You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by Norbert Kalmar <nk...@cloudera.com.INVALID> on 2019/03/06 15:33:35 UTC
License files
Hi all,
We had some issues with the license files in the last few RC on 3.4.
To make things easier in the future, I was looking at the maven license
plugin. But I'm not sure about are legal obligations. If I understand
correctly, if we give an aggregated license file that contains all our
third party dependencies that lists their license type and a link to their
site, it is sufficient?
I just tried the add-third-party goal:
http://www.mojohaus.org/license-maven-plugin/add-third-party-mojo.html
And it generates an aggregated LICENSE file, I will dump the content at the
end fo this e-mail.
Would this work for ZooKeeper?
And if so, do you agree we should move to a single aggregated LICENSE file?
Thanks,
Norbert
LICENSE.txt content (I know not all if this dependency is distributed, ike
spotbugs-annotations, I would exclude those in the final solution):
Lists of 51 third-party dependencies.
(The Apache Software License, Version 2.0) Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.9.0 -
http://github.com/FasterXML/jackson)
(The Apache Software License, Version 2.0) Jackson-core
(com.fasterxml.jackson.core:jackson-core:2.9.8 -
https://github.com/FasterXML/jackson-core)
(The Apache Software License, Version 2.0) jackson-databind
(com.fasterxml.jackson.core:jackson-databind:2.9.8 -
http://github.com/FasterXML/jackson)
(GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1) SpotBugs Annotations
(com.github.spotbugs:spotbugs-annotations:3.1.9 -
https://spotbugs.github.io/)
(Apache License, Version 2.0) JCIP Annotations under Apache License
(com.github.stephenc.jcip:jcip-annotations:1.0-1 -
http://stephenc.github.com/jcip-annotations)
(The Apache Software License, Version 2.0) FindBugs-jsr305
(com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)
(The Apache Software License, Version 2.0) JSON.simple
(com.googlecode.json-simple:json-simple:1.1.1 -
http://code.google.com/p/json-simple/)
(The Apache Software License, Version 2.0) Nimbus JOSE+JWT
(com.nimbusds:nimbus-jose-jwt:4.41.2 -
https://bitbucket.org/connect2id/nimbus-jose-jwt)
(The Apache Software License, Version 2.0) Commons CLI
(commons-cli:commons-cli:1.2 - http://commons.apache.org/cli/)
(Apache License, Version 2.0) Apache Commons Collections
(commons-collections:commons-collections:3.2.2 -
http://commons.apache.org/collections/)
(Apache License, Version 2.0) Apache Commons IO
(commons-io:commons-io:2.6 - http://commons.apache.org/proper/commons-io/)
(The Apache Software License, Version 2.0) Commons Lang
(commons-lang:commons-lang:2.6 - http://commons.apache.org/lang/)
(Apache License 2.0) Metrics Core
(io.dropwizard.metrics:metrics-core:3.2.5 -
http://metrics.dropwizard.io/metrics-core/)
(Apache License, Version 2.0) Netty/All-in-One
(io.netty:netty-all:4.1.29.Final - http://netty.io/netty-all/)
(CDDL + GPLv2 with classpath exception) Java Servlet API
(javax.servlet:javax.servlet-api:3.1.0 - http://servlet-spec.java.net)
(The BSD License) JLine (jline:jline:2.11 -
http://nexus.sonatype.org/oss-repository-hosting.html/jline)
(Eclipse Public License 1.0) JUnit (junit:junit:4.12 - http://junit.org
)
(The Apache Software License, Version 2.0) Apache Log4j
(log4j:log4j:1.2.17 - http://logging.apache.org/log4j/1.2/)
(The Apache Software License, Version 2.0) ASM based accessors helper
used by json-smart (net.minidev:accessors-smart:1.2 -
http://www.minidev.net/)
(The Apache Software License, Version 2.0) JSON Small and Fast Parser
(net.minidev:json-smart:2.3 - http://www.minidev.net/)
(Apache License, Version 2.0) Kerby-kerb Admin
(org.apache.kerby:kerb-admin:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-admin)
(Apache License, Version 2.0) Kerby-kerb Client
(org.apache.kerby:kerb-client:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-client)
(Apache License, Version 2.0) Kerby-kerb Common
(org.apache.kerby:kerb-common:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-common)
(Apache License, Version 2.0) Kerby-kerb core
(org.apache.kerby:kerb-core:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-core)
(Apache License, Version 2.0) Kerby-kerb Crypto
(org.apache.kerby:kerb-crypto:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-crypto)
(Apache License, Version 2.0) Kerby-kerb Identity
(org.apache.kerby:kerb-identity:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-identity)
(Apache License, Version 2.0) Kerby-kerb Server
(org.apache.kerby:kerb-server:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-server)
(Apache License, Version 2.0) Kerb Simple Kdc
(org.apache.kerby:kerb-simplekdc:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-simplekdc)
(Apache License, Version 2.0) Kerby-kerb Util
(org.apache.kerby:kerb-util:1.1.0 -
http://directory.apache.org/kerby/kerby-kerb/kerb-util)
(Apache License, Version 2.0) Kerby ASN1 Project
(org.apache.kerby:kerby-asn1:1.1.0 -
http://directory.apache.org/kerby/kerby-common/kerby-asn1)
(Apache License, Version 2.0) Kerby Config
(org.apache.kerby:kerby-config:1.1.0 -
http://directory.apache.org/kerby/kerby-common/kerby-config)
(Apache License, Version 2.0) Kerby PKIX Project
(org.apache.kerby:kerby-pkix:1.1.0 -
http://directory.apache.org/kerby/kerby-pkix)
(Apache License, Version 2.0) Kerby Util
(org.apache.kerby:kerby-util:1.1.0 -
http://directory.apache.org/kerby/kerby-common/kerby-util)
(Apache License, Version 2.0) Kerby XDR Project
(org.apache.kerby:kerby-xdr:1.1.0 -
http://directory.apache.org/kerby/kerby-common/kerby-xdr)
(Apache License, Version 2.0) Token provider
(org.apache.kerby:token-provider:1.1.0 -
http://directory.apache.org/kerby/kerby-provider/token-provider)
(Apache Lice
Re: License files
Posted by Enrico Olivelli <eo...@gmail.com>.
Il mer 6 mar 2019, 16:33 Norbert Kalmar <nk...@cloudera.com.invalid> ha
scritto:
> Hi all,
>
> We had some issues with the license files in the last few RC on 3.4.
>
> To make things easier in the future, I was looking at the maven license
> plugin. But I'm not sure about are legal obligations.
I think that having a file mantained manually is better.
When you commit a patch which updates a library or adds a new one you have
to change that file as well, and this will be subject to review and
discussion.
I think that that plugin is very useful in order to test automatically that
non complaint third party libs get into the tar ball/code base, but not to
generate NOTICE/LICENSE files
btw during the VOTE a manual check is required.
For reference Ivan Kelly made an useful script for Bookkeeper (see 1)
Enrico
[1]
https://github.com/apache/bookkeeper/blob/master/dev/check-binary-license
If I understand
> correctly, if we give an aggregated license file that contains all our
> third party dependencies that lists their license type and a link to their
> site, it is sufficient?
> I just tried the add-third-party goal:
> http://www.mojohaus.org/license-maven-plugin/add-third-party-mojo.html
> And it generates an aggregated LICENSE file, I will dump the content at the
> end fo this e-mail.
> Would this work for ZooKeeper?
> And if so, do you agree we should move to a single aggregated LICENSE file?
>
> Thanks,
> Norbert
>
> LICENSE.txt content (I know not all if this dependency is distributed, ike
> spotbugs-annotations, I would exclude those in the final solution):
>
>
> Lists of 51 third-party dependencies.
> (The Apache Software License, Version 2.0) Jackson-annotations
> (com.fasterxml.jackson.core:jackson-annotations:2.9.0 -
> http://github.com/FasterXML/jackson)
> (The Apache Software License, Version 2.0) Jackson-core
> (com.fasterxml.jackson.core:jackson-core:2.9.8 -
> https://github.com/FasterXML/jackson-core)
> (The Apache Software License, Version 2.0) jackson-databind
> (com.fasterxml.jackson.core:jackson-databind:2.9.8 -
> http://github.com/FasterXML/jackson)
> (GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1) SpotBugs Annotations
> (com.github.spotbugs:spotbugs-annotations:3.1.9 -
> https://spotbugs.github.io/)
> (Apache License, Version 2.0) JCIP Annotations under Apache License
> (com.github.stephenc.jcip:jcip-annotations:1.0-1 -
> http://stephenc.github.com/jcip-annotations)
> (The Apache Software License, Version 2.0) FindBugs-jsr305
> (com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)
> (The Apache Software License, Version 2.0) JSON.simple
> (com.googlecode.json-simple:json-simple:1.1.1 -
> http://code.google.com/p/json-simple/)
> (The Apache Software License, Version 2.0) Nimbus JOSE+JWT
> (com.nimbusds:nimbus-jose-jwt:4.41.2 -
> https://bitbucket.org/connect2id/nimbus-jose-jwt)
> (The Apache Software License, Version 2.0) Commons CLI
> (commons-cli:commons-cli:1.2 - http://commons.apache.org/cli/)
> (Apache License, Version 2.0) Apache Commons Collections
> (commons-collections:commons-collections:3.2.2 -
> http://commons.apache.org/collections/)
> (Apache License, Version 2.0) Apache Commons IO
> (commons-io:commons-io:2.6 - http://commons.apache.org/proper/commons-io/)
> (The Apache Software License, Version 2.0) Commons Lang
> (commons-lang:commons-lang:2.6 - http://commons.apache.org/lang/)
> (Apache License 2.0) Metrics Core
> (io.dropwizard.metrics:metrics-core:3.2.5 -
> http://metrics.dropwizard.io/metrics-core/)
> (Apache License, Version 2.0) Netty/All-in-One
> (io.netty:netty-all:4.1.29.Final - http://netty.io/netty-all/)
> (CDDL + GPLv2 with classpath exception) Java Servlet API
> (javax.servlet:javax.servlet-api:3.1.0 - http://servlet-spec.java.net)
> (The BSD License) JLine (jline:jline:2.11 -
> http://nexus.sonatype.org/oss-repository-hosting.html/jline)
> (Eclipse Public License 1.0) JUnit (junit:junit:4.12 -
> http://junit.org
> )
> (The Apache Software License, Version 2.0) Apache Log4j
> (log4j:log4j:1.2.17 - http://logging.apache.org/log4j/1.2/)
> (The Apache Software License, Version 2.0) ASM based accessors helper
> used by json-smart (net.minidev:accessors-smart:1.2 -
> http://www.minidev.net/)
> (The Apache Software License, Version 2.0) JSON Small and Fast Parser
> (net.minidev:json-smart:2.3 - http://www.minidev.net/)
> (Apache License, Version 2.0) Kerby-kerb Admin
> (org.apache.kerby:kerb-admin:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-admin)
> (Apache License, Version 2.0) Kerby-kerb Client
> (org.apache.kerby:kerb-client:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-client)
> (Apache License, Version 2.0) Kerby-kerb Common
> (org.apache.kerby:kerb-common:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-common)
> (Apache License, Version 2.0) Kerby-kerb core
> (org.apache.kerby:kerb-core:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-core)
> (Apache License, Version 2.0) Kerby-kerb Crypto
> (org.apache.kerby:kerb-crypto:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-crypto)
> (Apache License, Version 2.0) Kerby-kerb Identity
> (org.apache.kerby:kerb-identity:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-identity)
> (Apache License, Version 2.0) Kerby-kerb Server
> (org.apache.kerby:kerb-server:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-server)
> (Apache License, Version 2.0) Kerb Simple Kdc
> (org.apache.kerby:kerb-simplekdc:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-simplekdc)
> (Apache License, Version 2.0) Kerby-kerb Util
> (org.apache.kerby:kerb-util:1.1.0 -
> http://directory.apache.org/kerby/kerby-kerb/kerb-util)
> (Apache License, Version 2.0) Kerby ASN1 Project
> (org.apache.kerby:kerby-asn1:1.1.0 -
> http://directory.apache.org/kerby/kerby-common/kerby-asn1)
> (Apache License, Version 2.0) Kerby Config
> (org.apache.kerby:kerby-config:1.1.0 -
> http://directory.apache.org/kerby/kerby-common/kerby-config)
> (Apache License, Version 2.0) Kerby PKIX Project
> (org.apache.kerby:kerby-pkix:1.1.0 -
> http://directory.apache.org/kerby/kerby-pkix)
> (Apache License, Version 2.0) Kerby Util
> (org.apache.kerby:kerby-util:1.1.0 -
> http://directory.apache.org/kerby/kerby-common/kerby-util)
> (Apache License, Version 2.0) Kerby XDR Project
> (org.apache.kerby:kerby-xdr:1.1.0 -
> http://directory.apache.org/kerby/kerby-common/kerby-xdr)
> (Apache License, Version 2.0) Token provider
> (org.apache.kerby:token-provider:1.1.0 -
> http://directory.apache.org/kerby/kerby-provider/token-provider)
> (Apache Lice
>