More to be added to licenses file for 1.1.1 ?

[John Sisson <jr...@gmail.com>]

Whilst testing the geronimo eclipse plugin, eclipse prompted me to 
acknowledge the Sun license at 
http://developers.sun.com/license/berkeley_license.html when caching the 
j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).

This made me wonder whether this license has been included for Geronimo 
(since we redistribute schema files) and it appears the LICENSE.txt file 
in 1.1 doesn't contain it.

I'll add a JIRA for 1.1.1 if there aren't any objections.

Can anyone think of any other licenses or notices we may have overlooked?

John

Re: More to be added to licenses file for 1.1.1 ?

[Kevan Miller <ke...@gmail.com>]

On Jul 19, 2006, at 2:12 AM, Jason Dillon wrote:

> Technically... its bad for a module to need to access bits from ../  
> (or ../../ or ../../../../../../).  The proper way to do this would  
> be to add them to a new license module, then have each module  
> depend on it, using dependency plugin to download unpack and then  
> antrun to copy into place.
>
> Still easier to have LICENSE.txt and NOTICE.txt local to the  
> module.  Most of them will be the same, so not much work to  
> maintain... a few will need to be customized to keep us legal.
>
> If we want to have a global... then we gotta write up some custom  
> plugin to handle that automatically for us.

I'd be proposing that the LICENSE and NOTICE files be local to the  
module. That's what we currently have.

The "distribution" license and notice files are in modules/scripts/ 
src/resources. They are currently built by hand. I'm assuming that  
they will continue to be built by hand. Automatically generating the  
license/module information would be great (I'm just a little doubtful  
that it's going to happen...) You have to include license/notice info  
for all of our generated modules -- that seems doable. However, the  
harder part is compiling license/notice information for dependencies  
that are loaded into our repository. We'd need to capture that  
information as meta-data, then accumulate during the assembly.

We need to be more rigorous in maintaining our LICENSE and NOTICE  
information. IMO, identifying and compiling the information is the  
hard part, not getting them into the necessary format...

--kevan

>
> --jason
>
>
> On Jul 18, 2006, at 8:04 PM, Kevan Miller wrote:
>
>>
>> On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
>>
>>> Kevan Miller wrote:
>>>>
>>>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>>>
>>>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me  
>>>>> to acknowledge the Sun license at http://developers.sun.com/ 
>>>>> license/berkeley_license.html when caching the j2ee schema  
>>>>> files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>>>
>>>>> This made me wonder whether this license has been included for  
>>>>> Geronimo (since we redistribute schema files) and it appears  
>>>>> the LICENSE.txt file in 1.1 doesn't contain it.
>>>>>
>>>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>>>
>>>>> Can anyone think of any other licenses or notices we may have  
>>>>> overlooked?
>>>>
>>>> Yes. Would appreciate your thoughts on the following:
>>>>
>>>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util  
>>>> (currently they are only Bouncy Castle -- I believe that we have  
>>>> ASL code in there, also).
>>> I think we should do it
>>>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and  
>>>> NOTICE files (i.e. branches/1.1/modules/scripts/src/ 
>>>> resources/) ? I think yes.
>>>> 3) Insure NOTICE files are included in our jar files (currently  
>>>> only LICENSE files are there)
>>>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
>>>> 5) Can the "global" LICENSE and NOTICE files be used in all our  
>>>> generated artifacts (distributions, jars, cars)? Or do we need  
>>>> global files and specific license/notice files for generated  
>>>> module jars and car files?
>>>>
>>>> --kevan
>>> 2-4 should be run by legal, no?
>>>
>>> To support #5, I hope we don't need some kind of maven magic.
>>
>> I think 1,2,3 are must do's. I think we can ignore 4. There are  
>> some CAR "files" in ibiblio -- http://www.ibiblio.org/maven/ 
>> geronimo/cars/ However, I'm not sure why they are there... They  
>> are all "1.0" and dated December 22nd. Should we have them  
>> removed? To my knowledge, we don't build or distribute CAR files  
>> in 1.1 (we do have ".car" directories in our repository, but IMO  
>> that's no different from any other directory name we might have...)
>>
>> Regarding 5, I think the right thing to do is have a global  
>> LICENSE and NOTICE file in the base of our distributions. We  
>> currently have this. Each of our jar files should have LICENSE and  
>> NOTICE files specific to each jar. I don't think that this is hard  
>> to do. Am I wrong? They all need standard ASL license and notice  
>> files. util needs to include bouncy castle info. Are there other  
>> geronimo generated jars with any licensing requirements beyond ASL 2?
>>
>> --kevan
>>
>>
>>
>

Re: More to be added to licenses file for 1.1.1 ?

[Jason Dillon <ja...@planet57.com>]

Technically... its bad for a module to need to access bits from ../  
(or ../../ or ../../../../../../).  The proper way to do this would  
be to add them to a new license module, then have each module depend  
on it, using dependency plugin to download unpack and then antrun to  
copy into place.

Still easier to have LICENSE.txt and NOTICE.txt local to the module.   
Most of them will be the same, so not much work to maintain... a few  
will need to be customized to keep us legal.

If we want to have a global... then we gotta write up some custom  
plugin to handle that automatically for us.

--jason


On Jul 18, 2006, at 8:04 PM, Kevan Miller wrote:

>
> On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
>
>> Kevan Miller wrote:
>>>
>>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>>
>>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me  
>>>> to acknowledge the Sun license at http://developers.sun.com/ 
>>>> license/berkeley_license.html when caching the j2ee schema files  
>>>> (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>>
>>>> This made me wonder whether this license has been included for  
>>>> Geronimo (since we redistribute schema files) and it appears the  
>>>> LICENSE.txt file in 1.1 doesn't contain it.
>>>>
>>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>>
>>>> Can anyone think of any other licenses or notices we may have  
>>>> overlooked?
>>>
>>> Yes. Would appreciate your thoughts on the following:
>>>
>>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util  
>>> (currently they are only Bouncy Castle -- I believe that we have  
>>> ASL code in there, also).
>> I think we should do it
>>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and  
>>> NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ?  
>>> I think yes.
>>> 3) Insure NOTICE files are included in our jar files (currently  
>>> only LICENSE files are there)
>>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
>>> 5) Can the "global" LICENSE and NOTICE files be used in all our  
>>> generated artifacts (distributions, jars, cars)? Or do we need  
>>> global files and specific license/notice files for generated  
>>> module jars and car files?
>>>
>>> --kevan
>> 2-4 should be run by legal, no?
>>
>> To support #5, I hope we don't need some kind of maven magic.
>
> I think 1,2,3 are must do's. I think we can ignore 4. There are  
> some CAR "files" in ibiblio -- http://www.ibiblio.org/maven/ 
> geronimo/cars/ However, I'm not sure why they are there... They are  
> all "1.0" and dated December 22nd. Should we have them removed? To  
> my knowledge, we don't build or distribute CAR files in 1.1 (we do  
> have ".car" directories in our repository, but IMO that's no  
> different from any other directory name we might have...)
>
> Regarding 5, I think the right thing to do is have a global LICENSE  
> and NOTICE file in the base of our distributions. We currently have  
> this. Each of our jar files should have LICENSE and NOTICE files  
> specific to each jar. I don't think that this is hard to do. Am I  
> wrong? They all need standard ASL license and notice files. util  
> needs to include bouncy castle info. Are there other geronimo  
> generated jars with any licensing requirements beyond ASL 2?
>
> --kevan
>
>
>

Re: More to be added to licenses file for 1.1.1 ?

[John Sisson <jr...@gmail.com>]

Sorry for the slow response.. comments inline.
Kevan Miller wrote:
>
> On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
>
>> Kevan Miller wrote:
>>>
>>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>>
>>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me to 
>>>> acknowledge the Sun license at 
>>>> http://developers.sun.com/license/berkeley_license.html when 
>>>> caching the j2ee schema files (e.g. 
>>>> http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>>
>>>> This made me wonder whether this license has been included for 
>>>> Geronimo (since we redistribute schema files) and it appears the 
>>>> LICENSE.txt file in 1.1 doesn't contain it.
>>>>
>>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>>
>>>> Can anyone think of any other licenses or notices we may have 
>>>> overlooked?
>>>
>>> Yes. Would appreciate your thoughts on the following:
>>>
>>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util 
>>> (currently they are only Bouncy Castle -- I believe that we have ASL 
>>> code in there, also).
>> I think we should do it
Agree.
>>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and 
>>> NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ? I 
>>> think yes.
Agree.
>>> 3) Insure NOTICE files are included in our jar files (currently only 
>>> LICENSE files are there)
Agree.
>>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
Any artifact we publish should have a LICENSE/NOTICE file in it.
>>> 5) Can the "global" LICENSE and NOTICE files be used in all our 
>>> generated artifacts (distributions, jars, cars)? Or do we need 
>>> global files and specific license/notice files for generated module 
>>> jars and car files?
>>>
>>> --kevan
>> 2-4 should be run by legal, no?
I think we should aim to have LICENSE and NOTICE files specific to each 
jar.  What I am not sure of is what licenses need to be included.  See 
my related post 
http://marc.theaimsgroup.com/?l=geronimo-dev&m=115335093425013&w=2
>>
>> To support #5, I hope we don't need some kind of maven magic.
>
> I think 1,2,3 are must do's. I think we can ignore 4. There are some 
> CAR "files" in ibiblio -- http://www.ibiblio.org/maven/geronimo/cars/ 
> However, I'm not sure why they are there... They are all "1.0" and 
> dated December 22nd. Should we have them removed? To my knowledge, we 
> don't build or distribute CAR files in 1.1 (we do have ".car" 
> directories in our repository, but IMO that's no different from any 
> other directory name we might have...)
>
> Regarding 5, I think the right thing to do is have a global LICENSE 
> and NOTICE file in the base of our distributions. We currently have 
> this. Each of our jar files should have LICENSE and NOTICE files 
> specific to each jar. I don't think that this is hard to do. Am I 
> wrong? They all need standard ASL license and notice files. util needs 
> to include bouncy castle info. Are there other geronimo generated jars 
> with any licensing requirements beyond ASL 2?
I think many modules would need to include licenses for third party 
libraries as their licenses say "use of". I also discussed this in the 
related post link above.  We may need to ask legal about this.

John
>
> --kevan
>
>
>
>

Re: More to be added to licenses file for 1.1.1 ?

[Kevan Miller <ke...@gmail.com>]

On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:

> Kevan Miller wrote:
>>
>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>
>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me  
>>> to acknowledge the Sun license at http://developers.sun.com/ 
>>> license/berkeley_license.html when caching the j2ee schema files  
>>> (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>
>>> This made me wonder whether this license has been included for  
>>> Geronimo (since we redistribute schema files) and it appears the  
>>> LICENSE.txt file in 1.1 doesn't contain it.
>>>
>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>
>>> Can anyone think of any other licenses or notices we may have  
>>> overlooked?
>>
>> Yes. Would appreciate your thoughts on the following:
>>
>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util  
>> (currently they are only Bouncy Castle -- I believe that we have  
>> ASL code in there, also).
> I think we should do it
>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and  
>> NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ?  
>> I think yes.
>> 3) Insure NOTICE files are included in our jar files (currently  
>> only LICENSE files are there)
>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
>> 5) Can the "global" LICENSE and NOTICE files be used in all our  
>> generated artifacts (distributions, jars, cars)? Or do we need  
>> global files and specific license/notice files for generated  
>> module jars and car files?
>>
>> --kevan
> 2-4 should be run by legal, no?
>
> To support #5, I hope we don't need some kind of maven magic.

I think 1,2,3 are must do's. I think we can ignore 4. There are some  
CAR "files" in ibiblio -- http://www.ibiblio.org/maven/geronimo/cars/  
However, I'm not sure why they are there... They are all "1.0" and  
dated December 22nd. Should we have them removed? To my knowledge, we  
don't build or distribute CAR files in 1.1 (we do have ".car"  
directories in our repository, but IMO that's no different from any  
other directory name we might have...)

Regarding 5, I think the right thing to do is have a global LICENSE  
and NOTICE file in the base of our distributions. We currently have  
this. Each of our jar files should have LICENSE and NOTICE files  
specific to each jar. I don't think that this is hard to do. Am I  
wrong? They all need standard ASL license and notice files. util  
needs to include bouncy castle info. Are there other geronimo  
generated jars with any licensing requirements beyond ASL 2?

--kevan

Re: More to be added to licenses file for 1.1.1 ?

[Jason Dillon <ja...@planet57.com>]

>> 5) Can the "global" LICENSE and NOTICE files be used in all our  
>> generated artifacts (distributions, jars, cars)? Or do we need  
>> global files and specific license/notice files for generated  
>> module jars and car files?
>>
>> --kevan
> 2-4 should be run by legal, no?
>
> To support #5, I hope we don't need some kind of maven magic.

Probably do...

Unless you can include a file from a resource, then a build extension  
could be added to allow all modules to pick them up.

Or download from a URL (could be http://svn.apache.org/...) but I  
don't like to do that since its outside of version control (even if  
it is pulled from svn, its probably going to be HEAD, which is not  
always going to be correct)

Or create a custom plugin to setup the resources to be added to the  
jars/was/ears.

Easier to just leave the LICENSE.txt and NOTICE.txt files in each  
module and configure Maven to include them from ${pom.basedir} :-\

--jason

Re: More to be added to licenses file for 1.1.1 ?

["Alan D. Cabrera" <li...@toolazydogs.com>]

Kevan Miller wrote:
>
> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>
>> Whilst testing the geronimo eclipse plugin, eclipse prompted me to 
>> acknowledge the Sun license at 
>> http://developers.sun.com/license/berkeley_license.html when caching 
>> the j2ee schema files (e.g. 
>> http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>
>> This made me wonder whether this license has been included for 
>> Geronimo (since we redistribute schema files) and it appears the 
>> LICENSE.txt file in 1.1 doesn't contain it.
>>
>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>
>> Can anyone think of any other licenses or notices we may have 
>> overlooked?
>
> Yes. Would appreciate your thoughts on the following:
>
> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util 
> (currently they are only Bouncy Castle -- I believe that we have ASL 
> code in there, also).
I think we should do it
> 2) Do we need to add Bouncy Castle to our "global" LICENSE and NOTICE 
> files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes.
> 3) Insure NOTICE files are included in our jar files (currently only 
> LICENSE files are there)
> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
> 5) Can the "global" LICENSE and NOTICE files be used in all our 
> generated artifacts (distributions, jars, cars)? Or do we need global 
> files and specific license/notice files for generated module jars and 
> car files?
>
> --kevan
2-4 should be run by legal, no?

To support #5, I hope we don't need some kind of maven magic.


Regards,
Alan

Re: More to be added to licenses file for 1.1.1 ?

[Kevan Miller <ke...@gmail.com>]

On Jul 18, 2006, at 8:53 AM, John Sisson wrote:

> Whilst testing the geronimo eclipse plugin, eclipse prompted me to  
> acknowledge the Sun license at http://developers.sun.com/license/ 
> berkeley_license.html when caching the j2ee schema files (e.g.  
> http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>
> This made me wonder whether this license has been included for  
> Geronimo (since we redistribute schema files) and it appears the  
> LICENSE.txt file in 1.1 doesn't contain it.
>
> I'll add a JIRA for 1.1.1 if there aren't any objections.
>
> Can anyone think of any other licenses or notices we may have  
> overlooked?

Yes. Would appreciate your thoughts on the following:

1) Fix LICENSE and NOTICE files for branches/1.1/modules/util  
(currently they are only Bouncy Castle -- I believe that we have ASL  
code in there, also).
2) Do we need to add Bouncy Castle to our "global" LICENSE and NOTICE  
files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes.
3) Insure NOTICE files are included in our jar files (currently only  
LICENSE files are there)
4) Do we need to add LICENSE/NOTICE files in our generated CARs?
5) Can the "global" LICENSE and NOTICE files be used in all our  
generated artifacts (distributions, jars, cars)? Or do we need global  
files and specific license/notice files for generated module jars and  
car files?

--kevan