On Tue, Dec 09, 2014 at 03:54:42PM +0000, Richard Downer wrote: > This is to call for a vote for the source release of Apache Brooklyn > 0.7.0-M2-incubating.
Things that look correct to me: 1) No binary files, beyond images, Java keystore and certificate files 2) License headers look good on the source files 3) RAT exclusion list looks OK 4) Bundled external code appears to have perfectly OK license types (noted ASL, BSD and MIT are the only licenses applying) 5) Required incubator disclosure looks good 6) Release identifies itself as an incubating release Question: Although this is a source code release, are you intending to provide a binary distribution as a project? If so, does that distribution include any "bits" from any software not handled by the source release's legal documentation? I ask, only because that would require a different set of LICENSE and NOTICE files that should probably be reviewed as well. I do have some comments related to the LICENSE and NOTICE files, specific to this source code release candidate (and I'll say that this is actually the hardest thing to get right in a first ASF release). First, I'm not sure if you've seen this yet: http://www.apache.org/dev/licensing-howto.html The LICENSE and NOTICE files are a bit off from what's needed. When bundling BSD and MIT licensed code, there isn't a requirement to add anything to the NOTICE file. See "Bundling Permissively-Licensed Dependencies" in the link above. That link talks about an approach to dealing with MIT and BSD licensed source files that assumes you are using a pointer to a different LICENSE file within the source tree that's specific to the dependency. TBH, that's not the most common approach I've seen. Another perfectly valid approach is to actually include each dependency's LICENSE file within your project's LICENSE file. See below my signature for an example of how to structure things. Last comment: ZeroClipboard.{js,swf} is in NOTICE (which would be moved to LICENSE anyway), but it still talks about the swf file. This is really minor, but could be fixed with the other fixes from above. Hope this helps! -chip Here's an example of how I've included legal documentation for a MIT licensed artifact and an ASLv2 licensed artifact in the LICENSE file. I've included [X] markers to help with commenting on what you see below. This example is from CloudStack, and I'm sure there are other ways to handle the specific content... It's based on a template created via Apache Whisker (although I don't recommend using that project since it's not really being as actively maintained as I would have liked to see). Others might have specific objections / suggestions to improve this approach. Also, consider the Licensing HowTo as official guidance, and the approach here as a suggested model to create a single LICENSE file. --------------------------------------------------- [1] This distribution contains third party resources. [2] Within the console-proxy/js directory [3] licensed under the MIT License http://www.opensource.org/licenses/mit-license.php (as follows) [4] Copyright (c) 2009, John Resig Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. from John Resig jquery.js [5] Within the patches/systemvm/debian/config/etc/apache2 directory licensed under the Apache License, Version 2 http://www.apache.org/licenses/LICENSE-2.0.txt (as above) Copyright (c) 2012 The Apache Software Foundation from The Apache Software Foundation http://www.apache.org/ httpd.conf ports.conf sites-available/default sites-available/default-ssl vhostexample.conf ----------------------------------------------------- [1] - This line appears right after the text of the ASLv2 [2] - This line sets the context for where the specific files being discussed are located [3] - This notes the specific license in question [4] - This is a copy of the license from the source project [5] - This is an example of where the content is licensed via the ASLv2, making it a simple reference to the ASLv2 copy at the top of the file.
