(activemq) Fwd: Legal goo problems

Fri, 28 Mar 2008 16:12:28 -0700 


Begin forwarded message:


From: David Jencks <[EMAIL PROTECTED]>
Date: March 28, 2008 4:04:53 PM PDT
To: [EMAIL PROTECTED]
Subject: Legal goo problems


In my hopefully finite-length effort to get a 4.1.2 release out  
I've been looking a little bit at the LICENSE and NOTICE files in  
the 4.1 branch and trunk and think many of them have big problems.


Current thinking expressed on the legal-discuss is that:


A source code unit expected to be checked out from svn needs  
LICENSE and NOTICE files in svn at the root of the checkout.  These  
files should apply exactly to the source code checked out, and not  
include any language only appropriate for dependencies that may be  
needed to build or run the software.  These are the only LICENSE  
and NOTICE files that need to be actually present in svn.



Each artifact distributed needs a LICENSE and NOTICE file.  These  
may be hardcoded in svn or generated.  These files should  
accurately describe the license(s) and required notices of what is  
actually in the distribution unit (e.g. jar, war, tar.bz2) and not  
describe anything not included that might be necessary to use the  
software.



Artifacts can also have descriptions of dependencies needed to use  
the software but these descriptions should not be in the LICENSE or  
NOTICE files.


so....

Looking around there are 2 problems:

- some of the LICENSE and possibly NOTICE files look like they have  
generally large amounts of text appropriate for dependencies, not  
what they actually apply to
- some LICENSE files are decidedly incomplete.  For instance the  
activemq-web-console includes all the sun jaxb jars but no CDDL  
license.  The trunk root LICENSE.txt file doesn't include the  
licenses for the javascript in the activemq-web-console.


Possible solutions....


The root LICENSE and NOTICE files have to be fixed by hand AFAIK.   
All the others can be generated using the maven-remote-resources  
plugin.  Thanks to Dan Kulp the latest apache resource bundle  
actually generates stuff compliant with the apparent policy.  What  
needs to happen is that modules that have extra LICENSE or NOTICE  
requirements need the extra stuff to be put into



src/main/appended-resources/META-INF/LICENSE and src/main/appended- 
resources/META-INF/NOTICE



I can help with setting this up but I don't know what code might  
need such extra legal goo.  If I'm going to be able to help I'd  
need accurate information on this.



There's also a geronimo maven plugin that can verify that legal  
files are present in all the artifacts you build (jar, war,  
javadoc, source, etc).  I think it's a big help in release auditing  
to include this plugin in the regular build to  catch problems early.


thanks
david jencks

















    











					Reply via email to