[
https://issues.apache.org/jira/browse/NIFI-291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299916#comment-14299916
]
Joseph Witt commented on NIFI-291:
----------------------------------
On Sat, Jan 31, 2015 at 8:17 AM, amareshwarisr . <[email protected]> wrote:
> Thank you all for the quick responses.
>
> Here is what i understand, please correct me if I'm wrong.
>
> For source distribution- LICENSE and NOTICE will contain only Apache License
> and nothing else.
Assuming that the source release for Lens does not bundle any dependencies,
that's almost correct. You'll also need some content in NOTICE as described
here:
http://www.apache.org/legal/src-headers.html#notice
> For convenience binary distribution, top level LICENSE file can contain
> Apache License, and NOTICE file must contain dependency dual licensing
> information with a web link.
The short blurb describing the dependency licensing (in this case dual
licensing under the CDDL and GPL) should go in LICENSE. The web link should
go in NOTICE.
NOTICE is not informational; it is specifically reserved for notices which are
*legally required*, and section 4d of the Apache License 2.0 imposes extra
demands on downstream consumers with regards to content in NOTICE.
https://www.apache.org/licenses/LICENSE-2.0#redistribution
The web link pointing to the source for a bundled binary CDDL dependency is an
example of such a legally required notice -- without it, a distribution does
not comply with the CDDL, leaving the redistributor without a license for the
redistributed content and in violation of copyright law.
In contrast, omitting the dual-licensing blurb from the top-level
LICENSE/NOTICE does not result in copyright violation. That blurb is what
some of us call "licensing documentation", and getting it wrong results in
what is sometimes called a "licensing documentation bug".
Like other bugs, licensing documentation bugs can have mild or severe impact
on users and may or may not precipitate new releases or release candidates.
We have far less flexibility when it comes to copyright violation.
Please work hard to keep LICENSE and NOTICE both correct and minimal, to keep
down the legal costs of using our work. People like me who participate in
licensing review (for either commercial or open source products) will
appreciate it.
> Ross, I'm assuming when a dependency is available under dual license and one
> of them is compatible with apache license, then it is an acceptable
> distribution.
Correct.
> Address findings from 0.0.1 release process
> -------------------------------------------
>
> Key: NIFI-291
> URL: https://issues.apache.org/jira/browse/NIFI-291
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 0.1.0
> Reporter: Joseph Witt
> Assignee: Joseph Witt
>
> Josh Elser:
> - Readme.txt should have License Header
> - nbactions.xml is odd in rat exclusions: perhaps we can comment why it is
> there (for netbeans users)
> Andrew Purtell:
> - Organizations is wrong in pom. It says
> <url>http://nifi.incubating.apache.org/</url>
> but should be:
> <url>http://nifi.incubator.apache.org/</url>
> Billie Rinaldi:
> The nar and war files deployed in the
> orgapachenifi-1022 repository seem to have default LICENSE files that don't
> have license info for their bundled dependencies, but they do all have
> DEPENDENCIES files listing this information. I haven't worked with these
> dependencies files before. Are they sufficient for communicating license
> information?
> Justin Mclean:
> Some suggestions:
> - Consider having separate licence and notice file for the binary release
> - The NOTICE file is a little odd in that while it mentions what licenses
> effect notice it
> doesn't list the software, but they are listed in the license file. Perhaps
> take a look at
> what other projects have done.
> As per [1] the source LICENSE should only mention what's bundled in the
> source bundle and
> the binary LICENSE should only mention what's bundled in the binary release.
> I think you have the content right (hence my +1) just that there's no need
> to mention the
> binary parts in the source release LICENSE. Having extra content in license
> is not as bad
> than having missing licences.
> I'd suggest (and it's only a suggestion) having two files (eg LICENSE.src and
> LICENSE.bin)
> in version control and put in right one into each bundle (and rename to
> LICENSE) as part of
> your release process. There are other approaches ie construct each LICENSE
> file from parts,
> but this seems the simplest way to me.
> Thanks,
> Justin
> 1. http://www.apache.org/dev/licensing-howto.html#guiding-principle
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> Jan I:
> I am a bit confused about the mangling of license/notice files in respect
> of the source/binary releases.
> Can I please ask you to make a clear distinction between source and binary
> (which is not official ASF release) in the next release.
> Billie R:
> Beware that the license does not currently cover all of the dependencies
> bundled in the nars/wars. (As the license for the source package, it
> doesn't have to.) The one I noticed was nifi-kafka-nar, but there could be
> others.
> -- Items found in the bundled dependencies of the kafka Nar
> -rw-rw-r--. 1 joe joe 6418368 Jan 23 09:27 scala-library-2.8.2.jar
> -rw-rw-r--. 1 joe joe 521157 Jan 23 09:27 mail-1.4.7.jar
> -rw-rw-r--. 1 joe joe 391834 Jan 23 09:27 log4j-1.2.15.jar
> -rw-rw-r--. 1 joe joe 106813 Jan 23 09:27 nifi-utils-0.0.1-incubating.jar
> -rw-rw-r--. 1 joe joe 604182 Jan 23 09:27 zookeeper-3.3.4.jar
> -rw-rw-r--. 1 joe joe 4229 Jan 23 09:27 metrics-annotation-2.2.0.jar
> -rw-rw-r--. 1 joe joe 62983 Jan 23 09:27 activation-1.1.jar
> -rw-rw-r--. 1 joe joe 17148 Jan 23 09:27
> nifi-security-utils-0.0.1-incubating.jar
> -rw-rw-r--. 1 joe joe 53244 Jan 23 09:27 jopt-simple-3.2.jar
> -rw-rw-r--. 1 joe joe 1251514 Jan 23 09:27 snappy-java-1.0.5.jar
> -rw-rw-r--. 1 joe joe 412739 Jan 23 09:27 commons-lang3-3.3.2.jar
> -rw-rw-r--. 1 joe joe 3223773 Jan 23 09:27 kafka_2.8.2-0.8.1.jar
> -rw-rw-r--. 1 joe joe 32753 Jan 23 09:27
> nifi-kafka-processors-0.0.1-incubating.jar
> -rw-rw-r--. 1 joe joe 82123 Jan 23 09:27 metrics-core-2.2.0.jar
> -rw-rw-r--. 1 joe joe 64009 Jan 23 09:27 zkclient-0.3.jar
> -rw-rw-r--. 1 joe joe 42716 Jan 23 09:27
> nifi-processor-utils-0.0.1-incubating.jar
> -rw-rw-r--. 1 joe joe 87325 Jan 23 09:27 jline-0.9.94.jar
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
