On Apr 19, 2009, at 7:14 AM, Niclas Hedhman wrote:
On Sun, Apr 19, 2009 at 3:17 PM, Clement Escoffier
<[email protected]> wrote:
I have a small question about third-party dependencies. When a
project
includes the code of another project (such as ASM), the project has
to
declare it by:
- specifying the dependency in the NOTICE file (in the included
software
section)
- containing a copy of the LICENSE file of the project named
LICENSE.xxx
(for example, LICENSE.asm) [if not ASL 2.0]
Correct. It can be in the same LICENSE file, though.
However, what about used dependencies (not included). For sure, it
has to
declare the dependencies in the used software section of the
NOTICE file,
but what about the LICENSE.xxx ?
Yes, same requirement. NOTICE is a requirement from many (but not all)
licenses, so it is more often than not a requirement to do this
acknowledgement. It is common that we make a verbal distinction
between 'includes sources from' vs 'depends on binary of' or something
to such extent.
I don't think you are correct. After a bunch of discussion on legal-
discuss I think that the NOTICE file applies exactly to what is
actually in the artifact containing it and that it should not include
information about anything else.
To support this the maven-remote-resource plugin apache resource
bundle now generates LICENSE and NOTICE files following this principle
and also generates a DEPENDENCIES file that tries to help by
indicating the licenses of dependencies. After coming up with this I
attempted to describe it clearly on legal-discuss and didn't get any
negative feedback so I think it's in line with apache policy.
thanks
david jencks
Cheers
--
Niclas Hedhman, Software Developer
http://www.qi4j.org - New Energy for Java
I live here; http://tinyurl.com/2qq9er
I work here; http://tinyurl.com/2ymelc
I relax here; http://tinyurl.com/2cgsug
