On Mar 8, 2008, at 4:40 PM, Kevan Miller wrote:
On Mar 8, 2008, at 1:09 PM, David Jencks wrote:
There's been a bunch of discussion on legal-discuss recently about
exactly what should be in the license and notice files and after
looking over the remote-resource-plugin I think we could use it to
provide correct and useful information by doing the following:
1. Produce 3 files: LICENSE, NOTICE, and DEPENDENCIES (new)
2. The standard LICENSE and NOTICE files would be ALv2 and the
standard NOTICE (with ".vm" appended to the file name). No
processing except date range if appropriate.
3. Additional licenses and notices need to be ascertained by hand
and files containing these additions put in src/main/appended-
resources. For instance src/main/appended-resources/LICENSE and
src/main/appended-resources/NOTICE
4. In addition, for the convenience of our users, we provide a
list of transitive dependencies with origin. This would be pretty
similar to what the standard resource bundle puts into the NOTICE
file.
5. genesis would be modified to use this plugin and this bundle by
default.
David Blevins has a dependencies plugin at codehaus/swizzle that
provides hierarchy information by indenting but doesn't seem to
provide provenance. At this point I think I'd prefer the
provenance info to the indentation. If someone has an idea about
how to get both easily I'm all ears.
I'd prefer it if there was an easy way to roll up NOTICES and
LICENSES for projects that physically include jars from other
projects (such as our servers and jee applications and plugins)
but I think that leaving that capability to future developments in
the m-r-r-p might be wise.
I'm having some trouble getting the genesis release OK without the
m-r-r-p so I'd kinda like to get this implemented in the next day
or two.
Sounds good to me. To make sure I understand...
So, it sounds like this is essentially creating the same
information that we currently have in our geronimo/server (LICENSE
and NOTICE files) and subprojects. Correct? Difference being
whitespace/editorial in nature. As long as we have essentially the
same info and aren't adding the cruft that the m-r-r-p wants to add
by default, I think I'll be fine with this...
IIUC, this proposal means we remove most of the LICENSE and NOTICE
files in our svn (e.g. server/trunk/framework/modules/geronimo-
kernel/LICENSE.txt). The one exception is the LICENSE/NOTICE files
in the root of a src distribution file, which must be maintained in
svn, and perhaps license/notice files in assemblies (perhaps). Some
modules and configs which require additional license/notice info,
will have this info placed in src/main/appended-resources. This
information will be automatically appended to the standard license/
notice info. One example of a module requiring this treatment would
be server/trunk/framework/modules/geronimo-crypto/LICENSE.txt.
yes
I don't really have any objections to a DEPENDENCIES file, but I am
not sure what it adds. It's certainly not a requirement. I'd be
interested to hear how you think it will be used...
I think it makes it easier to look for possible license problems in
dependent jars that are likely to be needed to use the jar containing
the dependency file. I always thought that was the reason why the m-
r-r-p put that info in NOTICE
Will commit this stuff later tonight or tomorrow.
thanks
david jencks
--kevan
