You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Roman Shaposhnik (Jira)" <ji...@apache.org> on 2021/11/23 12:42:00 UTC
[jira] [Closed] (LEGAL-587) Do We Need a Notice File in our Apache 2.0 Licensed Project

     [ https://issues.apache.org/jira/browse/LEGAL-587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Roman Shaposhnik closed LEGAL-587.
----------------------------------
    Resolution: Fixed

In general ASF can NOT provide individual legal advice to non member projects. You'd have to look for your own legal counsel. That said, Justin's answer contains a lot of good food for thought.

> Do We Need a Notice File in our Apache 2.0 Licensed Project
> -----------------------------------------------------------
>
>                 Key: LEGAL-587
>                 URL: https://issues.apache.org/jira/browse/LEGAL-587
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Sven Strittmatter
>            Priority: Major
>
> Hello Legal Affairs Committee,
> we (the company [iteratec|http://www.iteratec.com/]) has an open source project [secureCodeBox|https://docs.securecodebox.com/] under Apache 2.0 license hosted at [GitHub|https://github.com/secureCodeBox/secureCodeBox].
> I came up here after reading the [pre FAQ|https://apache.org/foundation/preFAQ.html#license]. The linked [license FAQ|https://apache.org/foundation/license-FAQ.html] responded with 404 :(
> After [some discussions with FSFE|https://github.com/secureCodeBox/secureCodeBox/issues/193] we decided to use [DCO|https://en.wikipedia.org/wiki/Developer_Certificate_of_Origin] and the [reuse tool|https://reuse.software/] with [SPDX|https://spdx.dev/] in the project.
> Now we saw in the [licensing how-to|https://infra.apache.org/licensing-howto.html] that Apache 2.0 licensed projects should have a NOTICE file. I also found this [Stack Exchange answer|https://opensource.stackexchange.com/a/8567]. As far as I understand this is necessary to add licenses of code we have in our repository which is not under Apache license and for adding copyright information from "others". In our case an other company (Secura from NL) contributes. Their developers do not demand to be mentioned in the NOTICE file.
> The problem is: We are all no lawyers and quite confused. Some of us say we need the NOTICE file some say we don't need it. If we need it, what must be added? (The how-to says it should be brief).
> Would you please help us to clarify this issue :)
> You can follow our discussions you can see the [GitHub PR to add the NOTICE file|https://github.com/secureCodeBox/secureCodeBox/pull/808].



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org