You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by David Jencks <da...@yahoo.com> on 2008/03/10 19:44:47 UTC
Legal files and maven automation
IIUC we've previously agreed that the only LICENSE and NOTICE files
that actually need to be in svn are at the root of expected checkouts
such as trunk, branches/xxx, and tags/xxx; all other LICENSE and
NOTICE files in distributable artifacts can be generated by some
process. Projects that use maven often want to use the maven-remote-
resources-plugin to generate these files since typically many of them
are identical.
Furthermore as Roy pointed out recently the NOTICE file should be
really really minimal and only include information relevant to what
is actually in the distribution unit such as a jar. There's been a
lot of complaint about the resource bundles typically used with the
maven-remote-resources-plugin since the NOTICE files include
essentially a list of the transitive dependencies of the maven
project. I think many people find this dependency information useful
but it clearly does not belong in the NOTICE file.
At Geronimo I've developed a resource bundle that attempts to address
these issues. I'd like to find out if there are any objections to it
and if not propose it as the standard resource bundle for use at
apache by the maven-remote-resources-plugin. Right now its in the
voting stage of release and can be checked out at
https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4/
legal-bundle
and viewed at
http://people.apache.org/~djencks/staging-repo/org/apache/geronimo/
genesis/legal-bundle/1.4/legal-bundle-1.4.jar
Here's what it does:
By default, the LICENSE file is the standard apache license. The
NOTICE file is generated from a velocity template; here's an example
of the output (between ----- lines which are not included)
------------------------------------------------------
Geronimo :: Directory Plugin
Copyright 2003-2008 Apache Software Foundation
This product includes software developed at
Apache Software Foundation (http://www.apache.org/).
------------------------------------------------------
In the 99% of the time when this is the correct LICENSE and NOTICE,
that's all you do. In the remaining 1% of the time where additional
information is needed appended to these standard files, you put the
additions in
src/main/appended-resources/LICENSE
and
src/main/appended-resources/NOTICE
In the remaining 0.1% of the time where the standard files are not
correct you can arrange by other means to insert custom LICENSE and
NOTICE files.
In addition, there is a generated DEPENDENCIES file that lists the
transitive dependencies of the project, determined from the poms,
organized by organization, with the known license info. Here's an
example of such a DEPENDENCIES file:
// ------------------------------------------------------------------
// Transitive dependencies of this project determined from the
// maven pom organized by organization.
// ------------------------------------------------------------------
Genesis Plugins :: Tools
From: 'an unknown organization'
- Unnamed - ant:ant:jar:1.6.5 ant:ant:jar:1.6.5
- Unnamed - junit:junit:jar:3.8.1 junit:junit:jar:3.8.1
From: 'Apache Software Foundation' (http://www.apache.org/)
- Maven Artifact (http://maven.apache.org/maven-artifact)
org.apache.maven:maven-artifact:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Artifact Manager (http://maven.apache.org/maven-artifact-
manager) org.apache.maven:maven-artifact-manager:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Model (http://maven.apache.org/maven-model)
org.apache.maven:maven-model:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Plugin API (http://maven.apache.org/maven-plugin-api)
org.apache.maven:maven-plugin-api:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Profile Model (http://maven.apache.org/maven-profile)
org.apache.maven:maven-profile:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Project Builder (http://maven.apache.org/maven-project)
org.apache.maven:maven-project:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Repository Metadata Model (http://maven.apache.org/maven-
repository-metadata) org.apache.maven:maven-repository-metadata:jar:
2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Local Settings Model (http://maven.apache.org/maven-
settings) org.apache.maven:maven-settings:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Wagon API org.apache.maven.wagon:wagon-provider-api:jar:
1.0-alpha-6
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
From: 'Codehaus' (http://codehaus.org)
- Plugin Support (http://mojo.codehaus.org/plugin-support)
org.codehaus.mojo:plugin-support:jar:1.0-alpha-1
From: 'Codehaus' (http://www.codehaus.org/)
- Default Plexus Container org.codehaus.plexus:plexus-container-
default:jar:1.0-alpha-9
- Plexus Common Utilities org.codehaus.plexus:plexus-utils:jar:1.2
From: 'The Apache Software Foundation' (http://jakarta.apache.org)
- Commons JEXL (http://jakarta.apache.org/commons/jexl/) commons-
jexl:commons-jexl:jar:1.1
License: The Apache Software License, Version 2.0 (/LICENSE.txt)
- Lang (http://jakarta.apache.org/commons/lang/) commons-
lang:commons-lang:jar:2.3
License: The Apache Software License, Version 2.0 (/LICENSE.txt)
- Logging (http://jakarta.apache.org/commons/logging/) commons-
logging:commons-logging:jar:1.0.4
License: The Apache Software License, Version 2.0 (/LICENSE.txt)
From: 'The Codehaus' (http://codehaus.org/)
- classworlds (http://classworlds.codehaus.org/)
classworlds:classworlds:jar:1.1-alpha-2
------------------------------------------------------------------
As with any resource bundle for the m-r-r-p, you can supply missing
information such as organization and license in a src/main/remote-
resources/supplemental-models.xml file.
------------------------------------------------------------------
Note on javaee5 artifacts:
Some javaee5 artifacts such as wars and ears when built by maven
usually physically include all or some of the dependencies of the
maven project. While it might be nice to have the m-r-r-p roll up
the LICENSE and NOTICE files from the contents and come up with
something, that is out of scope of this proposal. I expect anyone
building such an assembly will examine the contents and construct by
hand suitable files to append to the standard LICENSE and NOTICE files.
------------------------------------------------------------------
Objections? Comments?
many thanks
david jencks
Re: Legal files and maven automation
Posted by Sam Ruby <ru...@intertwingly.net>.
On Mon, Mar 10, 2008 at 4:27 PM, Henri Yandell <ba...@apache.org> wrote:
> On Mon, Mar 10, 2008 at 1:09 PM, David Jencks <da...@yahoo.com> wrote:
> >
> >
> > On Mar 10, 2008, at 12:43 PM, Henri Yandell wrote:
>
> > > Two thoughts:
> > >
> > > 1) How is the end-year of the copyright done? AIUI, that should be the
> > > year of last edit and not the year in which it is built. So if I build
> > > something that hasn't been touched in a year, it should still have
> > > last year's year on it.
> >
> > I think it is the current year. I could argue that this is only
> > relevant for releases, at which time the version in the pom has
> > changed, and the pom is included in the artifacts, therefore
> > something has changed, but that argument is a bit weak. Personally I
> > think having a copyright date range from project inception to now is
> > better than having definitely out-of-date NOTICE files included in
> > most or all artifacts, which is positively assured if this process is
> > done by hand.
> >
> > Is this a blocker?
>
> Not sure. Sam/others?
Not a blocker. What (little) I know about the subject, I discussed here:
http://wiki.apache.org/legal/3party/notice/discuss
- Sam Ruby
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by Sam Ruby <ru...@intertwingly.net>.
On Mon, Mar 10, 2008 at 4:27 PM, Henri Yandell <ba...@apache.org> wrote:
> On Mon, Mar 10, 2008 at 1:09 PM, David Jencks <da...@yahoo.com> wrote:
> >
> >
> > On Mar 10, 2008, at 12:43 PM, Henri Yandell wrote:
>
> > > Two thoughts:
> > >
> > > 1) How is the end-year of the copyright done? AIUI, that should be the
> > > year of last edit and not the year in which it is built. So if I build
> > > something that hasn't been touched in a year, it should still have
> > > last year's year on it.
> >
> > I think it is the current year. I could argue that this is only
> > relevant for releases, at which time the version in the pom has
> > changed, and the pom is included in the artifacts, therefore
> > something has changed, but that argument is a bit weak. Personally I
> > think having a copyright date range from project inception to now is
> > better than having definitely out-of-date NOTICE files included in
> > most or all artifacts, which is positively assured if this process is
> > done by hand.
> >
> > Is this a blocker?
>
> Not sure. Sam/others?
Not a blocker. What (little) I know about the subject, I discussed here:
http://wiki.apache.org/legal/3party/notice/discuss
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by Henri Yandell <ba...@apache.org>.
On Mon, Mar 10, 2008 at 1:09 PM, David Jencks <da...@yahoo.com> wrote:
>
>
> On Mar 10, 2008, at 12:43 PM, Henri Yandell wrote:
> > Two thoughts:
> >
> > 1) How is the end-year of the copyright done? AIUI, that should be the
> > year of last edit and not the year in which it is built. So if I build
> > something that hasn't been touched in a year, it should still have
> > last year's year on it.
>
> I think it is the current year. I could argue that this is only
> relevant for releases, at which time the version in the pom has
> changed, and the pom is included in the artifacts, therefore
> something has changed, but that argument is a bit weak. Personally I
> think having a copyright date range from project inception to now is
> better than having definitely out-of-date NOTICE files included in
> most or all artifacts, which is positively assured if this process is
> done by hand.
>
> Is this a blocker?
Not sure. Sam/others?
I'm never sure if this is pedantry or critical.
> > 2) Add a macro language for the license/notice so it can pull things
> > in from the transitives when added in. It should also fail when it
> > can't find said license information. At least for the LICENSE part as
> > that applies to all licenses etc. I'm not sure we have NOTICEs in the
> > Maven repository.
>
> I thought the whole point of the discussion up to now on what goes in
> LICENSE and NOTICE files is that they definitely apply to ONLY what
> is actually IN the artifact and not any of its dependencies or what
> might be required to actually use the artifact in any meaningful
> way. Given that I said that rolling up LICENSE and NOTICE files for
> artifacts that assemble and contain other artifacts such as wars and
> ears is out of scope for this proposal, I'm very confused about what
> you might be suggesting. Could you please clarify how this macro
> language would apply to this proposal?
Let's say I include a few of the jars in my distribution, but not all.
Then I'll need to add some of the LICENSE files and not other. It'd be
nice to just put in:
%{org.commons.apache/lang/LICENSE}
That way if I update to Lang 8.0 and it's AL 3.0; then the license
gets auto updated.
> I'd really prefer to discuss the actual possibility of using exactly
> what I am proposing in this thread on legal-discuss and discuss
> possible enhancements and improvements elsewhere. There is a
> gigantic tendency on legal discuss to have infinitely long
> discussions with no conclusion, but I would like to know if there are
> actual problems with using this actual resource bundle right now in
> projects I would like to release this week.
>
> Could we restrict all discussion of possible future enhancements to
> the maven-dev list?
Will do. Answering your question above as I'm not on maven-dev - if
it's worth following up, please cc me.
Hen
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by Henri Yandell <ba...@apache.org>.
On Mon, Mar 10, 2008 at 1:09 PM, David Jencks <da...@yahoo.com> wrote:
>
>
> On Mar 10, 2008, at 12:43 PM, Henri Yandell wrote:
> > Two thoughts:
> >
> > 1) How is the end-year of the copyright done? AIUI, that should be the
> > year of last edit and not the year in which it is built. So if I build
> > something that hasn't been touched in a year, it should still have
> > last year's year on it.
>
> I think it is the current year. I could argue that this is only
> relevant for releases, at which time the version in the pom has
> changed, and the pom is included in the artifacts, therefore
> something has changed, but that argument is a bit weak. Personally I
> think having a copyright date range from project inception to now is
> better than having definitely out-of-date NOTICE files included in
> most or all artifacts, which is positively assured if this process is
> done by hand.
>
> Is this a blocker?
Not sure. Sam/others?
I'm never sure if this is pedantry or critical.
> > 2) Add a macro language for the license/notice so it can pull things
> > in from the transitives when added in. It should also fail when it
> > can't find said license information. At least for the LICENSE part as
> > that applies to all licenses etc. I'm not sure we have NOTICEs in the
> > Maven repository.
>
> I thought the whole point of the discussion up to now on what goes in
> LICENSE and NOTICE files is that they definitely apply to ONLY what
> is actually IN the artifact and not any of its dependencies or what
> might be required to actually use the artifact in any meaningful
> way. Given that I said that rolling up LICENSE and NOTICE files for
> artifacts that assemble and contain other artifacts such as wars and
> ears is out of scope for this proposal, I'm very confused about what
> you might be suggesting. Could you please clarify how this macro
> language would apply to this proposal?
Let's say I include a few of the jars in my distribution, but not all.
Then I'll need to add some of the LICENSE files and not other. It'd be
nice to just put in:
%{org.commons.apache/lang/LICENSE}
That way if I update to Lang 8.0 and it's AL 3.0; then the license
gets auto updated.
> I'd really prefer to discuss the actual possibility of using exactly
> what I am proposing in this thread on legal-discuss and discuss
> possible enhancements and improvements elsewhere. There is a
> gigantic tendency on legal discuss to have infinitely long
> discussions with no conclusion, but I would like to know if there are
> actual problems with using this actual resource bundle right now in
> projects I would like to release this week.
>
> Could we restrict all discussion of possible future enhancements to
> the maven-dev list?
Will do. Answering your question above as I'm not on maven-dev - if
it's worth following up, please cc me.
Hen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by David Jencks <da...@yahoo.com>.
On Mar 10, 2008, at 12:43 PM, Henri Yandell wrote:
> On Mon, Mar 10, 2008 at 11:44 AM, David Jencks
> <da...@yahoo.com> wrote:
>
>> Here's what it does:
>> By default, the LICENSE file is the standard apache license. The
>> NOTICE
>> file is generated from a velocity template; here's an example of
>> the output
>> (between ----- lines which are not included)
>> ------------------------------------------------------
>> Geronimo :: Directory Plugin
>> Copyright 2003-2008 Apache Software Foundation
>> This product includes software developed at
>> Apache Software Foundation (http://www.apache.org/).
>> ------------------------------------------------------
>>
>> In the 99% of the time when this is the correct LICENSE and
>> NOTICE, that's
>> all you do. In the remaining 1% of the time where additional
>> information is
>> needed appended to these standard files, you put the additions in
>> src/main/appended-resources/LICENSE
>> and
>> src/main/appended-resources/NOTICE
>>
>> In the remaining 0.1% of the time where the standard files are not
>> correct
>> you can arrange by other means to insert custom LICENSE and NOTICE
>> files.
>
> Looks good to me.
>
> Two thoughts:
>
> 1) How is the end-year of the copyright done? AIUI, that should be the
> year of last edit and not the year in which it is built. So if I build
> something that hasn't been touched in a year, it should still have
> last year's year on it.
I think it is the current year. I could argue that this is only
relevant for releases, at which time the version in the pom has
changed, and the pom is included in the artifacts, therefore
something has changed, but that argument is a bit weak. Personally I
think having a copyright date range from project inception to now is
better than having definitely out-of-date NOTICE files included in
most or all artifacts, which is positively assured if this process is
done by hand.
Is this a blocker?
>
> 2) Add a macro language for the license/notice so it can pull things
> in from the transitives when added in. It should also fail when it
> can't find said license information. At least for the LICENSE part as
> that applies to all licenses etc. I'm not sure we have NOTICEs in the
> Maven repository.
I thought the whole point of the discussion up to now on what goes in
LICENSE and NOTICE files is that they definitely apply to ONLY what
is actually IN the artifact and not any of its dependencies or what
might be required to actually use the artifact in any meaningful
way. Given that I said that rolling up LICENSE and NOTICE files for
artifacts that assemble and contain other artifacts such as wars and
ears is out of scope for this proposal, I'm very confused about what
you might be suggesting. Could you please clarify how this macro
language would apply to this proposal?
I'd really prefer to discuss the actual possibility of using exactly
what I am proposing in this thread on legal-discuss and discuss
possible enhancements and improvements elsewhere. There is a
gigantic tendency on legal discuss to have infinitely long
discussions with no conclusion, but I would like to know if there are
actual problems with using this actual resource bundle right now in
projects I would like to release this week.
Could we restrict all discussion of possible future enhancements to
the maven-dev list?
many thanks
david jencks
>
> Hen
>
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only. Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF. See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by David Jencks <da...@yahoo.com>.
On Mar 10, 2008, at 12:43 PM, Henri Yandell wrote:
> On Mon, Mar 10, 2008 at 11:44 AM, David Jencks
> <da...@yahoo.com> wrote:
>
>> Here's what it does:
>> By default, the LICENSE file is the standard apache license. The
>> NOTICE
>> file is generated from a velocity template; here's an example of
>> the output
>> (between ----- lines which are not included)
>> ------------------------------------------------------
>> Geronimo :: Directory Plugin
>> Copyright 2003-2008 Apache Software Foundation
>> This product includes software developed at
>> Apache Software Foundation (http://www.apache.org/).
>> ------------------------------------------------------
>>
>> In the 99% of the time when this is the correct LICENSE and
>> NOTICE, that's
>> all you do. In the remaining 1% of the time where additional
>> information is
>> needed appended to these standard files, you put the additions in
>> src/main/appended-resources/LICENSE
>> and
>> src/main/appended-resources/NOTICE
>>
>> In the remaining 0.1% of the time where the standard files are not
>> correct
>> you can arrange by other means to insert custom LICENSE and NOTICE
>> files.
>
> Looks good to me.
>
> Two thoughts:
>
> 1) How is the end-year of the copyright done? AIUI, that should be the
> year of last edit and not the year in which it is built. So if I build
> something that hasn't been touched in a year, it should still have
> last year's year on it.
I think it is the current year. I could argue that this is only
relevant for releases, at which time the version in the pom has
changed, and the pom is included in the artifacts, therefore
something has changed, but that argument is a bit weak. Personally I
think having a copyright date range from project inception to now is
better than having definitely out-of-date NOTICE files included in
most or all artifacts, which is positively assured if this process is
done by hand.
Is this a blocker?
>
> 2) Add a macro language for the license/notice so it can pull things
> in from the transitives when added in. It should also fail when it
> can't find said license information. At least for the LICENSE part as
> that applies to all licenses etc. I'm not sure we have NOTICEs in the
> Maven repository.
I thought the whole point of the discussion up to now on what goes in
LICENSE and NOTICE files is that they definitely apply to ONLY what
is actually IN the artifact and not any of its dependencies or what
might be required to actually use the artifact in any meaningful
way. Given that I said that rolling up LICENSE and NOTICE files for
artifacts that assemble and contain other artifacts such as wars and
ears is out of scope for this proposal, I'm very confused about what
you might be suggesting. Could you please clarify how this macro
language would apply to this proposal?
I'd really prefer to discuss the actual possibility of using exactly
what I am proposing in this thread on legal-discuss and discuss
possible enhancements and improvements elsewhere. There is a
gigantic tendency on legal discuss to have infinitely long
discussions with no conclusion, but I would like to know if there are
actual problems with using this actual resource bundle right now in
projects I would like to release this week.
Could we restrict all discussion of possible future enhancements to
the maven-dev list?
many thanks
david jencks
>
> Hen
>
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only. Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF. See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by Henri Yandell <ba...@apache.org>.
On Mon, Mar 10, 2008 at 11:44 AM, David Jencks <da...@yahoo.com> wrote:
> Here's what it does:
> By default, the LICENSE file is the standard apache license. The NOTICE
> file is generated from a velocity template; here's an example of the output
> (between ----- lines which are not included)
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
>
> In the 99% of the time when this is the correct LICENSE and NOTICE, that's
> all you do. In the remaining 1% of the time where additional information is
> needed appended to these standard files, you put the additions in
> src/main/appended-resources/LICENSE
> and
> src/main/appended-resources/NOTICE
>
> In the remaining 0.1% of the time where the standard files are not correct
> you can arrange by other means to insert custom LICENSE and NOTICE files.
Looks good to me.
Two thoughts:
1) How is the end-year of the copyright done? AIUI, that should be the
year of last edit and not the year in which it is built. So if I build
something that hasn't been touched in a year, it should still have
last year's year on it.
2) Add a macro language for the license/notice so it can pull things
in from the transitives when added in. It should also fail when it
can't find said license information. At least for the LICENSE part as
that applies to all licenses etc. I'm not sure we have NOTICEs in the
Maven repository.
Hen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by Henri Yandell <ba...@apache.org>.
On Mon, Mar 10, 2008 at 11:44 AM, David Jencks <da...@yahoo.com> wrote:
> Here's what it does:
> By default, the LICENSE file is the standard apache license. The NOTICE
> file is generated from a velocity template; here's an example of the output
> (between ----- lines which are not included)
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
>
> In the 99% of the time when this is the correct LICENSE and NOTICE, that's
> all you do. In the remaining 1% of the time where additional information is
> needed appended to these standard files, you put the additions in
> src/main/appended-resources/LICENSE
> and
> src/main/appended-resources/NOTICE
>
> In the remaining 0.1% of the time where the standard files are not correct
> you can arrange by other means to insert custom LICENSE and NOTICE files.
Looks good to me.
Two thoughts:
1) How is the end-year of the copyright done? AIUI, that should be the
year of last edit and not the year in which it is built. So if I build
something that hasn't been touched in a year, it should still have
last year's year on it.
2) Add a macro language for the license/notice so it can pull things
in from the transitives when added in. It should also fail when it
can't find said license information. At least for the LICENSE part as
that applies to all licenses etc. I'm not sure we have NOTICEs in the
Maven repository.
Hen
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by Brett Porter <br...@apache.org>.
You weren't blocked - the vote passed on 26 Feb. The notice file
should have less information - but it was not a blocker.
FWIW, I like David's solution - it does put the onus back on the
developer to understand the licenses of all your dependencies, but I
feel that is necessary in this case.
On 11/03/2008, at 6:10 AM, Shane Isbell wrote:
> This sounds good to me. I recently tried to release a first version of
> Apache NMaven in the incubator and got blocked on this very issue of
> having
> the dependency info in the Notice file. Any solution would be
> appreciated.
>
> Shane
>
> On Mon, Mar 10, 2008 at 11:44 AM, David Jencks
> <da...@yahoo.com>
> wrote:
>
>> IIUC we've previously agreed that the only LICENSE and NOTICE files
>> that actually need to be in svn are at the root of expected checkouts
>> such as trunk, branches/xxx, and tags/xxx; all other LICENSE and
>> NOTICE files in distributable artifacts can be generated by some
>> process. Projects that use maven often want to use the maven-remote-
>> resources-plugin to generate these files since typically many of them
>> are identical.
>>
>> Furthermore as Roy pointed out recently the NOTICE file should be
>> really really minimal and only include information relevant to what
>> is actually in the distribution unit such as a jar. There's been a
>> lot of complaint about the resource bundles typically used with the
>> maven-remote-resources-plugin since the NOTICE files include
>> essentially a list of the transitive dependencies of the maven
>> project. I think many people find this dependency information useful
>> but it clearly does not belong in the NOTICE file.
>>
>> At Geronimo I've developed a resource bundle that attempts to address
>> these issues. I'd like to find out if there are any objections to it
>> and if not propose it as the standard resource bundle for use at
>> apache by the maven-remote-resources-plugin. Right now its in the
>> voting stage of release and can be checked out at
>>
>> https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4/
>> legal-bundle
>> and viewed at
>> http://people.apache.org/~djencks/staging-repo/org/apache/geronimo/
>> genesis/legal-bundle/1.4/legal-bundle-1.4.jar
>>
>>
>> Here's what it does:
>> By default, the LICENSE file is the standard apache license. The
>> NOTICE file is generated from a velocity template; here's an example
>> of the output (between ----- lines which are not included)
>> ------------------------------------------------------
>> Geronimo :: Directory Plugin
>> Copyright 2003-2008 Apache Software Foundation
>> This product includes software developed at
>> Apache Software Foundation (http://www.apache.org/).
>> ------------------------------------------------------
>>
>> In the 99% of the time when this is the correct LICENSE and NOTICE,
>> that's all you do. In the remaining 1% of the time where additional
>> information is needed appended to these standard files, you put the
>> additions in
>> src/main/appended-resources/LICENSE
>> and
>> src/main/appended-resources/NOTICE
>>
>> In the remaining 0.1% of the time where the standard files are not
>> correct you can arrange by other means to insert custom LICENSE and
>> NOTICE files.
>>
>> In addition, there is a generated DEPENDENCIES file that lists the
>> transitive dependencies of the project, determined from the poms,
>> organized by organization, with the known license info. Here's an
>> example of such a DEPENDENCIES file:
>>
>> // ------------------------------------------------------------------
>> // Transitive dependencies of this project determined from the
>> // maven pom organized by organization.
>> // ------------------------------------------------------------------
>>
>> Genesis Plugins :: Tools
>> From: 'an unknown organization'
>> - Unnamed - ant:ant:jar:1.6.5 ant:ant:jar:1.6.5
>>
>> - Unnamed - junit:junit:jar:3.8.1 junit:junit:jar:3.8.1
>>
>>
>> From: 'Apache Software Foundation' (http://www.apache.org/)
>> - Maven Artifact (http://maven.apache.org/maven-artifact)
>> org.apache.maven:maven-artifact:jar:2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Artifact Manager (http://maven.apache.org/maven-artifact-
>> manager) org.apache.maven:maven-artifact-manager:jar:2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Model (http://maven.apache.org/maven-model)
>> org.apache.maven:maven-model:jar:2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Plugin API (http://maven.apache.org/maven-plugin-api)
>> org.apache.maven:maven-plugin-api:jar:2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Profile Model (http://maven.apache.org/maven-profile)
>> org.apache.maven:maven-profile:jar:2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Project Builder (http://maven.apache.org/maven-project)
>> org.apache.maven:maven-project:jar:2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Repository Metadata Model (http://maven.apache.org/maven-
>> repository-metadata) org.apache.maven:maven-repository-metadata:jar:
>> 2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Local Settings Model (http://maven.apache.org/maven-
>> settings) org.apache.maven:maven-settings:jar:2.0.4
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>> - Maven Wagon API org.apache.maven.wagon:wagon-provider-api:jar:
>> 1.0-alpha-6
>> License: The Apache Software License, Version 2.0 (http://
>> www.apache.org/licenses/LICENSE-2.0.txt)
>>
>> From: 'Codehaus' (http://codehaus.org)
>> - Plugin Support (http://mojo.codehaus.org/plugin-support)
>> org.codehaus.mojo:plugin-support:jar:1.0-alpha-1
>>
>>
>> From: 'Codehaus' (http://www.codehaus.org/)
>> - Default Plexus Container org.codehaus.plexus:plexus-container-
>> default:jar:1.0-alpha-9
>>
>> - Plexus Common Utilities org.codehaus.plexus:plexus-utils:jar:1.2
>>
>>
>> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
>> - Commons JEXL (http://jakarta.apache.org/commons/jexl/) commons-
>> jexl:commons-jexl:jar:1.1
>> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
>> - Lang (http://jakarta.apache.org/commons/lang/) commons-
>> lang:commons-lang:jar:2.3
>> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
>> - Logging (http://jakarta.apache.org/commons/logging/) commons-
>> logging:commons-logging:jar:1.0.4
>> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
>>
>> From: 'The Codehaus' (http://codehaus.org/)
>> - classworlds (http://classworlds.codehaus.org/)
>> classworlds:classworlds:jar:1.1-alpha-2
>>
>>
>> ------------------------------------------------------------------
>>
>> As with any resource bundle for the m-r-r-p, you can supply missing
>> information such as organization and license in a src/main/remote-
>> resources/supplemental-models.xml file.
>>
>> ------------------------------------------------------------------
>> Note on javaee5 artifacts:
>> Some javaee5 artifacts such as wars and ears when built by maven
>> usually physically include all or some of the dependencies of the
>> maven project. While it might be nice to have the m-r-r-p roll up
>> the LICENSE and NOTICE files from the contents and come up with
>> something, that is out of scope of this proposal. I expect anyone
>> building such an assembly will examine the contents and construct by
>> hand suitable files to append to the standard LICENSE and NOTICE
>> files.
>>
>> ------------------------------------------------------------------
>> Objections? Comments?
>>
>> many thanks
>> david jencks
>>
>>
>>
--
Brett Porter
brett@apache.org
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by David Jencks <da...@yahoo.com>.
On Mar 10, 2008, at 2:55 PM, Erik Abele wrote:
> On 10.03.2008, at 20:10, Shane Isbell wrote:
>
>> ...
>> ------------------------------------------------------
>> Geronimo :: Directory Plugin
>> Copyright 2003-2008 Apache Software Foundation
>> This product includes software developed at
>> Apache Software Foundation (http://www.apache.org/).
>> ------------------------------------------------------
>
> It's always "The Apache Software Foundation".
So
------------------------------------------------------
Geronimo :: Directory Plugin
Copyright 2003-2008 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
------------------------------------------------------
(2 "the"s inserted) would be correct?
Is this error a blocker or can it be fixed in the next release of the
resource bundle?
>
>> ...
>> From: 'Apache Software Foundation' (http://www.apache.org/)
>
> Same here.
The stuff in the DEPENDENCIES file is derived from other released
poms generally not under the control of the current project release.
You are welcome to beat the other PMCs with a variety of large blunt
objects, but I think trying to second guess them in this
informational report is not practical.
thanks
david jencks
>
>> ...
>> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
>
> And here it's fine :-)
>
> Cheers,
> Erik
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by sebb <se...@gmail.com>.
On 10/03/2008, David Jencks <da...@yahoo.com> wrote:
>
>
> On Mar 10, 2008, at 2:55 PM, Erik Abele wrote:
>
>
>
> On 10.03.2008, at 20:10, Shane Isbell wrote:
>
>
>
> ...
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
>
> It's always "The Apache Software Foundation".
>
> So
>
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 The Apache Software Foundation
> This product includes software developed at
> The Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
> (2 "the"s inserted) would be correct?
>
> Is this error a blocker or can it be fixed in the next release of the
> resource bundle?
>
Also, rather than just Geronimo, it should surely be Apache Geronimo?
>
>
>
>
>
> ...
> From: 'Apache Software Foundation' (http://www.apache.org/)
>
> Same here.
> The stuff in the DEPENDENCIES file is derived from other released poms
> generally not under the control of the current project release. You are
> welcome to beat the other PMCs with a variety of large blunt objects, but I
> think trying to second guess them in this informational report is not
> practical.
>
> thanks
> david jencks
>
>
>
>
>
>
> ...
> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
>
> And here it's fine :-)
>
> Cheers,
> Erik
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
>
>
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by David Jencks <da...@yahoo.com>.
I fixed the typo (missing "The" in "The Apache Software Foundation")
in the actual artifacts voted on for geronimo release. The project
name is the responsibility of the project using the legal-bundle.
Its been 72 hours...
IIUC there are no objections in principle to this scheme of
generating the LICENSE and NOTICE files so I'll go ahead and propose
that maven adopt this as the standard recommended maven-remote-
resources-plugin bundle for apache projects.
thanks
david jencks
On Mar 11, 2008, at 6:27 AM, sebb wrote:
> On 10/03/2008, Erik Abele <er...@codefaktor.de> wrote:
>> On 10.03.2008, at 23:46, David Jencks wrote:
>>
>>> ...
>>> ------------------------------------------------------
>>> Geronimo :: Directory Plugin
>>
>>> Copyright 2003-2008 The Apache Software Foundation
>>> This product includes software developed at
>>> The Apache Software Foundation (http://www.apache.org/).
>>> ------------------------------------------------------
>>> (2 "the"s inserted) would be correct?
>>
>>
>> Yep, looks good - though as Sebastian already pointed out it probably
>> should also say "Apache Geronimo"...
>>
>> Here's an example from HTTP: https://svn.apache.org/repos/asf/httpd/
>> httpd/trunk/NOTICE
>>
>>
>>> Is this error a blocker or can it be fixed in the next release of
>>> the resource bundle?
>>
>>
>> Not a blocker IMHO.
>>
>
> I'd say it is a blocker:
>
> AIUI, this is a new plugin, so the release is not being made to fix an
> existing bug.
>
> If the plugin is released as is, then all the projects that use it are
> going to have incorrect text in the NOTICE file. How are they going to
> deal with that if/when the next release vote is called?
>
> I could be wrong, but it seems to me that it should not be difficult
> to fix these issues.
>
> It will obviously be a bit more work for the plugin maintainer now,
> but will save potentially quite a lot of work later.
>
>>
>>>>> ...
>>>>> From: 'Apache Software Foundation' (http://www.apache.org/)
>>>>
>>>> Same here.
>>>>
>>> The stuff in the DEPENDENCIES file is derived from other released
>>> poms generally not under the control of the current project
>>> release. You are welcome to beat the other PMCs with a variety of
>>> large blunt objects, but I think trying to second guess them in
>>> this informational report is not practical.
>>
>>
>> Hehe, sure :-)
>>
>>
>> Cheers,
>> Erik
>>
>>
>>
>> ---------------------------------------------------------------------
>> DISCLAIMER: Discussions on this list are informational and
>> educational
>> only. Statements made on this list are not privileged, do not
>> constitute legal advice, and do not necessarily reflect the opinions
>> and policies of the ASF. See <http://www.apache.org/licenses/> for
>> official ASF policies and documents.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>>
>
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only. Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF. See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by David Jencks <da...@yahoo.com>.
I fixed the typo (missing "The" in "The Apache Software Foundation")
in the actual artifacts voted on for geronimo release. The project
name is the responsibility of the project using the legal-bundle.
Its been 72 hours...
IIUC there are no objections in principle to this scheme of
generating the LICENSE and NOTICE files so I'll go ahead and propose
that maven adopt this as the standard recommended maven-remote-
resources-plugin bundle for apache projects.
thanks
david jencks
On Mar 11, 2008, at 6:27 AM, sebb wrote:
> On 10/03/2008, Erik Abele <er...@codefaktor.de> wrote:
>> On 10.03.2008, at 23:46, David Jencks wrote:
>>
>>> ...
>>> ------------------------------------------------------
>>> Geronimo :: Directory Plugin
>>
>>> Copyright 2003-2008 The Apache Software Foundation
>>> This product includes software developed at
>>> The Apache Software Foundation (http://www.apache.org/).
>>> ------------------------------------------------------
>>> (2 "the"s inserted) would be correct?
>>
>>
>> Yep, looks good - though as Sebastian already pointed out it probably
>> should also say "Apache Geronimo"...
>>
>> Here's an example from HTTP: https://svn.apache.org/repos/asf/httpd/
>> httpd/trunk/NOTICE
>>
>>
>>> Is this error a blocker or can it be fixed in the next release of
>>> the resource bundle?
>>
>>
>> Not a blocker IMHO.
>>
>
> I'd say it is a blocker:
>
> AIUI, this is a new plugin, so the release is not being made to fix an
> existing bug.
>
> If the plugin is released as is, then all the projects that use it are
> going to have incorrect text in the NOTICE file. How are they going to
> deal with that if/when the next release vote is called?
>
> I could be wrong, but it seems to me that it should not be difficult
> to fix these issues.
>
> It will obviously be a bit more work for the plugin maintainer now,
> but will save potentially quite a lot of work later.
>
>>
>>>>> ...
>>>>> From: 'Apache Software Foundation' (http://www.apache.org/)
>>>>
>>>> Same here.
>>>>
>>> The stuff in the DEPENDENCIES file is derived from other released
>>> poms generally not under the control of the current project
>>> release. You are welcome to beat the other PMCs with a variety of
>>> large blunt objects, but I think trying to second guess them in
>>> this informational report is not practical.
>>
>>
>> Hehe, sure :-)
>>
>>
>> Cheers,
>> Erik
>>
>>
>>
>> ---------------------------------------------------------------------
>> DISCLAIMER: Discussions on this list are informational and
>> educational
>> only. Statements made on this list are not privileged, do not
>> constitute legal advice, and do not necessarily reflect the opinions
>> and policies of the ASF. See <http://www.apache.org/licenses/> for
>> official ASF policies and documents.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>>
>
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only. Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF. See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by sebb <se...@gmail.com>.
On 10/03/2008, Erik Abele <er...@codefaktor.de> wrote:
> On 10.03.2008, at 23:46, David Jencks wrote:
>
> > ...
> > ------------------------------------------------------
> > Geronimo :: Directory Plugin
>
> > Copyright 2003-2008 The Apache Software Foundation
> > This product includes software developed at
> > The Apache Software Foundation (http://www.apache.org/).
> > ------------------------------------------------------
> > (2 "the"s inserted) would be correct?
>
>
> Yep, looks good - though as Sebastian already pointed out it probably
> should also say "Apache Geronimo"...
>
> Here's an example from HTTP: https://svn.apache.org/repos/asf/httpd/
> httpd/trunk/NOTICE
>
>
> > Is this error a blocker or can it be fixed in the next release of
> > the resource bundle?
>
>
> Not a blocker IMHO.
>
I'd say it is a blocker:
AIUI, this is a new plugin, so the release is not being made to fix an
existing bug.
If the plugin is released as is, then all the projects that use it are
going to have incorrect text in the NOTICE file. How are they going to
deal with that if/when the next release vote is called?
I could be wrong, but it seems to me that it should not be difficult
to fix these issues.
It will obviously be a bit more work for the plugin maintainer now,
but will save potentially quite a lot of work later.
>
> >>> ...
> >>> From: 'Apache Software Foundation' (http://www.apache.org/)
> >>
> >> Same here.
> >>
> > The stuff in the DEPENDENCIES file is derived from other released
> > poms generally not under the control of the current project
> > release. You are welcome to beat the other PMCs with a variety of
> > large blunt objects, but I think trying to second guess them in
> > this informational report is not practical.
>
>
> Hehe, sure :-)
>
>
> Cheers,
> Erik
>
>
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only. Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF. See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by Erik Abele <er...@codefaktor.de>.
On 10.03.2008, at 23:46, David Jencks wrote:
> ...
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 The Apache Software Foundation
> This product includes software developed at
> The Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
> (2 "the"s inserted) would be correct?
Yep, looks good - though as Sebastian already pointed out it probably
should also say "Apache Geronimo"...
Here's an example from HTTP: https://svn.apache.org/repos/asf/httpd/
httpd/trunk/NOTICE
> Is this error a blocker or can it be fixed in the next release of
> the resource bundle?
Not a blocker IMHO.
>>> ...
>>> From: 'Apache Software Foundation' (http://www.apache.org/)
>>
>> Same here.
>>
> The stuff in the DEPENDENCIES file is derived from other released
> poms generally not under the control of the current project
> release. You are welcome to beat the other PMCs with a variety of
> large blunt objects, but I think trying to second guess them in
> this informational report is not practical.
Hehe, sure :-)
Cheers,
Erik
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by David Jencks <da...@yahoo.com>.
On Mar 10, 2008, at 2:55 PM, Erik Abele wrote:
> On 10.03.2008, at 20:10, Shane Isbell wrote:
>
>
>> ...
>> ------------------------------------------------------
>> Geronimo :: Directory Plugin
>> Copyright 2003-2008 Apache Software Foundation
>> This product includes software developed at
>> Apache Software Foundation (http://www.apache.org/).
>> ------------------------------------------------------
>>
>
> It's always "The Apache Software Foundation".
>
So
------------------------------------------------------
Geronimo :: Directory Plugin
Copyright 2003-2008 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
------------------------------------------------------
(2 "the"s inserted) would be correct?
Is this error a blocker or can it be fixed in the next release of the
resource bundle?
>
>
>> ...
>> From: 'Apache Software Foundation' (http://www.apache.org/)
>>
>
> Same here.
>
The stuff in the DEPENDENCIES file is derived from other released
poms generally not under the control of the current project release.
You are welcome to beat the other PMCs with a variety of large blunt
objects, but I think trying to second guess them in this
informational report is not practical.
thanks
david jencks
>
>
>> ...
>> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
>>
>
> And here it's fine :-)
>
> Cheers,
> Erik
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
Re: Legal files and maven automation
Posted by Erik Abele <er...@codefaktor.de>.
On 10.03.2008, at 20:10, Shane Isbell wrote:
> ...
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
It's always "The Apache Software Foundation".
> ...
> From: 'Apache Software Foundation' (http://www.apache.org/)
Same here.
> ...
> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
And here it's fine :-)
Cheers,
Erik
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Legal files and maven automation
Posted by Erik Abele <er...@codefaktor.de>.
On 10.03.2008, at 20:10, Shane Isbell wrote:
> ...
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
It's always "The Apache Software Foundation".
> ...
> From: 'Apache Software Foundation' (http://www.apache.org/)
Same here.
> ...
> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
And here it's fine :-)
Cheers,
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Legal files and maven automation
Posted by Shane Isbell <sh...@gmail.com>.
This sounds good to me. I recently tried to release a first version of
Apache NMaven in the incubator and got blocked on this very issue of having
the dependency info in the Notice file. Any solution would be appreciated.
Shane
On Mon, Mar 10, 2008 at 11:44 AM, David Jencks <da...@yahoo.com>
wrote:
> IIUC we've previously agreed that the only LICENSE and NOTICE files
> that actually need to be in svn are at the root of expected checkouts
> such as trunk, branches/xxx, and tags/xxx; all other LICENSE and
> NOTICE files in distributable artifacts can be generated by some
> process. Projects that use maven often want to use the maven-remote-
> resources-plugin to generate these files since typically many of them
> are identical.
>
> Furthermore as Roy pointed out recently the NOTICE file should be
> really really minimal and only include information relevant to what
> is actually in the distribution unit such as a jar. There's been a
> lot of complaint about the resource bundles typically used with the
> maven-remote-resources-plugin since the NOTICE files include
> essentially a list of the transitive dependencies of the maven
> project. I think many people find this dependency information useful
> but it clearly does not belong in the NOTICE file.
>
> At Geronimo I've developed a resource bundle that attempts to address
> these issues. I'd like to find out if there are any objections to it
> and if not propose it as the standard resource bundle for use at
> apache by the maven-remote-resources-plugin. Right now its in the
> voting stage of release and can be checked out at
>
> https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4/
> legal-bundle
> and viewed at
> http://people.apache.org/~djencks/staging-repo/org/apache/geronimo/
> genesis/legal-bundle/1.4/legal-bundle-1.4.jar
>
>
> Here's what it does:
> By default, the LICENSE file is the standard apache license. The
> NOTICE file is generated from a velocity template; here's an example
> of the output (between ----- lines which are not included)
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
>
> In the 99% of the time when this is the correct LICENSE and NOTICE,
> that's all you do. In the remaining 1% of the time where additional
> information is needed appended to these standard files, you put the
> additions in
> src/main/appended-resources/LICENSE
> and
> src/main/appended-resources/NOTICE
>
> In the remaining 0.1% of the time where the standard files are not
> correct you can arrange by other means to insert custom LICENSE and
> NOTICE files.
>
> In addition, there is a generated DEPENDENCIES file that lists the
> transitive dependencies of the project, determined from the poms,
> organized by organization, with the known license info. Here's an
> example of such a DEPENDENCIES file:
>
> // ------------------------------------------------------------------
> // Transitive dependencies of this project determined from the
> // maven pom organized by organization.
> // ------------------------------------------------------------------
>
> Genesis Plugins :: Tools
> From: 'an unknown organization'
> - Unnamed - ant:ant:jar:1.6.5 ant:ant:jar:1.6.5
>
> - Unnamed - junit:junit:jar:3.8.1 junit:junit:jar:3.8.1
>
>
> From: 'Apache Software Foundation' (http://www.apache.org/)
> - Maven Artifact (http://maven.apache.org/maven-artifact)
> org.apache.maven:maven-artifact:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Artifact Manager (http://maven.apache.org/maven-artifact-
> manager) org.apache.maven:maven-artifact-manager:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Model (http://maven.apache.org/maven-model)
> org.apache.maven:maven-model:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Plugin API (http://maven.apache.org/maven-plugin-api)
> org.apache.maven:maven-plugin-api:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Profile Model (http://maven.apache.org/maven-profile)
> org.apache.maven:maven-profile:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Project Builder (http://maven.apache.org/maven-project)
> org.apache.maven:maven-project:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Repository Metadata Model (http://maven.apache.org/maven-
> repository-metadata) org.apache.maven:maven-repository-metadata:jar:
> 2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Local Settings Model (http://maven.apache.org/maven-
> settings) org.apache.maven:maven-settings:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Wagon API org.apache.maven.wagon:wagon-provider-api:jar:
> 1.0-alpha-6
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>
> From: 'Codehaus' (http://codehaus.org)
> - Plugin Support (http://mojo.codehaus.org/plugin-support)
> org.codehaus.mojo:plugin-support:jar:1.0-alpha-1
>
>
> From: 'Codehaus' (http://www.codehaus.org/)
> - Default Plexus Container org.codehaus.plexus:plexus-container-
> default:jar:1.0-alpha-9
>
> - Plexus Common Utilities org.codehaus.plexus:plexus-utils:jar:1.2
>
>
> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
> - Commons JEXL (http://jakarta.apache.org/commons/jexl/) commons-
> jexl:commons-jexl:jar:1.1
> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
> - Lang (http://jakarta.apache.org/commons/lang/) commons-
> lang:commons-lang:jar:2.3
> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
> - Logging (http://jakarta.apache.org/commons/logging/) commons-
> logging:commons-logging:jar:1.0.4
> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
>
> From: 'The Codehaus' (http://codehaus.org/)
> - classworlds (http://classworlds.codehaus.org/)
> classworlds:classworlds:jar:1.1-alpha-2
>
>
> ------------------------------------------------------------------
>
> As with any resource bundle for the m-r-r-p, you can supply missing
> information such as organization and license in a src/main/remote-
> resources/supplemental-models.xml file.
>
> ------------------------------------------------------------------
> Note on javaee5 artifacts:
> Some javaee5 artifacts such as wars and ears when built by maven
> usually physically include all or some of the dependencies of the
> maven project. While it might be nice to have the m-r-r-p roll up
> the LICENSE and NOTICE files from the contents and come up with
> something, that is out of scope of this proposal. I expect anyone
> building such an assembly will examine the contents and construct by
> hand suitable files to append to the standard LICENSE and NOTICE files.
>
> ------------------------------------------------------------------
> Objections? Comments?
>
> many thanks
> david jencks
>
>
>
Re: Legal files and maven automation
Posted by Shane Isbell <sh...@gmail.com>.
This sounds good to me. I recently tried to release a first version of
Apache NMaven in the incubator and got blocked on this very issue of having
the dependency info in the Notice file. Any solution would be appreciated.
Shane
On Mon, Mar 10, 2008 at 11:44 AM, David Jencks <da...@yahoo.com>
wrote:
> IIUC we've previously agreed that the only LICENSE and NOTICE files
> that actually need to be in svn are at the root of expected checkouts
> such as trunk, branches/xxx, and tags/xxx; all other LICENSE and
> NOTICE files in distributable artifacts can be generated by some
> process. Projects that use maven often want to use the maven-remote-
> resources-plugin to generate these files since typically many of them
> are identical.
>
> Furthermore as Roy pointed out recently the NOTICE file should be
> really really minimal and only include information relevant to what
> is actually in the distribution unit such as a jar. There's been a
> lot of complaint about the resource bundles typically used with the
> maven-remote-resources-plugin since the NOTICE files include
> essentially a list of the transitive dependencies of the maven
> project. I think many people find this dependency information useful
> but it clearly does not belong in the NOTICE file.
>
> At Geronimo I've developed a resource bundle that attempts to address
> these issues. I'd like to find out if there are any objections to it
> and if not propose it as the standard resource bundle for use at
> apache by the maven-remote-resources-plugin. Right now its in the
> voting stage of release and can be checked out at
>
> https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4/
> legal-bundle
> and viewed at
> http://people.apache.org/~djencks/staging-repo/org/apache/geronimo/
> genesis/legal-bundle/1.4/legal-bundle-1.4.jar
>
>
> Here's what it does:
> By default, the LICENSE file is the standard apache license. The
> NOTICE file is generated from a velocity template; here's an example
> of the output (between ----- lines which are not included)
> ------------------------------------------------------
> Geronimo :: Directory Plugin
> Copyright 2003-2008 Apache Software Foundation
> This product includes software developed at
> Apache Software Foundation (http://www.apache.org/).
> ------------------------------------------------------
>
> In the 99% of the time when this is the correct LICENSE and NOTICE,
> that's all you do. In the remaining 1% of the time where additional
> information is needed appended to these standard files, you put the
> additions in
> src/main/appended-resources/LICENSE
> and
> src/main/appended-resources/NOTICE
>
> In the remaining 0.1% of the time where the standard files are not
> correct you can arrange by other means to insert custom LICENSE and
> NOTICE files.
>
> In addition, there is a generated DEPENDENCIES file that lists the
> transitive dependencies of the project, determined from the poms,
> organized by organization, with the known license info. Here's an
> example of such a DEPENDENCIES file:
>
> // ------------------------------------------------------------------
> // Transitive dependencies of this project determined from the
> // maven pom organized by organization.
> // ------------------------------------------------------------------
>
> Genesis Plugins :: Tools
> From: 'an unknown organization'
> - Unnamed - ant:ant:jar:1.6.5 ant:ant:jar:1.6.5
>
> - Unnamed - junit:junit:jar:3.8.1 junit:junit:jar:3.8.1
>
>
> From: 'Apache Software Foundation' (http://www.apache.org/)
> - Maven Artifact (http://maven.apache.org/maven-artifact)
> org.apache.maven:maven-artifact:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Artifact Manager (http://maven.apache.org/maven-artifact-
> manager) org.apache.maven:maven-artifact-manager:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Model (http://maven.apache.org/maven-model)
> org.apache.maven:maven-model:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Plugin API (http://maven.apache.org/maven-plugin-api)
> org.apache.maven:maven-plugin-api:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Profile Model (http://maven.apache.org/maven-profile)
> org.apache.maven:maven-profile:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Project Builder (http://maven.apache.org/maven-project)
> org.apache.maven:maven-project:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Repository Metadata Model (http://maven.apache.org/maven-
> repository-metadata) org.apache.maven:maven-repository-metadata:jar:
> 2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Local Settings Model (http://maven.apache.org/maven-
> settings) org.apache.maven:maven-settings:jar:2.0.4
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
> - Maven Wagon API org.apache.maven.wagon:wagon-provider-api:jar:
> 1.0-alpha-6
> License: The Apache Software License, Version 2.0 (http://
> www.apache.org/licenses/LICENSE-2.0.txt)
>
> From: 'Codehaus' (http://codehaus.org)
> - Plugin Support (http://mojo.codehaus.org/plugin-support)
> org.codehaus.mojo:plugin-support:jar:1.0-alpha-1
>
>
> From: 'Codehaus' (http://www.codehaus.org/)
> - Default Plexus Container org.codehaus.plexus:plexus-container-
> default:jar:1.0-alpha-9
>
> - Plexus Common Utilities org.codehaus.plexus:plexus-utils:jar:1.2
>
>
> From: 'The Apache Software Foundation' (http://jakarta.apache.org)
> - Commons JEXL (http://jakarta.apache.org/commons/jexl/) commons-
> jexl:commons-jexl:jar:1.1
> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
> - Lang (http://jakarta.apache.org/commons/lang/) commons-
> lang:commons-lang:jar:2.3
> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
> - Logging (http://jakarta.apache.org/commons/logging/) commons-
> logging:commons-logging:jar:1.0.4
> License: The Apache Software License, Version 2.0 (/LICENSE.txt)
>
> From: 'The Codehaus' (http://codehaus.org/)
> - classworlds (http://classworlds.codehaus.org/)
> classworlds:classworlds:jar:1.1-alpha-2
>
>
> ------------------------------------------------------------------
>
> As with any resource bundle for the m-r-r-p, you can supply missing
> information such as organization and license in a src/main/remote-
> resources/supplemental-models.xml file.
>
> ------------------------------------------------------------------
> Note on javaee5 artifacts:
> Some javaee5 artifacts such as wars and ears when built by maven
> usually physically include all or some of the dependencies of the
> maven project. While it might be nice to have the m-r-r-p roll up
> the LICENSE and NOTICE files from the contents and come up with
> something, that is out of scope of this proposal. I expect anyone
> building such an assembly will examine the contents and construct by
> hand suitable files to append to the standard LICENSE and NOTICE files.
>
> ------------------------------------------------------------------
> Objections? Comments?
>
> many thanks
> david jencks
>
>
>