This is just Felix policy about a file named DEPENDENCIES. The document
evolved from a NOTICE file policy, so those references to a "notice
file" are from that history...I've now edited them out.
The purpose of the DEPENDENCIES file is for us to be able to audit our
license dependencies (and to give some credit to other projects). We
have the possibility to generate this in some cases, but nothing that
works in all cases, so that does suck.
Regardless, the cost is usually a one-time investment with potential
incremental changes in the future if dependencies change.
-> richard
On 1/26/11 14:41, David Jencks wrote:
Is this about a file named DEPENDENCIES or a file named NOTICE? Does "must"
mean apache policy or felix policy? If it's about a file named DEPENDENCIES I suggest
you don't call it a notice file; I was confused enough to write this note.
By apache policy, a DEPENDENCIES file is completely optional and has no
specified content. The maven-remote-resources plugin generates one but I'm
starting to think it was a bad idea that I shouldn't have introduced.
This does not relate well to whats needed in a NOTICE file either. The NOTICE
file should not mention non-included content nor licenses of included content.
I think it's really confusing to duplicate content between the
(apache-optional) DEPENDENCIES file and the required NOTICE and LICENSE files.
The LICENSE file needs complete license info for what's in the artifact. This
appears to munge together the license info for the contents and the
dependencies. The text at the top looks confusingly similar to the text of the
apache NOTICE file. Judging by the amount of confusion here at apache about
NOTICE file text, I think having anything that looks even vaguely similar in
another non-legal file is just going to make the actual license requirements
incomprehensible to any outsider.
david jencks
On Jan 26, 2011, at 10:00 AM, [email protected] wrote:
DEPENDENCIES file template
Page edited by Richard S. Hall
Changes (0)
...
Full Content
Each released software archive must a notice file in it to declare third-party
dependencies and their licenses. The following template should be used:
Apache Felix AAA
Copyright BBB The Apache Software Foundation
This software was developed at the Apache Software Foundation
(http://www.apache.org) and may have dependencies on other
Apache software licensed under Apache License 2.0.
I. Included Third-Party Software
CCC
II. Used Third-Party Software
DDD
III. Overall License Summary
- Apache License 2.0
- EEE
Where the placeholders have the following meaning:
AAA - Name of the Felix subproject.
BBB - Copyright year or range of years.
CCC - List of third-party software included in the archive.
DDD - List of third-party software used (but not included) by the archive.
EEE - List of additional third-party licenses as a result of the dependencies.
The format for an individual third-party dependency is flexible, but should try
to include the name of the developing organization or individual, a URL, a
copyright, and the license. For example, a dependency on OSGi software would
look like this:
This product includes software developed at
The OSGi Alliance (http://www.osgi.org/).
Copyright (c) OSGi Alliance (2000, 2009).
Licensed under the Apache License 2.0.
If you need additional examples on how to file out a NOTICE file, look at other
examples in the SVN repo or ask on the dev@felix mailing list.
Change Notification PreferencesView Online | View Changes | Add Comment
