You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Justin Mclean (Jira)" <ji...@apache.org> on 2021/05/18 07:15:00 UTC
[jira] [Commented] (LEGAL-574) Can we release vendored-in Apache
2.0-licensed code without mentioning it in LICENSE
[ https://issues.apache.org/jira/browse/LEGAL-574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17346630#comment-17346630 ]
Justin Mclean commented on LEGAL-574:
-------------------------------------
It used to be that adding anything with an Apache license didn't need to be mentioned in license, as they have the same license so nothing has legally changed. Over time this advice has shifted to mentioning it, but the link / mention only really needs to added for completeness sake [1]. IMO this would be a fix in next release type issue.
You may want to check if it has a NOTICE file (I didn't see one but I not 100% what version you are using) or there any other differently licensed code within it's codebase. Often 3rd party code says Apache on the cover but include other licensed code internally. On rare occasions this turns out to be incompatible with the Apache license. (Again I don't see any issue here)
1. https://infra.apache.org/licensing-howto.html#alv2-dep
> Can we release vendored-in Apache 2.0-licensed code without mentioning it in LICENSE
> -------------------------------------------------------------------------------------
>
> Key: LEGAL-574
> URL: https://issues.apache.org/jira/browse/LEGAL-574
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Jarek Potiuk
> Priority: Major
>
> Question: Can we release Airflow 2.1 source package where in LICENSE file we missed link to licence to a vendored-in dependency ? (the license of the vendored-in dependency itself is included)?
>
> We are about to release Airflow 2.1 (rc1 is out yesterday) and we vendored in `connexion` dependency in order to remove `requests` dependency (following https://issues.apache.org/jira/browse/LEGAL-572 discussion).
> We've added the full text of the licence to "licenses" folder: [https://github.com/apache/airflow/blob/master/licenses/LICENSE-connexion.txt]
> but we forgot to add the line referring to it (See the PR that adds the missing line afterwards:
> [https://github.com/apache/airflow/pull/15906/files)]
> The release policy states ([https://www.apache.org/legal/release-policy.html#license-file])
> ??When a package bundles code under several licenses, the {{LICENSE}} file MUST contain details of all these licenses. For each component which is not Apache licensed, details of the component MUST be appended to the {{LICENSE}} file. The component license itself MUST either be appended or else stored elsewhere in the package with a pointer to it from the {{LICENSE}} file, e.g. if the license is long.??
> It's a bit ambiguous, we are not sure if this "component which is not Apache licensed" refers to:
> # component which is not licensed by the Apache Software Foundation or
> # component which is not licensed under Apache 2.0 license
> In case 1. we probably cannot release it , in case 2. we probably can (the connexion dependency uses Apache 2.0 license).
> We are likely going to re-relase rc2 anyway, because of another problem (one non-generated file missed the licence header) [https://github.com/apache/airflow/pull/15908] but it would be great to clarify this for the future - and maybe make the policy a bit less ambiguous).
>
>
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org