Alex
>
>
> [1] 1. http://www.apache.org/dev/licensing-howto.html#guiding-principle
We have to obey all of the requirements of all of the bits in the distribution
that might be copyrighted, including our own and anyone else's.
How that is accomplished, precisely, depends on all of those bits.
For the Apache License, distribution in binary form requires:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
I hope that helps,
....Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org