On 06-Sep-2012, at 6:17 PM, Chip Childers <[email protected]> wrote:
> On Thu, Sep 6, 2012 at 12:47 AM, Rohit Yadav <[email protected]> wrote: >> Hi Chip, >> >> On 06-Sep-2012, at 12:55 AM, Chip Childers <[email protected]> wrote: >> >>> On Mon, Sep 3, 2012 at 6:51 AM, Rohit Yadav <[email protected]> wrote: >>>> Do we need to fix/add Apache license for: >>>> - text files (README, INSTALL, NOTICE etc.) >>>> - configuration files >>>> - awsapi (top level LICENSE suggest they're BSD 3-clause) >>>> - deps >>>> - docs >>>> - patches/ >>>> - plugins >>>> - apidocs/ >>>> - tools >>>> - ui >> >> What about these files/dirs? They don't have Apache or any other license. > > Most of them actually do (which I certainly hope is still the case, > since myself and others spend days getting it done). > >> As we already removed most dependencies from the source tree, do we need to >> remove non-jars deps like jquery as well? > > No, they do NOT need to be removed if they have compatible licenses. > > They are what I have been calling "known exceptions". For example, > things like the jQuery scripts are NOT ours, so we can't change the > license in them. Also, some of the DEB packaging files are not > allowed to have comments. The same holds true for certificate and key > files. Source files from other projects should be included in the > tools/whisker/descriptor.xml file, which I use to generate the LICENSE > and NOTICE files at the top level of the repo. > > Basically, we should have three different answers to the file header question: > > 1 - Default answer is that the file needs an appropriate license header. > 2 - If it's a file type that is not capable of having a license > header, then it can't have one. > 3 - If it's a source file from another project, then we don't have the > right to put the ASF header in it. That file needs to be accounted > for in the descriptor.xml file. The actual license of the file must > also be Apache 2 compatible (per ASF compatibility decisions). > > Make sense? +1 Thanks Chip! Regards, Rohit Yadav > >>> This is very cool, but doesn't RAT do most of this for us? >>> >>> I know that we had some issues with the initial reports not providing >>> an accurate indication of the stray Citrix license headers, but I >>> think that is resolved now. I would suggest that another manual QA of >>> the files would be helpful. >> >> Okay I'll check them manually this weekend but I trust grep/sed :) >> >>> Once we are at a stable state (with the appropriate exclude properties >>> set the RAT Maven plugin config at the top level pom.xml), we would >>> have an automatic solution tied into Maven for auditing compliance. >>> >>> Does that work? >> >> As soon as we fix the build system issues, I'll give RAT a try, probably >> research on maven and maven plugins this weekend. >> >> Regards, >> Rohit >> >>> >>> -chip >> >>
