You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Stefano Bagnara (JIRA)" <ji...@apache.org> on 2008/06/21 16:24:45 UTC
[jira] Created: (LEGAL-31) NOTICE/LICENSE and third party products
NOTICE/LICENSE and third party products
---------------------------------------
Key: LEGAL-31
URL: https://issues.apache.org/jira/browse/LEGAL-31
Project: Legal Discuss
Issue Type: Question
Reporter: Stefano Bagnara
Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Henri Yandell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732390#action_12732390 ]
Henri Yandell commented on LEGAL-31:
------------------------------------
My opinion - the LICENSE and NOTICE are for the ASF source code. A README should indicate the location of decoupled 3rd party products and their licensing files should be clearly located with the files.
I don't know of licenses that would require attribution in the main NOTICE, but I imagine it depends on how you interpret attribution clauses. Is a third party LICENSE file part of the product's documentation?
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Niclas Hedhman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12744351#action_12744351 ]
Niclas Hedhman commented on LEGAL-31:
-------------------------------------
This issue is a constant point of contention at the Incubator more than anywhere else, since other PMCs have established their own understanding of what is required. I suspect that the problems at Incubator is that each PMC member has a background from different other PMCs each doing one way or the other, hence podlings are given inconsistent and contradictory advice, making them less wiser and more frustrated.
And there is a great deal of opinion associated with this issue.
If there is going to be a ASF wide policy on the exact structuring of LICENSE/NOTICE and potentially other files, in respect to licensing requirements, then I think we need 2 things;
1. A directive from the Board, that the Legal Affairs committee is responsible to work out a policy proposal,
2. A champion within the Legal Affairs committee who go out and check how all the PMCs are doing it, and try to establish a couple of 'common practices' as a baseline for discussions of what should become policy.
The second step will in reality be an interesting exercise, almost like an audit, and my guess is that there will be several surprises...
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Sebb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12792845#action_12792845 ]
Sebb commented on LEGAL-31:
---------------------------
Surely two ASF products cannot be 3rd party to each other?
Also, I think the LICENSE file needs to be specific about which 3rd party products are present.
It should itemise each product, and point to its license. Referencing a whole directory is far too vague, IMO.
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Henri Yandell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12792805#action_12792805 ]
Henri Yandell commented on LEGAL-31:
------------------------------------
Agreed with Sebb. Which represents a slight shift of position for me.
The LICENSE file should be the starting point for a user looking at the distribution. I am however happy with it containing something like the phrase:
"Other 3rd party products may exist within the following locations. Licensing of those products is clearly marked in the directory:
lib/3rd-party-jars/
test/lib/jars/"
The NOTICE file is a little bit of a challenge here. It would also need to say:
"The LICENSE file indicates that 3rd party products may exist in various parts of this distribution. See the LICENSE file and the licensing of these 3rd party products for attribution requirements. "
---
One concern is whether it's okay for 3rd party to be another ASF product. 3rd party to the ASF or 3rd party to this product. Might need a language tweak there.
Thoughts?
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "ant elder (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12747343#action_12747343 ]
ant elder commented on LEGAL-31:
--------------------------------
The prominent listing of all licenses makes sense and matches what Henri said about being clearly located, and Juka's PDFBox case is one example of where that is not being done. Another example could be where there is no reference in the LICENSE or README file but the other licenses are in a top level directory named "ThisIsWhereThe3rdPartyLicensesAre", that seems quite clear and perhaps even easier to spot than pointing to them from some sentance burried within a README.
IMHO it seems reasonable to allow a little flexibility so could the policy be written to allow for that with just something like "3rd party products and their licensing files must be prominent and clearly located".
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "J Aaron Farr (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12747316#action_12747316 ]
J Aaron Farr commented on LEGAL-31:
-----------------------------------
I agree with Jukka that a prominent listing of all licenses should be encourages, if not required.
They definitely shouldn't be in the NOTICE file.
They could be stuffed in the LICENSE file, but I can appreciate ant elder's concerns about readability. Moreover just appending to the LICENSE file doesn't help as we need to clarify which files are under what license. Perhaps a compromise is a header in the LICENSE file which lists the location to all other licenses and identifies what code that license covers. The header could end with "All other material is licensed under the following..." or something like that.
If nothing else, the Incubator PMC should end up with a consistent policy for all podlings.
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12740952#action_12740952 ]
Jukka Zitting commented on LEGAL-31:
------------------------------------
IMHO it's important to have all relevant licensing information included or at least referenced in the top-level LICENSE and NOTICE files.
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Henri Yandell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12792895#action_12792895 ]
Henri Yandell commented on LEGAL-31:
------------------------------------
3rd party: A matter of language. I don't know if it's a legal term, if it's fine to use 2nd party to imply another product from Apache or if that is only subcompanies/contractors. Possibly it's best to avoid the whole nth party concept and find other language.
I think directory approaches are much more manageable. The everything in the LICENSE file approach practically guarantees that it's going to have releases with missing items or items that have since been deleted. This is not withstanding a tool like Maven that builds items. I'm not against people trying to do it all in the LICENSE file, and for tight projects with low levels of dependency that would be best, but I don't want 200k license files :)
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "ant elder (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12746574#action_12746574 ]
ant elder commented on LEGAL-31:
--------------------------------
IMHO i expect it makes no legal difference what so ever if the 3rd party licenses are in the top LICENSE or in separate files in some subdirectory, and it likely doesn't matter much whether or not that separate place is referenced from the top NOTICE, README or anywhere else. Even a cursory audit is going to find the licenses so any one who really cares will have no problem.
Being in the Incubator for a while I see a _lot_ of people prefer having licenses separate as it makes them easier to manage, and I appreciate that as when all in one file it can be hard to see whats there and scrolling through the long text its easy to miss the end of one license and the start of the next.
But IANAL. As Niclas says this is a constant point of contention at the Incubator so it would be wonderful to get a resolution.
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12746580#action_12746580 ]
Jukka Zitting commented on LEGAL-31:
------------------------------------
I disagree with the "cursory audit" part.
As an excellent example, see the PDFBox 0.7.3 release from http://sourceforge.net/projects/pdfbox/ and tell me all the licenses that govern parts of it. Many projects have been happily redistributing PDFBox based on the simple and clean top-level license that doesn't refer to any separate license terms of included code and other resources. The licensing issues only came to light when we started a thorough license review as part of the incubation of Apache PDFBox. See PDFBOX-366 for the gory details.
Another example, see https://issues.apache.org/bugzilla/show_bug.cgi?id=46756 where I reviewed the license terms governing redistribution of Apache POI releases. Some of the licenses were in META-INF/LICENSE files inside included jar files, some deep within the source tree as comments of individual source files, and some had to be traced back to the upstream project sites.
The above are definitely not best practice, but the point is that unless projects stick to a standard representation of all license terms it's impossible to know in advance whether a cursory audit or a deep review is needed to understand the full licensing status of a project. Having all the license terms included or at least referenced in the LICENSE file makes such reviews much easier.
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
[jira] Commented: (LEGAL-31) NOTICE/LICENSE and third party
products
Posted by "Sebb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LEGAL-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12747350#action_12747350 ]
Sebb commented on LEGAL-31:
---------------------------
I don't see what's wrong with listing the licenses in the LICENSE file. See for example:
http://svn.apache.org/repos/asf/httpd/httpd/trunk/LICENSE
The benefit of that is that the file describes which license applies to each 3rd party product, and products with identical licenses can share them.
I don't see how a separate directory will work, unless there is a separate text file that lists which license is for which product.
In which case this text might as well be in the LICENSE file.
I do think there may be some advantage to having a LICENSES directory which contains the raw licenses; the main LICENSE file can then list them.
For example:
Third party licenses
================
ProductA 1.3, ProductB 2.4:
Licensed under The Sun Public License 1.0, http://java.sun.com/spl.html, see LICENSES/spl.html
Product C 5.6
etc.
I think it is essential that the user can start with the single LICENSE file and from that find all the licenses.
> NOTICE/LICENSE and third party products
> ---------------------------------------
>
> Key: LEGAL-31
> URL: https://issues.apache.org/jira/browse/LEGAL-31
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Stefano Bagnara
>
> Legal Affairs still doesn't have consensus about whether the LICENSE/NOTICE for an ASF release should contain links to (or include) LICENSEs/NOTICEs of 3rd party products included within the release. In any case the LICENSE for the 3rd party product has to be placed near the product or appended to the main LICENSE file and for some licenses attribution in the main NOTICE is madatory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org