Okay - to circle back on sebb's questions: 1. "It is not just source that is important; binary files in the source distribution (e.g. images) can potentially require an entry in the NOTICE file.
Also not all 3rd party additions needs an entry in the NOTICE file. But they must have an entry in the LICENSE file." The only questionable thing is the hadoop-examples.jar file. If we have to, we can add that to the NOTICE file. I believe that we will try and remove it from the source distribution in the next release and forward. 2. "Do you mean that you wish to use the same LICENSE file for both source and binary archives? I'm not sure that is specifically disallowed, but AFAIK it is not recommended. But I guess so long as it is clear which section of the file only applies to the binary archive that would be OK for the next release." We spent some time looking at what others are doing here and decided that it probably made sense to look at a project that sebb is involved with. JMeter has the following at the bottom of the LICENSE file: Binary distributions additionally contain software included under various licenses. For details, please see the files under: licenses/bin It then obviously has a license directory with bin and src subdirectories that contain the license files for the respective distribution. Would you recommend that we consider a different project as an example? thanks! On Thu, Dec 5, 2013 at 12:44 PM, larry mccay <[email protected]> wrote: > Thanks, sebb - we really appreciate your insight here! > > Considering this feedback now - will update in a bit. > > ---------- Forwarded message ---------- > From: sebb <[email protected]> > Date: Thu, Dec 5, 2013 at 12:31 PM > Subject: Re: [MENTOR] Re: Issues with LICENSE/NOTICE files > To: larry mccay <[email protected]> > Cc: "[email protected]" <[email protected]> > > > On 5 December 2013 17:15, larry mccay <[email protected]> wrote: > > Here is a proposal for the NOTICE and RELEASE file changes going forward: > > > > For release 0.3.1: > > > > NOTICES file will be positioned at the top of the source tree. > > It is NOTICE not NOTICES, but yes it should be at top of source tree. > [This is so the user can easily find it] > > > It will have > > any references that aren't included as source removed - making it mostly > > empty. > > It is not just source that is important; binary files in the source > distribution (e.g. images) can potentially require an entry in the > NOTICE file. > > Also not all 3rd party additions needs an entry in the NOTICE file. > But they must have an entry in the LICENSE file. > > > LICENSE file will also be position at the top of the source tree. For > 0.3.1 > > we will include references to the licenses of all external project > > dependencies and call them out as binary dependencies. > > Do you mean that you wish to use the same LICENSE file for both source > and binary archives? > I'm not sure that is specifically disallowed, but AFAIK it is not > recommended. > But I guess so long as it is clear which section of the file only > applies to the binary archive that would be OK for the next release. > > > Both of these files will be copied into the release artifacts during > > assembly. > > Are you *sure* that the binary archive does not include any > dependencies that require a mention in the NOTICE file? > > > Next release (trunk): > > > > NOTICES file will be positioned at the top of the source tree. It will > have > > any references that aren't included as source removed - making it mostly > > empty. > > LICENSE file will remove direct references to external project licenses > and > > replace them with a pointer to a licenses directory that will contain > all of > > the license files for the binary dependencies. > > > > Both files will continue to be copied into the release artifacts at > assembly > > time but in addition we will also copy the license directory as well. > > Again, it may be that a different NOTICE file is needed for the binary > distribution. > > > Looking for feedback on this from our mentors and sebb - who has > initiated > > the need for these changes. > > > > > On Thu, Dec 5, 2013 at 9:54 AM, larry mccay <[email protected]> > wrote: > >> > >> There is a current thread on general called Release Verification > Checklist > >> that is relevant here. > >> > >> > >> > >> On Thu, Dec 5, 2013 at 9:32 AM, Kevin Minder > >> <[email protected]> wrote: > >>> > >>> Hi Everyone, > >>> Here is what I think we should do to resolve this. I have both a short > >>> term and long term goal in mind. > >>> > >>> Short term we need to review and enhance this. > >>> https://cwiki.apache.org/confluence/display/KNOX/Dependencies > >>> We need to review it to make sure it is still correct for 0.3.1. > >>> We need to enhance it to capture exactly what should be in the LICENSE > >>> and NOTICE files for each of these dependencies. > >>> I think we should enlist sebb (Sebastian Bazley?) while we have his > >>> attention in this effort. > >>> > >>> Long term I think we should propose some form of the result for this to > >>> be maintained by Apache. It is very inefficient that each projects > needs to > >>> independently rediscover the right answer for this. There should just > be a > >>> list. If you use this JAR you need "this" in LICENSE and "that" in > NOTICE. > >>> > >>> Kevin. > >>> > >>> -- > >>> CONFIDENTIALITY NOTICE > >>> NOTICE: This message is intended for the use of the individual or > entity > >>> to which it is addressed and may contain information that is > confidential, > >>> privileged and exempt from disclosure under applicable law. If the > reader of > >>> this message is not the intended recipient, you are hereby notified > that any > >>> printing, copying, dissemination, distribution, disclosure or > forwarding of > >>> this communication is strictly prohibited. If you have received this > >>> communication in error, please contact the sender immediately and > delete it > >>> from your system. Thank You. > >> > >> > > > >
