You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Henri Yandell (JIRA)" <ji...@apache.org> on 2018/06/04 03:04:00 UTC
[jira] [Commented] (LEGAL-389) NOTICE handling of plain (linked)
dependencies which are not Derivative Works
[ https://issues.apache.org/jira/browse/LEGAL-389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16499691#comment-16499691 ]
Henri Yandell commented on LEGAL-389:
-------------------------------------
Personally I think you've identified a license weakness (I don't think it's a bug, but I do think the implementation could be clearer/tighter and cover both Work and Derivative Work).
If I write some Java code that imports org.apache.commons.io, and I build that into MyJavaCode.jar, and then I put MyJavaCode.jar and apache-commons-io.jar into a tar.gz, then I have linked to the interfaces of the Work and placed into a work that remains in separable form (per your quote from the license).
In that case I do not have a Derivative work. I have two separate Works.
What we rely on is that apache-commons-io.jar, as a Work, complies with the license/policies and contains a NOTICE file. A redistributor of the file will be compliant with the license as long as they don't remove that NOTICE file from the jar. That said, our policy is to make it clearer for our users and to highlight the NOTICE contents at the top level rather than rely on it being inside the jar file. This is really what you've been discussing imo - our policy rather than our required licensing condition.
Life gets a bit more fun if our binary doesn't contain the NOTICE. We probably should not offer binaries as standalone downloads (for example we shouldn't offer a .so file, we should offer a tar.gz containing a .so file and a NOTICE). Removal of a NOTICE then would be modification and lead to a derivative work (same as compiling source to a .so and needing to keep the NOTICE alongside).
Also, given these our both our projects it might be a case where compliance is a no-op because we would be both the plaintiff and defendant :) Not sure on that, would depend on the contents of the NOTICE imo.
> NOTICE handling of plain (linked) dependencies which are not Derivative Works
> -----------------------------------------------------------------------------
>
> Key: LEGAL-389
> URL: https://issues.apache.org/jira/browse/LEGAL-389
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Emilian Bold
> Priority: Major
>
> Hello,
> At Apache NetBeans have various (3rd party) Apache licensed JAR dependencies which we use unchanged, we just added them to the 'classpath' so to speak (ie. 'link' them).
> Now, the Apache License itself mentions that
> {quote}(d) If the Work includes a "NOTICE" text file as part of its
> distribution, then any Derivative Works that You distribute must
> include a readable copy of the attribution notices contained
> within such NOTICE file, excluding those notices that do not
> pertain to any part of the Derivative Works
> {quote}
> and defines that
> {quote}"Derivative Works" shall mean any work, whether in Source or Object
> form, that is based on (or derived from) the Work and for which the
> editorial revisions, annotations, elaborations, or other modifications
> represent, as a whole, an original work of authorship. For the purposes
> of this License, Derivative Works shall not include works that remain
> separable from, or merely link (or bind by name) to the interfaces of,
> the Work and Derivative Works thereof.
> {quote}
> So, the way I'm reading this is that a plain 'linked' dependency is not a Derivative Work and there is no reason to consider the NOTICE file.
> Is it legally required to take into account the NOTICE files for unmodified JAR dependencies which are under Apache License?
> [http://www.apache.org/dev/licensing-howto.html#mod-notice] mentions that
> {quote}Do not add anything to NOTICE which is not legally required.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org