On Apr 19, 2012, at 4:39 PM, Jonathan Gallimore wrote:
> I'm running a full build from the tag with all the tests and a clean .m2
> directory at the moment. I'm sure it'll be fine, but I always like to try a
> build when voting :). Meanwhile, I've been taking a look at the legal
> report. I'll do a bit more on this tomorrow, but I spotted a couple of
> things so far:
>
> The following modules do not have META-INF/LICENSE and META-INF/NOTICE
> files:
>
> openejb-karaf-commands-4.0.0.jar
> openejb-karaf-rebranding-4.0.0.jar
> openejb-provisionning-4.0.0.zip (no LICENSE, but NOTICE is present)
> openejb-ssh-4.0.0.zip
> xbean-finder-shaded-3.10.jar
We should definitely add LICENSE and NOTICE files to jars. I can take care of
that.
The openejb-provisionning-4.0.0.zip simply has a typo in the LICENSE file.
Easy fix as well.
41134 04-17-2012 20:45 openejb-provisionning-4.0.0/LICENCE
2490 04-17-2012 20:45 openejb-provisionning-4.0.0/NOTICE
I hadn't noticed the openejb-ssh-4.0.0.zip. I don't have the time to create
license and notice files for those. The license/notice files for the
provisioning zip took 3 hours -- you can't generate these things or trust the
contents of the jars in the zip.
So that one will likely be deleted if left to me to fix.
> I really like the legal report, but I could probably use a reminder of
> exactly how to read it... specifically around declared and undeclared
> licenses/notices. Using the TomEE webprofile zip as an example (
> http://people.apache.org/~dblevins/staging-068/legal/org.apache.openejb.apache-tomee.1.0.0.apache-tomee-1.0.0-webprofile.zip.licenses.html),
> it looks like there are both declared and undeclared licenses. I would read
> an undeclared license as one that is present in one of the jars included in
> the zip, but has been missed in the main zips LICENSES file. Is that
> correct? If so, ideally we should have no undeclared licenses?
That's the general idea, however the tool is very crude, so at best it's an
indication of what things a human might want to investigate.
Here's a list of the changes between beta-2 and the proposed final binaries.
Assuming you trust your review of beta-2, you only need to focus on ensuring
the changed libraries are accurately represented in the respective NOTICE and
LICENSE files.
apache-tomee 1.0.0 webprofile
D commons-beanutils-1.8.3.jar
D log4j-1.2.16.jar
D openejb-javaagent-4.0.0-beta-2.jar
D openjpa-2.1.1.jar
D slf4j-log4j12-1.6.1.jar
A commons-beanutils-core-1.8.3.jar
A commons-lang3-3.1.jar
A gson-2.1.jar
A jaxb-api.jar
A jaxb-impl.jar
A openjpa-asm-shaded-2.2.0.jar
A slf4j-jdk14-1.6.4.jar
A tomee-myfaces-4.0.0.jar
change: +2.12 MB
total : 26.36 MB
apache-tomee 1.0.0 plus
D commons-beanutils-1.8.3.jar
D log4j-1.2.16.jar
D openejb-javaagent-4.0.0-beta-2.jar
D openjpa-2.1.1.jar
D slf4j-log4j12-1.6.1.jar
A commons-beanutils-core-1.8.3.jar
A commons-lang3-3.1.jar
A gson-2.1.jar
A jaxb-api.jar
A jaxb-impl.jar
A openjpa-asm-shaded-2.2.0.jar
A slf4j-jdk14-1.6.4.jar
A tomee-myfaces-4.0.0.jar
change: +2.23 MB
total : 44.01 MB
openejb-standalone 4.0.0
D commons-beanutils-1.8.3.jar
D log4j-1.2.16.jar
D openjpa-2.1.1.jar
D slf4j-log4j12-1.6.1.jar
A commons-beanutils-core-1.8.3.jar
A commons-lang3-3.1.jar
A jaxb-impl-2.2.5.jar
A openjpa-asm-shaded-2.2.0.jar
A slf4j-jdk14-1.6.4.jar
change: +1.41 MB
total : 33.15 MB
