Thanks for the explanations, Stian. A vote-email script might not be a bad idea! It certainly seems to be a complicated thing to pull together.
In response to Stian's email, I found some additional, related ASF resources that support not requiring license headers in files whose content cannot be copyrighted (e.g., files that contain "Hello"). Here is the link: http://www.apache.org/legal/src-headers.html#faq-exceptions The exception also applies to "Test data for which the addition of a source header would cause the tests to fail." It seems that most of the files that currently do not have license headers, including files in the services sub-directories, meet the criteria of being exempt from the license header requirement. ---------------- However, it sounds like we SHOULD add license headers to the package.html files. Do we want to do that way now, and then later convert to package-info.java files? ---------------- I also found an ASF link that confirms what Stian said about only BUNDLED dependencies needing to be included in NOTICE files. Good to know. (http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled) Also, regarding 3rd party copyrighted works: I found an ASF link that explicitly states: -- not to modify/remove copyright headers from 3rd party works; -- not to add the standard ASF license header to 3rd party works. http://www.apache.org/legal/src-headers.html#3party One remaining question about 3rd party license in src/license/THIRD-PARTY.properties: javax.transaction--com.springsource.javax.transaction--1.1.0 (CDDL 1.0) Is this an exception to the category-b license "binary only" rule because we use only a small amount of source code? One observation about headers in JSON files Most of the JSON files have the header you described (http://purl.org. ..). Is it okay if the JSON file header uses ##? (See below). taverna-activity-archetype\src\main\resources\archetype-resource \__rootArtifactId__-activity\src\main\resources\schema.json ## Licensed to the Apache Software Foundation (ASF) under one or more ## contributor license agreements. See the NOTICE file distributed with ## this work for additional information regarding copyright ownership. ## The ASF licenses this file to You under... .... ## See the License for the specific language governing permissions and ## limitations under the License Also, this statement is after the license: ## Note: Above Velocity comment should NOT be included in generated ## code from the archetype Just wondering what this is. Does it need to be at the end of all License headers? Thanks, Gale On Fri, Jun 3, 2016 at 8:39 AM Stian Soiland-Reyes <[email protected]> wrote: > On 2 June 2016 at 19:50, Gale Naylor <[email protected]> wrote: > > I'm so sorry - I've been replying to the VOTE thread. > > > > I'll copy my comments here: > > > > ------------------------------------------ > > UP-FRONT CHECKS > > ------------------------------------------ > > The MD5 checksums in the [VOTE] email are the same as the SHA1 checksums. > > I'm using the downloaded MD5 and SHA-1. > > Yes, I copy-pasted wrong! :( > > db4309131f4330832736586f6357d691 > apache-taverna-commandline-3.1.0-incubating-source-release.zip > 03c62e8d0d8a8862638655a3591597ba > apache-taverna-common-activities-2.1.0-incubating-source-release.zip > 8113656bf4ac8ed4e5ed88cb1b0da15d > apache-taverna-engine-3.1.0-incubating-source-release.zip > > > (Perhaps we need a vote-email script! > > > ------------------- > > GNU License? > > > > The list of # Already used licenses in project : includes > > > > # - GNU Lesser General Public License, Version 2.1 > > Isn't this a category-x license? (It doesn't show up in the > > "Please fill in the missing licenses" list at the bottom of the file.) > > I assume you mean > apache-taverna-engine-3.1.0-incubating/src/license/THIRD-PARTY.properties > > which is used if you run manually: > > mvn license:aggregate-add-third-party > > > http://www.mojohaus.org/license-maven-plugin/aggregate-add-third-party-mojo.html > > which will generate > > target/generated-sources/license/THIRD-PARTY.txt > > based on the <dependencies> and transitive dependencies. > > > Usually the plugin picks up license info from the POM <licenses> > section, but some projects don't provide that, in which case the > properties file can fill in the blanks. > > The "Already used" section is written by the plugin if you use > -Dlicense.useMissingFile=true > > > But all the LGPL licenses in the report are dual-licensed also as > Apache license: > > stain@biggiebuntu:~/rc/dist/test/apache-taverna-engine-3.1.0-incubating$ > grep GNU target/generated-sources/license/THIRD-PARTY.txt > (GNU Lesser General Public License, Version 2.1) (The Apache > Software License, Version 2.0) Jackson-annotations > (com.fasterxml.jackson.core:jackson-annotations:2.2.2 - > http://wiki.fasterxml.com/JacksonHome) > (GNU Lesser General Public License, Version 2.1) (The Apache > Software License, Version 2.0) Jackson-annotations > (com.fasterxml.jackson.core:jackson-annotations:2.3.0 - > http://wiki.fasterxml.com/JacksonHome) > (GNU Lesser General Public License, Version 2.1) (The Apache > Software License, Version 2.0) Jackson-annotations > (com.fasterxml.jackson.core:jackson-annotations:2.3.3 - > http://wiki.fasterxml.com/JacksonHome) > (GNU Lesser General Public License, Version 2.1) (The Apache > Software License, Version 2.0) Jackson-core > (com.fasterxml.jackson.core:jackson-core:2.2.2 - > http://wiki.fasterxml.com/JacksonHome) > (GNU Lesser General Public License, Version 2.1) (The Apache > Software License, Version 2.0) Jackson-core > (com.fasterxml.jackson.core:jackson-core:2.3.3 - > http://wiki.fasterxml.com/JacksonHome) > (GNU Lesser General Public License, Version 2.1) (The Apache > Software License, Version 2.0) jackson-databind > (com.fasterxml.jackson.core:jackson-databind:2.2.2 - > http://wiki.fasterxml.com/JacksonHome) > (GNU Lesser General Public License, Version 2.1) (The Apache > Software License, Version 2.0) jackson-databind > (com.fasterxml.jackson.core:jackson-databind:2.3.3 - > http://wiki.fasterxml.com/JacksonHome) > > > > > > > ------------------- > > Missing license information: > > > > # http://x-stream.github.io/license.html - this link says BSD (but not > > which type); > > should this copyright be included in our Notice file? > > Not in our NOTICE file yet, as we don't bundle the x-stream library, > we just depend on it. > > But we would need to include that (and much more) in the NOTICE of the > ZIP-file from taverna-commandline-product when/if we decide to > distribute that as a binary release. > > > > org.aopalliance--com.springsource.org.aopalliance--1.0.0 - no license > > listed > > Should be clean: > > http://aopalliance.sourceforge.net/ > > > LICENCE: all the source code provided by AOP Alliance is Public Domain. > > (Oh my, that dependency is more than 12 years old..!) > > > > > # https://github.com/hunterhacker/jdom/blob/jdom-1.1/core/LICENSE.txt - > > this link has a copyright; > > include in Notice file? What do we use for "type" of license? > "Copyright?" > > Or is this also a "JDOM License" like > > org.jdom--com.springsource.org.jdom--1.1.0? > > I think we can just call it the "JDOM license". Same as above, no > need for NOTICE as we don't bundle the JAR. > > > # http://www.xmlpull.org/ - no license listed > > > > > Aren't the following licenses listed under category-b, binary release > only? > > But we only have <dependency> on them, they are not distributed by ASF > (you won't find these dependencies in our source archive), so that is > OK. > > > > > 1) University of Manchester copyright in taverna-provenanceconnector > > files (see previous email). > > Bah! Well spotted! Danger of just disabling a Maven module! > > That is however an (appearant) violation as it claims to be under > incompatible LGPL license -- that code was however covered by the > software grant and should have ASF headers. > > I think we might have to pull the RC for this (we could get it through > the incubator if it was the first release, but this is our third!). > > > > > 2) taverna-execution-hadoop Crossproduct.java file contains copyright > > by Adam Pingel and no ASF license. > > > > I know this is copyright is included in the top level NOTICE > > file, but doesn't it have to be removed from the Java file? > > Strictly speaking we don't need to include that text in the NOTICE if > it is also in the file header, however we need it in the NOTICE so > that it also comes along in JARs in Maven Central. > > I don't think we can move this away from the file header, as then > downstream consumers who decide to copy that file might then easily > violate: > > > Redistributions of source code must retain the above copyright > > notice, this list of conditions and the following disclaimer. > > > > 1) Two README files without license headers: > > /taverna-engine-rc2/taverna-prov/README.md > > /taverna-engine-rc2/taverna-reference-types/README.md > > I think it should be added - but personally I wouldn't block the > release for that alone. > > > > 2) One JSON file without license header > > /taverna-engine-rc2/taverna-run-impl/src/test/resources/workflowrun.json > > It's tricky to add to JSON as it has no comment headers, but it's > possible to add something like this: > > > "http://purl.org/dc/terms/rights": "Licensed to the Apache Software > Foundation (ASF) under one or more contributor license agreements. > See the NOTICE file distributed with this work for additional > information regarding copyright ownership. The ASF licenses this file > to You under the Apache License, Version 2.0 (the 'License'); you may > not use this file except in compliance with the License. You may > obtain a copy of the License at > http://www.apache.org/licenses/LICENSE-2.0 Unless required by > applicable law or agreed to in writing, software distributed under the > License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR > Cse": {"@id": "http://www.apache.org/licenses/LICENSE-2.0"}, > ONDITIONS OF ANY KIND, either express or implied. See the License for > the specific language governing permissions and limitations under the > License.", > "http://purl.org/dc/terms/licen > > > 3) Miscellaneous text and html files don't have a license header. > > (Also spring.handlers and spring.schemas.) > > Are these not considered "code?" > > Not having checked deeper, but I think the spring.* files can't have > license headers. (They don't even have a newline!) > > The spring-files are very small and not copyrightable (does not > achieve Work height) - so it's not a big issue they are missing > headers. > > The HTML files should have license headers. Also I think it's cleaner > to use package-info.java with regular Javadoc instead of package.html > > > > Examples: > > taverna-activity-archetype...goal.txt, > > taverna-credential-manager...text.html, > > taverna-prov...3a/3a82e39d-a537-40cf-91a0-2c89d4a2e62b.txt > > taverna-prov...greeting.txt > > taverna-prov...mimetype > > taverna-workflowmodel-impl...package.html > > taverna-reference-impl...spring.handlers (and spring.schemas) > > Most of these are test resources which must match 1:1 - > documented in the RAT exclusions of pom.xml: > > <exclude>**/*.txt</exclude> <!-- workflow values > --> > > <exclude>**/src/main/resources/archetype-resources/</exclude> <!-- > Don't want our archetype to generate ASF headers --> > <exclude>**/META-INF/spring.*</exclude> <!-- > Miniscule spring marker files --> > <exclude>**/workflowrun.json</exclude> <!-- > example workflow run report --> > > > > 4) Files in services subdirectories also do not have a license headers. > Are > > they exempt? > > > > Examples: > > taverna-credential-manager...services/ > > org.apache.taverna.security.credentialmanager.CredentialProviderSPI > > taverna-dataflow-activity.../services/ > > net.sf.taverna.t2.workflowmodel.health.HealthChecker > > They are also very small (just listing classnames) and so would not be > copyrightable. However they would support a ## style copyright header > which we can add. > > > > Thanks for a thorough check! > > -- > Stian Soiland-Reyes > Apache Taverna (incubating), Apache Commons > http://orcid.org/0000-0001-9842-9718 >
