[jira] Commented: (LEGAL-27) LICENSE/NOTICE content vs package content

["Stefano Bagnara (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-27?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12619580#action_12619580 ] 

Stefano Bagnara commented on LEGAL-27:
--------------------------------------

@Henri 

MOST (and I mean I can create an HUGE list) releases made by ASF PMCs in the last years include artifacts including LICENSE/NOTICE with more stuff than what is included in package. This is the result of most PMCs (JAMES included, as I'm in JAMES) simply copying the main LICENSE/NOTICE to every artifact (every module and every src, bin, javadoc, tests package) the release.

If this is not acceptable, like you say in your comment, I think the board should write a message to PMCs allowing them understand/acknowledge this critical issue.

Here is a small list I made few weeks ago while discussing this argument with my PMC:
http://markmail.org/message/vly3x2jj4ayelc3t

Maybe the "may contain" option is the way to go if we want a policy being followed by most of the PMCs, otherwise there is a need for evangelization given the number of products not conforming with your answer.

> LICENSE/NOTICE content vs package content
> -----------------------------------------
>
>                 Key: LEGAL-27
>                 URL: https://issues.apache.org/jira/browse/LEGAL-27
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Stefano Bagnara
>
> Most apache releases included a LICENSE/NOTICE tuple (I will refer to them as LICENSE/NOTICE tuple to make it easier, even if they deserve different treatment sometimes) including references to every 3rd party work in that svn tree. This LICENSE/NOTICE tuple was then added to every package released from that tree even if some of the packages created didn't really include all of the work referenced there.
> To my understand this was the standard accepted practice until a broader maven adoption. Using maven most projects started releasing jar-packages (and not only the bin/src packages) so the question about the LICENSE/NOTICE oversized content came out.
> If people agree that is good to have a NOTICE/LICENSE specific to each release I think it should be written in a policy but I would hope this is not enforced because this would probably be a cause for limiting the number of packages released (creating a new assembly for the same work is much less work than mantaining a special NOTICE/LICENSE for it).
> Here is the "practice" as described by David Jencks to me:
> ----
> released artifacts should include LICENSE and NOTICE files applying exactly to their content.   If this goal is not achieved, its better to have unnecessary stuff in the LICENSE/NOTICE files than missing stuff.
> ----
> The introduction of the 1.4 version for org.apache:apache-jar-resource-bundle changed the LICENSE/NOTICE added to jars to not include dependencies by default, so people upgrading from 1.3 will ask this again and again.
> A clear policy IMHO is also a good way to let some smart people create/improve maven plugins to better manage what the policy says. No written policy means that we all do what the plugin developer prefererred ;-) (kudos to plugin developers)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org