You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by David Jencks <da...@yahoo.com> on 2011/01/26 20:41:58 UTC
Re: [CONF] Apache Felix > DEPENDENCIES file template
Is this about a file named DEPENDENCIES or a file named NOTICE? Does "must" mean apache policy or felix policy? If it's about a file named DEPENDENCIES I suggest you don't call it a notice file; I was confused enough to write this note.
By apache policy, a DEPENDENCIES file is completely optional and has no specified content. The maven-remote-resources plugin generates one but I'm starting to think it was a bad idea that I shouldn't have introduced.
This does not relate well to whats needed in a NOTICE file either. The NOTICE file should not mention non-included content nor licenses of included content.
I think it's really confusing to duplicate content between the (apache-optional) DEPENDENCIES file and the required NOTICE and LICENSE files. The LICENSE file needs complete license info for what's in the artifact. This appears to munge together the license info for the contents and the dependencies. The text at the top looks confusingly similar to the text of the apache NOTICE file. Judging by the amount of confusion here at apache about NOTICE file text, I think having anything that looks even vaguely similar in another non-legal file is just going to make the actual license requirements incomprehensible to any outsider.
david jencks
On Jan 26, 2011, at 10:00 AM, confluence@apache.org wrote:
> DEPENDENCIES file template
> Page edited by Richard S. Hall
>
> Changes (0)
> ...
> Full Content
> Each released software archive must a notice file in it to declare third-party dependencies and their licenses. The following template should be used:
>
> Apache Felix AAA
> Copyright BBB The Apache Software Foundation
>
> This software was developed at the Apache Software Foundation
> (http://www.apache.org) and may have dependencies on other
> Apache software licensed under Apache License 2.0.
>
> I. Included Third-Party Software
>
> CCC
>
> II. Used Third-Party Software
>
> DDD
>
> III. Overall License Summary
> - Apache License 2.0
> - EEE
> Where the placeholders have the following meaning:
>
> AAA - Name of the Felix subproject.
> BBB - Copyright year or range of years.
> CCC - List of third-party software included in the archive.
> DDD - List of third-party software used (but not included) by the archive.
> EEE - List of additional third-party licenses as a result of the dependencies.
> The format for an individual third-party dependency is flexible, but should try to include the name of the developing organization or individual, a URL, a copyright, and the license. For example, a dependency on OSGi software would look like this:
>
> This product includes software developed at
> The OSGi Alliance (http://www.osgi.org/).
> Copyright (c) OSGi Alliance (2000, 2009).
> Licensed under the Apache License 2.0.
> If you need additional examples on how to file out a NOTICE file, look at other examples in the SVN repo or ask on the dev@felix mailing list.
>
> Change Notification PreferencesView Online | View Changes | Add Comment
Re: [CONF] Apache Felix > DEPENDENCIES file template
Posted by "Richard S. Hall" <he...@ungoverned.org>.
This is just Felix policy about a file named DEPENDENCIES. The document
evolved from a NOTICE file policy, so those references to a "notice
file" are from that history...I've now edited them out.
The purpose of the DEPENDENCIES file is for us to be able to audit our
license dependencies (and to give some credit to other projects). We
have the possibility to generate this in some cases, but nothing that
works in all cases, so that does suck.
Regardless, the cost is usually a one-time investment with potential
incremental changes in the future if dependencies change.
-> richard
On 1/26/11 14:41, David Jencks wrote:
> Is this about a file named DEPENDENCIES or a file named NOTICE? Does "must" mean apache policy or felix policy? If it's about a file named DEPENDENCIES I suggest you don't call it a notice file; I was confused enough to write this note.
>
> By apache policy, a DEPENDENCIES file is completely optional and has no specified content. The maven-remote-resources plugin generates one but I'm starting to think it was a bad idea that I shouldn't have introduced.
>
> This does not relate well to whats needed in a NOTICE file either. The NOTICE file should not mention non-included content nor licenses of included content.
>
> I think it's really confusing to duplicate content between the (apache-optional) DEPENDENCIES file and the required NOTICE and LICENSE files. The LICENSE file needs complete license info for what's in the artifact. This appears to munge together the license info for the contents and the dependencies. The text at the top looks confusingly similar to the text of the apache NOTICE file. Judging by the amount of confusion here at apache about NOTICE file text, I think having anything that looks even vaguely similar in another non-legal file is just going to make the actual license requirements incomprehensible to any outsider.
>
> david jencks
>
> On Jan 26, 2011, at 10:00 AM, confluence@apache.org wrote:
>
>> DEPENDENCIES file template
>> Page edited by Richard S. Hall
>>
>> Changes (0)
>> ...
>> Full Content
>> Each released software archive must a notice file in it to declare third-party dependencies and their licenses. The following template should be used:
>>
>> Apache Felix AAA
>> Copyright BBB The Apache Software Foundation
>>
>> This software was developed at the Apache Software Foundation
>> (http://www.apache.org) and may have dependencies on other
>> Apache software licensed under Apache License 2.0.
>>
>> I. Included Third-Party Software
>>
>> CCC
>>
>> II. Used Third-Party Software
>>
>> DDD
>>
>> III. Overall License Summary
>> - Apache License 2.0
>> - EEE
>> Where the placeholders have the following meaning:
>>
>> AAA - Name of the Felix subproject.
>> BBB - Copyright year or range of years.
>> CCC - List of third-party software included in the archive.
>> DDD - List of third-party software used (but not included) by the archive.
>> EEE - List of additional third-party licenses as a result of the dependencies.
>> The format for an individual third-party dependency is flexible, but should try to include the name of the developing organization or individual, a URL, a copyright, and the license. For example, a dependency on OSGi software would look like this:
>>
>> This product includes software developed at
>> The OSGi Alliance (http://www.osgi.org/).
>> Copyright (c) OSGi Alliance (2000, 2009).
>> Licensed under the Apache License 2.0.
>> If you need additional examples on how to file out a NOTICE file, look at other examples in the SVN repo or ask on the dev@felix mailing list.
>>
>> Change Notification PreferencesView Online | View Changes | Add Comment
>