You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by David Jencks <da...@yahoo.com> on 2008/03/29 00:04:53 UTC
Legal goo problems
In my hopefully finite-length effort to get a 4.1.2 release out I've
been looking a little bit at the LICENSE and NOTICE files in the 4.1
branch and trunk and think many of them have big problems.
Current thinking expressed on the legal-discuss is that:
A source code unit expected to be checked out from svn needs LICENSE
and NOTICE files in svn at the root of the checkout. These files
should apply exactly to the source code checked out, and not include
any language only appropriate for dependencies that may be needed to
build or run the software. These are the only LICENSE and NOTICE
files that need to be actually present in svn.
Each artifact distributed needs a LICENSE and NOTICE file. These may
be hardcoded in svn or generated. These files should accurately
describe the license(s) and required notices of what is actually in
the distribution unit (e.g. jar, war, tar.bz2) and not describe
anything not included that might be necessary to use the software.
Artifacts can also have descriptions of dependencies needed to use
the software but these descriptions should not be in the LICENSE or
NOTICE files.
so....
Looking around there are 2 problems:
- some of the LICENSE and possibly NOTICE files look like they have
generally large amounts of text appropriate for dependencies, not
what they actually apply to
- some LICENSE files are decidedly incomplete. For instance the
activemq-web-console includes all the sun jaxb jars but no CDDL
license. The trunk root LICENSE.txt file doesn't include the
licenses for the javascript in the activemq-web-console.
Possible solutions....
The root LICENSE and NOTICE files have to be fixed by hand AFAIK.
All the others can be generated using the maven-remote-resources
plugin. Thanks to Dan Kulp the latest apache resource bundle
actually generates stuff compliant with the apparent policy. What
needs to happen is that modules that have extra LICENSE or NOTICE
requirements need the extra stuff to be put into
src/main/appended-resources/META-INF/LICENSE and src/main/appended-
resources/META-INF/NOTICE
I can help with setting this up but I don't know what code might need
such extra legal goo. If I'm going to be able to help I'd need
accurate information on this.
There's also a geronimo maven plugin that can verify that legal files
are present in all the artifacts you build (jar, war, javadoc,
source, etc). I think it's a big help in release auditing to include
this plugin in the regular build to catch problems early.
thanks
david jencks
Re: Legal goo problems (4.1.2 release now imminent)
Posted by David Jencks <da...@yahoo.com>.
I've reviewed the legal files in the 4.1 branch and fixed them up to
the best of my ability. For non-jar artifacts I've generally relied
on hardcoded LICENSE and NOTICE files since the maven-remote-
resources-plugin tends to put them in odd places.
Since the status of jmdns looks exceedingly fuzzy to me I also added
an activemq-jmdns_1.0 module that contains the files that are
definitely under the apache license, and moved them to a sun-friendly
package.
If anyone can stand to review this stuff that would be great. I
expect to be proposing a release vote for 4.1.2 later today or tomorrow.
Many thanks
david jencks
On Mar 31, 2008, at 1:12 PM, Hiram Chirino wrote:
> On Fri, Mar 28, 2008 at 7:04 PM, David Jencks
> <da...@yahoo.com> wrote:
>> In my hopefully finite-length effort to get a 4.1.2 release out I've
>> been looking a little bit at the LICENSE and NOTICE files in the 4.1
>> branch and trunk and think many of them have big problems.
>>
>> Current thinking expressed on the legal-discuss is that:
>>
>> A source code unit expected to be checked out from svn needs LICENSE
>> and NOTICE files in svn at the root of the checkout. These files
>> should apply exactly to the source code checked out, and not include
>> any language only appropriate for dependencies that may be needed to
>> build or run the software. These are the only LICENSE and NOTICE
>> files that need to be actually present in svn.
>>
>> Each artifact distributed needs a LICENSE and NOTICE file. These
>> may
>> be hardcoded in svn or generated. These files should accurately
>> describe the license(s) and required notices of what is actually in
>> the distribution unit (e.g. jar, war, tar.bz2) and not describe
>> anything not included that might be necessary to use the software.
>>
>> Artifacts can also have descriptions of dependencies needed to use
>> the software but these descriptions should not be in the LICENSE or
>> NOTICE files.
>>
>> so....
>>
>> Looking around there are 2 problems:
>> - some of the LICENSE and possibly NOTICE files look like they have
>> generally large amounts of text appropriate for dependencies, not
>> what they actually apply to
>
> What do you mean by "not what they actually apply to"?
>
>> - some LICENSE files are decidedly incomplete. For instance the
>> activemq-web-console includes all the sun jaxb jars but no CDDL
>
> Ah lets add that asap.
>
>> license. The trunk root LICENSE.txt file doesn't include the
>> licenses for the javascript in the activemq-web-console.
>>
>
> All those bits are in the distro NOTICE I think.
>
>> Possible solutions....
>>
>> The root LICENSE and NOTICE files have to be fixed by hand AFAIK.
>> All the others can be generated using the maven-remote-resources
>> plugin. Thanks to Dan Kulp the latest apache resource bundle
>> actually generates stuff compliant with the apparent policy. What
>> needs to happen is that modules that have extra LICENSE or NOTICE
>> requirements need the extra stuff to be put into
>>
>> src/main/appended-resources/META-INF/LICENSE and src/main/appended-
>> resources/META-INF/NOTICE
>>
>> I can help with setting this up but I don't know what code might
>> need
>> such extra legal goo. If I'm going to be able to help I'd need
>> accurate information on this.
>>
>
> This sounds like a good plan. Perhaps we should dissect the current
> LICENSE and NOTICE distro files since that what got all the attention
> last time we reviewed the release legal bits.
>
>> There's also a geronimo maven plugin that can verify that legal
>> files
>> are present in all the artifacts you build (jar, war, javadoc,
>> source, etc). I think it's a big help in release auditing to
>> include
>> this plugin in the regular build to catch problems early.
>
> Sounds good.
>
>>
>> thanks
>> david jencks
>>
>>
>
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>
> Open Source SOA
> http://open.iona.com
Re: Legal goo problems
Posted by Hiram Chirino <hi...@hiramchirino.com>.
On Fri, Mar 28, 2008 at 7:04 PM, David Jencks <da...@yahoo.com> wrote:
> In my hopefully finite-length effort to get a 4.1.2 release out I've
> been looking a little bit at the LICENSE and NOTICE files in the 4.1
> branch and trunk and think many of them have big problems.
>
> Current thinking expressed on the legal-discuss is that:
>
> A source code unit expected to be checked out from svn needs LICENSE
> and NOTICE files in svn at the root of the checkout. These files
> should apply exactly to the source code checked out, and not include
> any language only appropriate for dependencies that may be needed to
> build or run the software. These are the only LICENSE and NOTICE
> files that need to be actually present in svn.
>
> Each artifact distributed needs a LICENSE and NOTICE file. These may
> be hardcoded in svn or generated. These files should accurately
> describe the license(s) and required notices of what is actually in
> the distribution unit (e.g. jar, war, tar.bz2) and not describe
> anything not included that might be necessary to use the software.
>
> Artifacts can also have descriptions of dependencies needed to use
> the software but these descriptions should not be in the LICENSE or
> NOTICE files.
>
> so....
>
> Looking around there are 2 problems:
> - some of the LICENSE and possibly NOTICE files look like they have
> generally large amounts of text appropriate for dependencies, not
> what they actually apply to
What do you mean by "not what they actually apply to"?
> - some LICENSE files are decidedly incomplete. For instance the
> activemq-web-console includes all the sun jaxb jars but no CDDL
Ah lets add that asap.
> license. The trunk root LICENSE.txt file doesn't include the
> licenses for the javascript in the activemq-web-console.
>
All those bits are in the distro NOTICE I think.
> Possible solutions....
>
> The root LICENSE and NOTICE files have to be fixed by hand AFAIK.
> All the others can be generated using the maven-remote-resources
> plugin. Thanks to Dan Kulp the latest apache resource bundle
> actually generates stuff compliant with the apparent policy. What
> needs to happen is that modules that have extra LICENSE or NOTICE
> requirements need the extra stuff to be put into
>
> src/main/appended-resources/META-INF/LICENSE and src/main/appended-
> resources/META-INF/NOTICE
>
> I can help with setting this up but I don't know what code might need
> such extra legal goo. If I'm going to be able to help I'd need
> accurate information on this.
>
This sounds like a good plan. Perhaps we should dissect the current
LICENSE and NOTICE distro files since that what got all the attention
last time we reviewed the release legal bits.
> There's also a geronimo maven plugin that can verify that legal files
> are present in all the artifacts you build (jar, war, javadoc,
> source, etc). I think it's a big help in release auditing to include
> this plugin in the regular build to catch problems early.
Sounds good.
>
> thanks
> david jencks
>
>
--
Regards,
Hiram
Blog: http://hiramchirino.com
Open Source SOA
http://open.iona.com
(activemq) Fwd: Legal goo problems
Posted by David Jencks <da...@yahoo.com>.
Begin forwarded message:
> From: David Jencks <da...@yahoo.com>
> Date: March 28, 2008 4:04:53 PM PDT
> To: dev@activemq.apache.org
> Subject: Legal goo problems
>
> In my hopefully finite-length effort to get a 4.1.2 release out
> I've been looking a little bit at the LICENSE and NOTICE files in
> the 4.1 branch and trunk and think many of them have big problems.
>
> Current thinking expressed on the legal-discuss is that:
>
> A source code unit expected to be checked out from svn needs
> LICENSE and NOTICE files in svn at the root of the checkout. These
> files should apply exactly to the source code checked out, and not
> include any language only appropriate for dependencies that may be
> needed to build or run the software. These are the only LICENSE
> and NOTICE files that need to be actually present in svn.
>
> Each artifact distributed needs a LICENSE and NOTICE file. These
> may be hardcoded in svn or generated. These files should
> accurately describe the license(s) and required notices of what is
> actually in the distribution unit (e.g. jar, war, tar.bz2) and not
> describe anything not included that might be necessary to use the
> software.
>
> Artifacts can also have descriptions of dependencies needed to use
> the software but these descriptions should not be in the LICENSE or
> NOTICE files.
>
> so....
>
> Looking around there are 2 problems:
> - some of the LICENSE and possibly NOTICE files look like they have
> generally large amounts of text appropriate for dependencies, not
> what they actually apply to
> - some LICENSE files are decidedly incomplete. For instance the
> activemq-web-console includes all the sun jaxb jars but no CDDL
> license. The trunk root LICENSE.txt file doesn't include the
> licenses for the javascript in the activemq-web-console.
>
> Possible solutions....
>
> The root LICENSE and NOTICE files have to be fixed by hand AFAIK.
> All the others can be generated using the maven-remote-resources
> plugin. Thanks to Dan Kulp the latest apache resource bundle
> actually generates stuff compliant with the apparent policy. What
> needs to happen is that modules that have extra LICENSE or NOTICE
> requirements need the extra stuff to be put into
>
> src/main/appended-resources/META-INF/LICENSE and src/main/appended-
> resources/META-INF/NOTICE
>
> I can help with setting this up but I don't know what code might
> need such extra legal goo. If I'm going to be able to help I'd
> need accurate information on this.
>
> There's also a geronimo maven plugin that can verify that legal
> files are present in all the artifacts you build (jar, war,
> javadoc, source, etc). I think it's a big help in release auditing
> to include this plugin in the regular build to catch problems early.
>
> thanks
> david jencks
>