On Thu, Sep 6, 2012 at 12:47 AM, Rohit Yadav <[email protected]> wrote: > Hi Chip, > > On 06-Sep-2012, at 12:55 AM, Chip Childers <[email protected]> wrote: > >> On Mon, Sep 3, 2012 at 6:51 AM, Rohit Yadav <[email protected]> wrote: >>> Do we need to fix/add Apache license for: >>> - text files (README, INSTALL, NOTICE etc.) >>> - configuration files >>> - awsapi (top level LICENSE suggest they're BSD 3-clause) >>> - deps >>> - docs >>> - patches/ >>> - plugins >>> - apidocs/ >>> - tools >>> - ui > > What about these files/dirs? They don't have Apache or any other license.
Most of them actually do (which I certainly hope is still the case, since myself and others spend days getting it done). > As we already removed most dependencies from the source tree, do we need to > remove non-jars deps like jquery as well? No, they do NOT need to be removed if they have compatible licenses. They are what I have been calling "known exceptions". For example, things like the jQuery scripts are NOT ours, so we can't change the license in them. Also, some of the DEB packaging files are not allowed to have comments. The same holds true for certificate and key files. Source files from other projects should be included in the tools/whisker/descriptor.xml file, which I use to generate the LICENSE and NOTICE files at the top level of the repo. Basically, we should have three different answers to the file header question: 1 - Default answer is that the file needs an appropriate license header. 2 - If it's a file type that is not capable of having a license header, then it can't have one. 3 - If it's a source file from another project, then we don't have the right to put the ASF header in it. That file needs to be accounted for in the descriptor.xml file. The actual license of the file must also be Apache 2 compatible (per ASF compatibility decisions). Make sense? >> This is very cool, but doesn't RAT do most of this for us? >> >> I know that we had some issues with the initial reports not providing >> an accurate indication of the stray Citrix license headers, but I >> think that is resolved now. I would suggest that another manual QA of >> the files would be helpful. > > Okay I'll check them manually this weekend but I trust grep/sed :) > >> Once we are at a stable state (with the appropriate exclude properties >> set the RAT Maven plugin config at the top level pom.xml), we would >> have an automatic solution tied into Maven for auditing compliance. >> >> Does that work? > > As soon as we fix the build system issues, I'll give RAT a try, probably > research on maven and maven plugins this weekend. > > Regards, > Rohit > >> >> -chip > >
