You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by David Jencks <da...@yahoo.com> on 2008/03/21 18:40:54 UTC
Legal files goo
Thanks to Dan Kulp the new remote-resources bundle consistent with
the apparent policy expressed on legal-discuss on the content of
LICENSE and NOTICE files has been released so I can update the builds
to use them.
I need to know:
- which builds I should update (branches/bigbang? trunk? which
projects?)
- which modules have additional notice requirements beyond the
standard apache notice. This would typically be because we've copied
over code from some other (probably non-apache) project that has a
NOTICE requirement.
To summarize what we need:
each unit likely to be checked out independently needs a LICENSE and
NOTICE file in svn
everything else (all the maven generated jars etc) can have a
generated LICENSE and NOTICE file. The NOTICE file needs to be minimal.
In geronimo I also set up some stuff that made it easier for me to
stage release candidates and maven generated site release
candidates. I'll look into whether I think this kind of stuff would
be appropriate for apacheds when I look at the legal files setup.
thanks
david jencks
Re: Legal files goo
Posted by Emmanuel Lecharny <el...@gmail.com>.
David Jencks wrote:
>
>
> So, not adding the apache header seems to be most correct.
Thanks for the clarification, David.
From the top of my head, when we fixed the BC problem we had (no BC
header at all on those DER files), we simply decided to replace the ASF
header by the BC header after having checks that it was the path to
follow. But as it was done one year ago...
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: Legal files goo
Posted by David Jencks <da...@yahoo.com>.
On Mar 21, 2008, at 3:38 PM, Emmanuel Lecharny wrote:
> David Jencks wrote:
>>
>>
>> I think we should consider adding the apache header in addition.
> Well, we discussed about that a while ago, but these are really BC
> files, blindly copied. They don't even have been modified.
>
> Second, we intend to completely remove those guys and replace them
> with our own implementation.
>
> In the meantime, do you think it's mandatory to add the Apache
> header ?
I did a little research on the legal-discuss list and found this from
Cliff from Oct 26 2006:
The license header should not be placed in files that are not
contributed directly to the ASF by the author/copyright owner/owner's
agent. We call such files that are not directly submitted to the ASF,
"third-party works". We should never alter or add anything to the
copyright or licensing statements for such third-party works.
You are right to reference such third-party licenses in the LICENSE
file. You are only required to reference them in the NOTICE file if
the third-party work requires some form of attribution when the work
is distributed.
So, not adding the apache header seems to be most correct.
thanks
david jencks
>
> thanks
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
Re: Legal files goo
Posted by Emmanuel Lecharny <el...@gmail.com>.
David Jencks wrote:
>
>
> I think we should consider adding the apache header in addition.
Well, we discussed about that a while ago, but these are really BC
files, blindly copied. They don't even have been modified.
Second, we intend to completely remove those guys and replace them with
our own implementation.
In the meantime, do you think it's mandatory to add the Apache header ?
thanks
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: Legal files goo
Posted by David Jencks <da...@yahoo.com>.
On Mar 21, 2008, at 2:32 PM, Emmanuel Lecharny wrote:
> David Jencks wrote:
>> Shared notes..
>>
>> asn1 claims to have bouncy castle code in it. There are some
>> files without apache license headers but I don't see any
>> indication on any of the files I looked at that they might have
>> come from bouncy castle. I think all the files need apache
>> headers. I'd be happier if the bc files had some indication of
>> that even though the bc originals don't.
> asn1 contains copy of BC code. All the DER classes are BC based.
> This is why we have this claim.
I'm not sure what I was looking at previously, I thought some of the
files had no license header whatsoever. I can't find these any
more. Now it looks to me as if all the der files have the BC license
at the top.
I think we should consider adding the apache header in addition.
thanks
david jencks
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
Re: Legal files goo
Posted by Emmanuel Lecharny <el...@gmail.com>.
David Jencks wrote:
> Shared notes..
>
> asn1 claims to have bouncy castle code in it. There are some files
> without apache license headers but I don't see any indication on any
> of the files I looked at that they might have come from bouncy castle.
> I think all the files need apache headers. I'd be happier if the bc
> files had some indication of that even though the bc originals don't.
asn1 contains copy of BC code. All the DER classes are BC based. This is
why we have this claim.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: Legal files goo
Posted by David Jencks <da...@yahoo.com>.
Shared notes..
asn1 claims to have bouncy castle code in it. There are some files
without apache license headers but I don't see any indication on any
of the files I looked at that they might have come from bouncy
castle. I think all the files need apache headers. I'd be happier
if the bc files had some indication of that even though the bc
originals don't.
My interpretation of the bc license is that we just need to include
the license in LICENSE and no other notice is required. I'm asking
the on the geronimo list about other opinions.
-------------
I will tackle installers another day... IIUC I only need to worry
about apacheds/branches/bigbang, shared/branches/bigbang, installers/
branches/bigbang, and project/branches/bigbang
thanks
david jencks
On Mar 21, 2008, at 1:14 PM, David Jencks wrote:
>
> On Mar 21, 2008, at 11:12 AM, Alex Karasulu wrote:
>> Hi David,
>>
>> On Fri, Mar 21, 2008 at 1:40 PM, David Jencks
>> <da...@yahoo.com> wrote:
>> Thanks to Dan Kulp the new remote-resources bundle consistent with
>> the apparent policy expressed on legal-discuss on the content of
>> LICENSE and NOTICE files has been released so I can update the builds
>> to use them.
>>
>> Great news thanks for following through and keeping us up to date
>> on this.
>>
>>
>> I need to know:
>>
>> - which builds I should update (branches/bigbang? trunk? which
>> projects?)
>>
>> Bigbang is best. We'll simple replace the trunks with these
>> branches instead of merging.
>>
>> - which modules have additional notice requirements beyond the
>> standard apache notice. This would typically be because we've copied
>> over code from some other (probably non-apache) project that has a
>> NOTICE requirement.
>>
>> I think this information was in those old notice files that were
>> in subversion. I don't know anymore off the top of my head. I
>> think we probably fixed most of these issues - namely in the
>> kerberos module of ApacheDS. Emmanuel might also have a better
>> memory than I here. Emm what do you think are we clear here?
>>
>> For the time being can you consult the original NOTICE files in
>> SVN for this information?
>
> OK. From looking at a few they are very unreliable and seem to
> take the point of view that some of the dependencies should be
> listed in the NOTICE file and the licenses for dependencies copied
> into the LICENSE file. This is wrong....
>
> I'll do my best.
>
> Questions/comments.
>
> Are there openLDAP files anywhere except schema-bootstrap? What
> version of openldap were they derived from? I've used the license/
> copyright notice files from openldap 2.4.8 which may be too recent.
>
> Does antlr have a runtime component or are we only using the
> generated parser code directly? Is antlr used anywhere except in
> core-plugin?
>
> These are the only two items I see that require additional NOTICE
> or LICENSE content.
>
> I think I recall rumors that there might be copies of jdbm or
> bouncycastle code somewhere. I haven't found them, so.... if they
> exist please let me know.
>
> So far I've just scanned apacheds, not shared or daemons.
> Distributing bouncycastle jars from apache is a bit iffy due to
> some peculiar patent issues. In geronimo we copied the code we
> needed which did not relate to the patents in order to avoid this
> issue. I haven't looked at if/how bouncycastle is actually used or
> included yet.
>
> thanks
> david jencks
>
>>
>>
>>
>> To summarize what we need:
>> each unit likely to be checked out independently needs a LICENSE and
>> NOTICE file in svn
>> everything else (all the maven generated jars etc) can have a
>> generated LICENSE and NOTICE file. The NOTICE file needs to be
>> minimal.
>>
>> In geronimo I also set up some stuff that made it easier for me to
>> stage release candidates and maven generated site release
>> candidates. I'll look into whether I think this kind of stuff would
>> be appropriate for apacheds when I look at the legal files setup.
>>
>>
>> That's great Dave thanks!
>>
>> Alex
>
Re: Legal files goo
Posted by David Jencks <da...@yahoo.com>.
On Mar 21, 2008, at 11:12 AM, Alex Karasulu wrote:
> Hi David,
>
> On Fri, Mar 21, 2008 at 1:40 PM, David Jencks
> <da...@yahoo.com> wrote:
> Thanks to Dan Kulp the new remote-resources bundle consistent with
> the apparent policy expressed on legal-discuss on the content of
> LICENSE and NOTICE files has been released so I can update the builds
> to use them.
>
> Great news thanks for following through and keeping us up to date
> on this.
>
>
> I need to know:
>
> - which builds I should update (branches/bigbang? trunk? which
> projects?)
>
> Bigbang is best. We'll simple replace the trunks with these
> branches instead of merging.
>
> - which modules have additional notice requirements beyond the
> standard apache notice. This would typically be because we've copied
> over code from some other (probably non-apache) project that has a
> NOTICE requirement.
>
> I think this information was in those old notice files that were in
> subversion. I don't know anymore off the top of my head. I think
> we probably fixed most of these issues - namely in the kerberos
> module of ApacheDS. Emmanuel might also have a better memory than
> I here. Emm what do you think are we clear here?
>
> For the time being can you consult the original NOTICE files in SVN
> for this information?
OK. From looking at a few they are very unreliable and seem to take
the point of view that some of the dependencies should be listed in
the NOTICE file and the licenses for dependencies copied into the
LICENSE file. This is wrong....
I'll do my best.
Questions/comments.
Are there openLDAP files anywhere except schema-bootstrap? What
version of openldap were they derived from? I've used the license/
copyright notice files from openldap 2.4.8 which may be too recent.
Does antlr have a runtime component or are we only using the
generated parser code directly? Is antlr used anywhere except in
core-plugin?
These are the only two items I see that require additional NOTICE or
LICENSE content.
I think I recall rumors that there might be copies of jdbm or
bouncycastle code somewhere. I haven't found them, so.... if they
exist please let me know.
So far I've just scanned apacheds, not shared or daemons.
Distributing bouncycastle jars from apache is a bit iffy due to some
peculiar patent issues. In geronimo we copied the code we needed
which did not relate to the patents in order to avoid this issue. I
haven't looked at if/how bouncycastle is actually used or included yet.
thanks
david jencks
>
>
>
> To summarize what we need:
> each unit likely to be checked out independently needs a LICENSE and
> NOTICE file in svn
> everything else (all the maven generated jars etc) can have a
> generated LICENSE and NOTICE file. The NOTICE file needs to be
> minimal.
>
> In geronimo I also set up some stuff that made it easier for me to
> stage release candidates and maven generated site release
> candidates. I'll look into whether I think this kind of stuff would
> be appropriate for apacheds when I look at the legal files setup.
>
>
> That's great Dave thanks!
>
> Alex
Re: Legal files goo
Posted by Alex Karasulu <ak...@apache.org>.
Hi David,
On Fri, Mar 21, 2008 at 1:40 PM, David Jencks <da...@yahoo.com>
wrote:
> Thanks to Dan Kulp the new remote-resources bundle consistent with
> the apparent policy expressed on legal-discuss on the content of
> LICENSE and NOTICE files has been released so I can update the builds
> to use them.
>
Great news thanks for following through and keeping us up to date on this.
>
> I need to know:
>
> - which builds I should update (branches/bigbang? trunk? which
> projects?)
Bigbang is best. We'll simple replace the trunks with these branches
instead of merging.
>
> - which modules have additional notice requirements beyond the
> standard apache notice. This would typically be because we've copied
> over code from some other (probably non-apache) project that has a
> NOTICE requirement.
>
I think this information was in those old notice files that were in
subversion. I don't know anymore off the top of my head. I think we
probably fixed most of these issues - namely in the kerberos module of
ApacheDS. Emmanuel might also have a better memory than I here. Emm what
do you think are we clear here?
For the time being can you consult the original NOTICE files in SVN for this
information?
>
> To summarize what we need:
> each unit likely to be checked out independently needs a LICENSE and
> NOTICE file in svn
> everything else (all the maven generated jars etc) can have a
> generated LICENSE and NOTICE file. The NOTICE file needs to be minimal.
>
> In geronimo I also set up some stuff that made it easier for me to
> stage release candidates and maven generated site release
> candidates. I'll look into whether I think this kind of stuff would
> be appropriate for apacheds when I look at the legal files setup.
>
>
That's great Dave thanks!
Alex