Question about used third-party dependencies

[Clement Escoffier <cl...@gmail.com>]

Hi,

I have a small question about third-party dependencies. When a project  
includes the code of another project (such as ASM), the project has to  
declare it by:
- specifying the dependency in the NOTICE file (in the included  
software section)
- containing a copy of the LICENSE file of the project named  
LICENSE.xxx (for example, LICENSE.asm) [if not ASL 2.0]

However, what about used dependencies (not included). For sure, it has  
to declare the dependencies in  the used software section of the  
NOTICE file, but what about the LICENSE.xxx ?

Regards,

Clement

Re: Question about used third-party dependencies

[David Jencks <da...@yahoo.com>]

On Apr 19, 2009, at 7:14 AM, Niclas Hedhman wrote:

> On Sun, Apr 19, 2009 at 3:17 PM, Clement Escoffier
> <cl...@gmail.com> wrote:
>
>> I have a small question about third-party dependencies. When a  
>> project
>> includes the code of another project (such as ASM), the project has  
>> to
>> declare it by:
>> - specifying the dependency in the NOTICE file (in the included  
>> software
>> section)
>> - containing a copy of the LICENSE file of the project named  
>> LICENSE.xxx
>> (for example, LICENSE.asm) [if not ASL 2.0]
>
> Correct. It can be in the same LICENSE file, though.
>
>> However, what about used dependencies (not included). For sure, it  
>> has to
>> declare the dependencies in  the used software section of the  
>> NOTICE file,
>> but what about the LICENSE.xxx ?
>
> Yes, same requirement. NOTICE is a requirement from many (but not all)
> licenses, so it is more often than not a requirement to do this
> acknowledgement. It is common that we make a verbal distinction
> between 'includes sources from' vs 'depends on binary of' or something
> to such extent.

I don't think you are correct.  After a bunch of discussion on legal- 
discuss I think that the NOTICE file applies exactly to what is  
actually in the artifact containing it and that it should not include  
information about anything else.

To support this the maven-remote-resource plugin apache resource  
bundle now generates LICENSE and NOTICE files following this principle  
and also generates a DEPENDENCIES file that tries to help by  
indicating the licenses of dependencies.  After coming up with this I  
attempted to describe it clearly on legal-discuss and didn't get any  
negative feedback so I think it's in line with apache policy.

thanks
david jencks

>
>
>
> Cheers
> -- 
> Niclas Hedhman, Software Developer
> http://www.qi4j.org - New Energy for Java
>
> I  live here; http://tinyurl.com/2qq9er
> I  work here; http://tinyurl.com/2ymelc
> I relax here; http://tinyurl.com/2cgsug

Re: Question about used third-party dependencies

[Niclas Hedhman <ni...@hedhman.org>]

On Sun, Apr 19, 2009 at 3:17 PM, Clement Escoffier
<cl...@gmail.com> wrote:

> I have a small question about third-party dependencies. When a project
> includes the code of another project (such as ASM), the project has to
> declare it by:
> - specifying the dependency in the NOTICE file (in the included software
> section)
> - containing a copy of the LICENSE file of the project named LICENSE.xxx
> (for example, LICENSE.asm) [if not ASL 2.0]

Correct. It can be in the same LICENSE file, though.

> However, what about used dependencies (not included). For sure, it has to
> declare the dependencies in  the used software section of the NOTICE file,
> but what about the LICENSE.xxx ?

Yes, same requirement. NOTICE is a requirement from many (but not all)
licenses, so it is more often than not a requirement to do this
acknowledgement. It is common that we make a verbal distinction
between 'includes sources from' vs 'depends on binary of' or something
to such extent.


Cheers
-- 
Niclas Hedhman, Software Developer
http://www.qi4j.org - New Energy for Java

I  live here; http://tinyurl.com/2qq9er
I  work here; http://tinyurl.com/2ymelc
I relax here; http://tinyurl.com/2cgsug