You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by John Sisson <jr...@gmail.com> on 2006/07/18 14:53:13 UTC
More to be added to licenses file for 1.1.1 ?
Whilst testing the geronimo eclipse plugin, eclipse prompted me to
acknowledge the Sun license at
http://developers.sun.com/license/berkeley_license.html when caching the
j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
This made me wonder whether this license has been included for Geronimo
(since we redistribute schema files) and it appears the LICENSE.txt file
in 1.1 doesn't contain it.
I'll add a JIRA for 1.1.1 if there aren't any objections.
Can anyone think of any other licenses or notices we may have overlooked?
John
Re: More to be added to licenses file for 1.1.1 ?
Posted by Kevan Miller <ke...@gmail.com>.
On Jul 19, 2006, at 2:12 AM, Jason Dillon wrote:
> Technically... its bad for a module to need to access bits from ../
> (or ../../ or ../../../../../../). The proper way to do this would
> be to add them to a new license module, then have each module
> depend on it, using dependency plugin to download unpack and then
> antrun to copy into place.
>
> Still easier to have LICENSE.txt and NOTICE.txt local to the
> module. Most of them will be the same, so not much work to
> maintain... a few will need to be customized to keep us legal.
>
> If we want to have a global... then we gotta write up some custom
> plugin to handle that automatically for us.
I'd be proposing that the LICENSE and NOTICE files be local to the
module. That's what we currently have.
The "distribution" license and notice files are in modules/scripts/
src/resources. They are currently built by hand. I'm assuming that
they will continue to be built by hand. Automatically generating the
license/module information would be great (I'm just a little doubtful
that it's going to happen...) You have to include license/notice info
for all of our generated modules -- that seems doable. However, the
harder part is compiling license/notice information for dependencies
that are loaded into our repository. We'd need to capture that
information as meta-data, then accumulate during the assembly.
We need to be more rigorous in maintaining our LICENSE and NOTICE
information. IMO, identifying and compiling the information is the
hard part, not getting them into the necessary format...
--kevan
>
> --jason
>
>
> On Jul 18, 2006, at 8:04 PM, Kevan Miller wrote:
>
>>
>> On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
>>
>>> Kevan Miller wrote:
>>>>
>>>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>>>
>>>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me
>>>>> to acknowledge the Sun license at http://developers.sun.com/
>>>>> license/berkeley_license.html when caching the j2ee schema
>>>>> files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>>>
>>>>> This made me wonder whether this license has been included for
>>>>> Geronimo (since we redistribute schema files) and it appears
>>>>> the LICENSE.txt file in 1.1 doesn't contain it.
>>>>>
>>>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>>>
>>>>> Can anyone think of any other licenses or notices we may have
>>>>> overlooked?
>>>>
>>>> Yes. Would appreciate your thoughts on the following:
>>>>
>>>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util
>>>> (currently they are only Bouncy Castle -- I believe that we have
>>>> ASL code in there, also).
>>> I think we should do it
>>>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and
>>>> NOTICE files (i.e. branches/1.1/modules/scripts/src/
>>>> resources/) ? I think yes.
>>>> 3) Insure NOTICE files are included in our jar files (currently
>>>> only LICENSE files are there)
>>>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
>>>> 5) Can the "global" LICENSE and NOTICE files be used in all our
>>>> generated artifacts (distributions, jars, cars)? Or do we need
>>>> global files and specific license/notice files for generated
>>>> module jars and car files?
>>>>
>>>> --kevan
>>> 2-4 should be run by legal, no?
>>>
>>> To support #5, I hope we don't need some kind of maven magic.
>>
>> I think 1,2,3 are must do's. I think we can ignore 4. There are
>> some CAR "files" in ibiblio -- http://www.ibiblio.org/maven/
>> geronimo/cars/ However, I'm not sure why they are there... They
>> are all "1.0" and dated December 22nd. Should we have them
>> removed? To my knowledge, we don't build or distribute CAR files
>> in 1.1 (we do have ".car" directories in our repository, but IMO
>> that's no different from any other directory name we might have...)
>>
>> Regarding 5, I think the right thing to do is have a global
>> LICENSE and NOTICE file in the base of our distributions. We
>> currently have this. Each of our jar files should have LICENSE and
>> NOTICE files specific to each jar. I don't think that this is hard
>> to do. Am I wrong? They all need standard ASL license and notice
>> files. util needs to include bouncy castle info. Are there other
>> geronimo generated jars with any licensing requirements beyond ASL 2?
>>
>> --kevan
>>
>>
>>
>
Re: More to be added to licenses file for 1.1.1 ?
Posted by Jason Dillon <ja...@planet57.com>.
Technically... its bad for a module to need to access bits from ../
(or ../../ or ../../../../../../). The proper way to do this would
be to add them to a new license module, then have each module depend
on it, using dependency plugin to download unpack and then antrun to
copy into place.
Still easier to have LICENSE.txt and NOTICE.txt local to the module.
Most of them will be the same, so not much work to maintain... a few
will need to be customized to keep us legal.
If we want to have a global... then we gotta write up some custom
plugin to handle that automatically for us.
--jason
On Jul 18, 2006, at 8:04 PM, Kevan Miller wrote:
>
> On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
>
>> Kevan Miller wrote:
>>>
>>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>>
>>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me
>>>> to acknowledge the Sun license at http://developers.sun.com/
>>>> license/berkeley_license.html when caching the j2ee schema files
>>>> (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>>
>>>> This made me wonder whether this license has been included for
>>>> Geronimo (since we redistribute schema files) and it appears the
>>>> LICENSE.txt file in 1.1 doesn't contain it.
>>>>
>>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>>
>>>> Can anyone think of any other licenses or notices we may have
>>>> overlooked?
>>>
>>> Yes. Would appreciate your thoughts on the following:
>>>
>>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util
>>> (currently they are only Bouncy Castle -- I believe that we have
>>> ASL code in there, also).
>> I think we should do it
>>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and
>>> NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ?
>>> I think yes.
>>> 3) Insure NOTICE files are included in our jar files (currently
>>> only LICENSE files are there)
>>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
>>> 5) Can the "global" LICENSE and NOTICE files be used in all our
>>> generated artifacts (distributions, jars, cars)? Or do we need
>>> global files and specific license/notice files for generated
>>> module jars and car files?
>>>
>>> --kevan
>> 2-4 should be run by legal, no?
>>
>> To support #5, I hope we don't need some kind of maven magic.
>
> I think 1,2,3 are must do's. I think we can ignore 4. There are
> some CAR "files" in ibiblio -- http://www.ibiblio.org/maven/
> geronimo/cars/ However, I'm not sure why they are there... They are
> all "1.0" and dated December 22nd. Should we have them removed? To
> my knowledge, we don't build or distribute CAR files in 1.1 (we do
> have ".car" directories in our repository, but IMO that's no
> different from any other directory name we might have...)
>
> Regarding 5, I think the right thing to do is have a global LICENSE
> and NOTICE file in the base of our distributions. We currently have
> this. Each of our jar files should have LICENSE and NOTICE files
> specific to each jar. I don't think that this is hard to do. Am I
> wrong? They all need standard ASL license and notice files. util
> needs to include bouncy castle info. Are there other geronimo
> generated jars with any licensing requirements beyond ASL 2?
>
> --kevan
>
>
>
Re: More to be added to licenses file for 1.1.1 ?
Posted by John Sisson <jr...@gmail.com>.
Sorry for the slow response.. comments inline.
Kevan Miller wrote:
>
> On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
>
>> Kevan Miller wrote:
>>>
>>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>>
>>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me to
>>>> acknowledge the Sun license at
>>>> http://developers.sun.com/license/berkeley_license.html when
>>>> caching the j2ee schema files (e.g.
>>>> http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>>
>>>> This made me wonder whether this license has been included for
>>>> Geronimo (since we redistribute schema files) and it appears the
>>>> LICENSE.txt file in 1.1 doesn't contain it.
>>>>
>>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>>
>>>> Can anyone think of any other licenses or notices we may have
>>>> overlooked?
>>>
>>> Yes. Would appreciate your thoughts on the following:
>>>
>>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util
>>> (currently they are only Bouncy Castle -- I believe that we have ASL
>>> code in there, also).
>> I think we should do it
Agree.
>>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and
>>> NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ? I
>>> think yes.
Agree.
>>> 3) Insure NOTICE files are included in our jar files (currently only
>>> LICENSE files are there)
Agree.
>>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
Any artifact we publish should have a LICENSE/NOTICE file in it.
>>> 5) Can the "global" LICENSE and NOTICE files be used in all our
>>> generated artifacts (distributions, jars, cars)? Or do we need
>>> global files and specific license/notice files for generated module
>>> jars and car files?
>>>
>>> --kevan
>> 2-4 should be run by legal, no?
I think we should aim to have LICENSE and NOTICE files specific to each
jar. What I am not sure of is what licenses need to be included. See
my related post
http://marc.theaimsgroup.com/?l=geronimo-dev&m=115335093425013&w=2
>>
>> To support #5, I hope we don't need some kind of maven magic.
>
> I think 1,2,3 are must do's. I think we can ignore 4. There are some
> CAR "files" in ibiblio -- http://www.ibiblio.org/maven/geronimo/cars/
> However, I'm not sure why they are there... They are all "1.0" and
> dated December 22nd. Should we have them removed? To my knowledge, we
> don't build or distribute CAR files in 1.1 (we do have ".car"
> directories in our repository, but IMO that's no different from any
> other directory name we might have...)
>
> Regarding 5, I think the right thing to do is have a global LICENSE
> and NOTICE file in the base of our distributions. We currently have
> this. Each of our jar files should have LICENSE and NOTICE files
> specific to each jar. I don't think that this is hard to do. Am I
> wrong? They all need standard ASL license and notice files. util needs
> to include bouncy castle info. Are there other geronimo generated jars
> with any licensing requirements beyond ASL 2?
I think many modules would need to include licenses for third party
libraries as their licenses say "use of". I also discussed this in the
related post link above. We may need to ask legal about this.
John
>
> --kevan
>
>
>
>
Re: More to be added to licenses file for 1.1.1 ?
Posted by Kevan Miller <ke...@gmail.com>.
On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote:
> Kevan Miller wrote:
>>
>> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>>
>>> Whilst testing the geronimo eclipse plugin, eclipse prompted me
>>> to acknowledge the Sun license at http://developers.sun.com/
>>> license/berkeley_license.html when caching the j2ee schema files
>>> (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>>
>>> This made me wonder whether this license has been included for
>>> Geronimo (since we redistribute schema files) and it appears the
>>> LICENSE.txt file in 1.1 doesn't contain it.
>>>
>>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>>
>>> Can anyone think of any other licenses or notices we may have
>>> overlooked?
>>
>> Yes. Would appreciate your thoughts on the following:
>>
>> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util
>> (currently they are only Bouncy Castle -- I believe that we have
>> ASL code in there, also).
> I think we should do it
>> 2) Do we need to add Bouncy Castle to our "global" LICENSE and
>> NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ?
>> I think yes.
>> 3) Insure NOTICE files are included in our jar files (currently
>> only LICENSE files are there)
>> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
>> 5) Can the "global" LICENSE and NOTICE files be used in all our
>> generated artifacts (distributions, jars, cars)? Or do we need
>> global files and specific license/notice files for generated
>> module jars and car files?
>>
>> --kevan
> 2-4 should be run by legal, no?
>
> To support #5, I hope we don't need some kind of maven magic.
I think 1,2,3 are must do's. I think we can ignore 4. There are some
CAR "files" in ibiblio -- http://www.ibiblio.org/maven/geronimo/cars/
However, I'm not sure why they are there... They are all "1.0" and
dated December 22nd. Should we have them removed? To my knowledge, we
don't build or distribute CAR files in 1.1 (we do have ".car"
directories in our repository, but IMO that's no different from any
other directory name we might have...)
Regarding 5, I think the right thing to do is have a global LICENSE
and NOTICE file in the base of our distributions. We currently have
this. Each of our jar files should have LICENSE and NOTICE files
specific to each jar. I don't think that this is hard to do. Am I
wrong? They all need standard ASL license and notice files. util
needs to include bouncy castle info. Are there other geronimo
generated jars with any licensing requirements beyond ASL 2?
--kevan
Re: More to be added to licenses file for 1.1.1 ?
Posted by Jason Dillon <ja...@planet57.com>.
>> 5) Can the "global" LICENSE and NOTICE files be used in all our
>> generated artifacts (distributions, jars, cars)? Or do we need
>> global files and specific license/notice files for generated
>> module jars and car files?
>>
>> --kevan
> 2-4 should be run by legal, no?
>
> To support #5, I hope we don't need some kind of maven magic.
Probably do...
Unless you can include a file from a resource, then a build extension
could be added to allow all modules to pick them up.
Or download from a URL (could be http://svn.apache.org/...) but I
don't like to do that since its outside of version control (even if
it is pulled from svn, its probably going to be HEAD, which is not
always going to be correct)
Or create a custom plugin to setup the resources to be added to the
jars/was/ears.
Easier to just leave the LICENSE.txt and NOTICE.txt files in each
module and configure Maven to include them from ${pom.basedir} :-\
--jason
Re: More to be added to licenses file for 1.1.1 ?
Posted by "Alan D. Cabrera" <li...@toolazydogs.com>.
Kevan Miller wrote:
>
> On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
>
>> Whilst testing the geronimo eclipse plugin, eclipse prompted me to
>> acknowledge the Sun license at
>> http://developers.sun.com/license/berkeley_license.html when caching
>> the j2ee schema files (e.g.
>> http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>>
>> This made me wonder whether this license has been included for
>> Geronimo (since we redistribute schema files) and it appears the
>> LICENSE.txt file in 1.1 doesn't contain it.
>>
>> I'll add a JIRA for 1.1.1 if there aren't any objections.
>>
>> Can anyone think of any other licenses or notices we may have
>> overlooked?
>
> Yes. Would appreciate your thoughts on the following:
>
> 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util
> (currently they are only Bouncy Castle -- I believe that we have ASL
> code in there, also).
I think we should do it
> 2) Do we need to add Bouncy Castle to our "global" LICENSE and NOTICE
> files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes.
> 3) Insure NOTICE files are included in our jar files (currently only
> LICENSE files are there)
> 4) Do we need to add LICENSE/NOTICE files in our generated CARs?
> 5) Can the "global" LICENSE and NOTICE files be used in all our
> generated artifacts (distributions, jars, cars)? Or do we need global
> files and specific license/notice files for generated module jars and
> car files?
>
> --kevan
2-4 should be run by legal, no?
To support #5, I hope we don't need some kind of maven magic.
Regards,
Alan
Re: More to be added to licenses file for 1.1.1 ?
Posted by Kevan Miller <ke...@gmail.com>.
On Jul 18, 2006, at 8:53 AM, John Sisson wrote:
> Whilst testing the geronimo eclipse plugin, eclipse prompted me to
> acknowledge the Sun license at http://developers.sun.com/license/
> berkeley_license.html when caching the j2ee schema files (e.g.
> http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ).
>
> This made me wonder whether this license has been included for
> Geronimo (since we redistribute schema files) and it appears the
> LICENSE.txt file in 1.1 doesn't contain it.
>
> I'll add a JIRA for 1.1.1 if there aren't any objections.
>
> Can anyone think of any other licenses or notices we may have
> overlooked?
Yes. Would appreciate your thoughts on the following:
1) Fix LICENSE and NOTICE files for branches/1.1/modules/util
(currently they are only Bouncy Castle -- I believe that we have ASL
code in there, also).
2) Do we need to add Bouncy Castle to our "global" LICENSE and NOTICE
files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes.
3) Insure NOTICE files are included in our jar files (currently only
LICENSE files are there)
4) Do we need to add LICENSE/NOTICE files in our generated CARs?
5) Can the "global" LICENSE and NOTICE files be used in all our
generated artifacts (distributions, jars, cars)? Or do we need global
files and specific license/notice files for generated module jars and
car files?
--kevan