You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Justin Mclean (Jira)" <ji...@apache.org> on 2021/11/18 11:50:00 UTC
[jira] [Comment Edited] (LEGAL-587) Do We Need a Notice File in our Apache 2.0 Licensed Project
[ https://issues.apache.org/jira/browse/LEGAL-587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17445873#comment-17445873 ]
Justin Mclean edited comment on LEGAL-587 at 11/18/21, 11:49 AM:
-----------------------------------------------------------------
I'm also not a lawyer. IMO It's up to you if you want a NOTICE file or not, an ASF project needs to have NOTICE file, but others project using the Apache license may or may not have one. In general the LICENSE file contains license information and the NOTICE file is used for other purposes. You might want to read section 4d of the Apache license. Copyright holders do not need to be listed in the NOTICE file as these are normally listed in LICENSE.
was (Author: jmclean):
I'm also not a lawyer. IMO It's up to you if you want a NOTICE file or not, an ASF project needs to have NOTICE file, but others project using the Apache license may or may not have one. In general the LICENSE file contains license information and the NOTICE file is used for other purposes. You might want to read section 4d of the ASF license. Copyright holders do not need to be listed in the NOTICE file as these are normally listed in LICENSE.
> Do We Need a Notice File in our Apache 2.0 Licensed Project
> -----------------------------------------------------------
>
> Key: LEGAL-587
> URL: https://issues.apache.org/jira/browse/LEGAL-587
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Sven Strittmatter
> Priority: Major
>
> Hello Legal Affairs Committee,
> we (the company [iteratec|http://www.iteratec.com/]) has an open source project [secureCodeBox|https://docs.securecodebox.com/] under Apache 2.0 license hosted at [GitHub|https://github.com/secureCodeBox/secureCodeBox].
> I came up here after reading the [pre FAQ|https://apache.org/foundation/preFAQ.html#license]. The linked [license FAQ|https://apache.org/foundation/license-FAQ.html] responded with 404 :(
> After [some discussions with FSFE|https://github.com/secureCodeBox/secureCodeBox/issues/193] we decided to use [DCO|https://en.wikipedia.org/wiki/Developer_Certificate_of_Origin] and the [reuse tool|https://reuse.software/] with [SPDX|https://spdx.dev/] in the project.
> Now we saw in the [licensing how-to|https://infra.apache.org/licensing-howto.html] that Apache 2.0 licensed projects should have a NOTICE file. I also found this [Stack Exchange answer|https://opensource.stackexchange.com/a/8567]. As far as I understand this is necessary to add licenses of code we have in our repository which is not under Apache license and for adding copyright information from "others". In our case an other company (Secura from NL) contributes. Their developers do not demand to be mentioned in the NOTICE file.
> The problem is: We are all no lawyers and quite confused. Some of us say we need the NOTICE file some say we don't need it. If we need it, what must be added? (The how-to says it should be brief).
> Would you please help us to clarify this issue :)
> You can follow our discussions you can see the [GitHub PR to add the NOTICE file|https://github.com/secureCodeBox/secureCodeBox/pull/808].
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org