Dale LaBossiere created EDGENT-271:
--------------------------------------
Summary: binary-release conform better to license¬ice for 3rd
party content
Key: EDGENT-271
URL: https://issues.apache.org/jira/browse/EDGENT-271
Project: Edgent
Issue Type: Task
Reporter: Dale LaBossiere
In response to review of binary release LICENSE/NOTICE and the reference and
content of binary-release-bundled-content:
The info looks good, but it’s not really in line with what is recommend to do
[1] If it put up for an incubator vote, it IMO is likely to pass (given
everything else is good) but is likely to get a few “please fix in next
release” comments.
My minor concerns are:
- LICENSE doesn’t include the text of 3rd party licenses but points to another
file.
- Some license are referred to by URL, information at that URL can change over
time. It’s best to download and include a copy of that license.
- pointing to content inside a jar required the user to unpack that jar to se
ether information. IMO better to copy all license files into a seperate
directory where they can be clearly seen.
- May not be complying with some 3rd party license terms. While the licenses
are permissive most licenses state you need to include the full text of the
license in anything you distribute.
- NOTICE refers to the same external file as LICENSE. NOTICE and LICENSE are
for different purposes and in general NOTICE doesn't include licensing
information.
- NOTICE may be missing [2] information from bundled ASLv2 software NOTICE
files. [2]
Thanks,
Justin
1. http://www.apache.org/dev/licensing-howto.html
2. http://www.apache.org/dev/licensing-howto.html#mod-notice
-----------------------------------------------
A separate jira has been created for the pi4J issue:
- javax.servlet-api-3.1.0.jar is CDDL-2 and GPL.
See [4] and https://glassfish.java.net/nonav/public/CDDL+GPL.html
<https://glassfish.java.net/nonav/public/CDDL+GPL.html>
- javax.websocket-api-1.0.jar is CDDL-1.1 and GPL-2
See [5] and https://glassfish.java.net/public/CDDL+GPL_1_1.html
<https://glassfish.java.net/public/CDDL+GPL_1_1.html>
The above is fine as you can select the license to use from any dual licensed
software and CDDL is category B and is allowed to be used in a convenience
binary.
- pi4j-core-1.0.jar is LGPL-3.0
See [6] and http://www.gnu.org/licenses/lgpl.txt
<http://www.gnu.org/licenses/lgpl.txt>
This would not be allowed. You could ask VP legal togged permission to make a
release if you going to be removed in the next incubating release.
Thanks,
Justin
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
