Take a look at this document; it has a how to, and is considered the canonical document: http://www.apache.org/dev/licensing-howto.html
--David On Thu, Apr 2, 2015 at 12:32 PM, Stephen Mallette <[email protected]> wrote: > oh - i misread your post a bit (and i've misunderstood the notion of source > and binary LICENSE/NOTICE, since Matt introduced the concept - sorry about > that). let me try to rephrase: > > for our "source" LICENSE/NOTICE (lives at the root of the source tree - > i.e. where they are now) we will have: > > 1. The Apache License in LICENSE > 2. This in NOTICE: > > --------------------------------------------------------- > Apache Tinkerpop depends on components with separate copyright notices > and license terms. > > Your use of the source code for the these subcomponents is subject to the > terms and conditions oftheir respective licenses. > > See the LICENSE file for a list of subcomponents and dependencies and > their respective licenses. > --------------------------------------------------------- > > That's all we need for source NOTICE/LICENSE because "Tinkerpop source code > *does not* actively bundles other source code under other licenses" > > for the "binaries" NOTICE/LICENSE - i assume that refers to our "zip > distribution". if so, i will add LICENSE/NOTICE to gremlin-server and > gremlin-console (as only those two modules assemble zips) and these would > contain the dependencies more in the format of what i have now in the > "source" LICENSE/NOTICE. > > If all that makes sense, then these would be the items to get > more consensus on: > > 1. For the binary NOTICE can we drop the Netty NOTICE? I guess that is not > a rule for the NOTICE files of all non-ASF projects? isn't it safer to just > include such things since IANAL? By that same token, i assume that we must > include copies of NOTICE from all ASF projects. > 2. For the binary LICENSE, there is some conflicting opinion between Rob > and Matt that could use resolution. Do I need to have multiple copies of > BSD licenses (i assume MIT is ok) in the LICENSE file just because of > copyright differences? > 3. For the binary LICENSE, I can remove direct list of Apache licensed > dependencies because "there is no need to list dependencies which are under > the Apache License, it is reasonable to assume that if the component > isn't explicitly > called out that the main Apache License applies to it." - correct? > > Thanks, > > Stephen > > > > > > On Thu, Apr 2, 2015 at 11:54 AM, Rob Vesse <[email protected]> wrote: > >> Well the work you done is still relevant for the LICENSE and NOTICE for >> your binary distribution though may require some trimming down >> >> To reiterate you should have separate LICENSE and NOTICE for your binaries >> because those will include different things to your pure source code >> release. >> >> Rob >> >> On 02/04/2015 16:22, "Stephen Mallette" <[email protected]> wrote: >> >> >This statement: >> > >> >> Unless Tinkerpop source code actively bundles other source code under >> >other licenses then you should basically have nothing except the basic >> >Apache License in LICENSE and the basic copyright notice in NOTICE >> > >> >It seems to cut everything short for me. We don't bundle source code that >> >I can think of. As such, all we need is: >> > >> >1. The Apache License in LICENSE >> >2. This in NOTICE: >> > >> >--------------------------------------------------------- >> >Apache Tinkerpop depends on components with separate copyright notices >> >and license terms. >> > >> >Your use of the source code for the these subcomponents is subject to the >> >terms and conditions oftheir respective licenses. >> > >> >See the LICENSE file for a list of subcomponents and dependencies and >> >their respective licenses. >> >--------------------------------------------------------- >> > >> >Is that agreeable? Or are there conflicting opinions? >> > >> >If agreeable, i'm happy with that even though I did a lot of work that is >> >up for the chopping block. Of course, that wasn't completely wasted >> >effort >> >- found two LGPL licensed products in our stuff that were being pulled in >> >from other dependencies. >> > >> > >> > >> > >> >On Thu, Apr 2, 2015 at 11:06 AM, Rob Vesse <[email protected]> wrote: >> > >> >> Stephen >> >> >> >> My thoughts on this - and please bear in mind you are going to receive >> >> lots of conflicting opinions and advice any time this gets discussed - >> >>are >> >> as follows. Also please remember that IANAL. >> >> >> >> NOTICE looks way too busy, it is for required notices only. You should >> >> not need to list out the Copyright statements for everything you depend >> >>on >> >> since most ALv2 compatible licenses don't contain attribution clauses >> >>that >> >> would require this. Usually it is sufficient to simply have text of the >> >> following form in the NOTICE file >> >> >> >> "Apache Tinkerpop depends on components with separate copyright notices >> >> and license terms. >> >> >> >> Your use of the source code for the these subcomponents is subject to >> >>the >> >> terms and conditions oftheir respective licenses. >> >> >> >> See the LICENSE file for a list of subcomponents and dependencies and >> >> their respective licenses." >> >> >> >> >> >> Secondly surely most of these things are binary dependencies only? >> >> >> >> As Matt already noted you should have a separate LICENSE and NOTICE for >> >> your source versus your binaries, most of what appears currently would >> >> appear to only apply to your binary and not your source. Unless >> >>Tinkerpop >> >> source code actively bundles other source code under other licenses then >> >> you should basically have nothing except the basic Apache License in >> >> LICENSE and the basic copyright notice in NOTICE. You are encouraged to >> >> create and maintain separate LICENSE and NOTICE for your binaries which >> >> should be placed elsewhere in the tree or named appropriately to >> >> distinguish them. >> >> >> >> For the LICENSE there is no need to list dependencies which are under >> >>the >> >> Apache License, it is reasonable to assume that if the component isn't >> >> explicitly called out that the main Apache License applies to it. >> >> >> >> You appear to have replicated the BSD license several times in the >> >>LICENSE >> >> file, I'm unclear if this is strictly necessary or not (whether the >> >> copyright notices require this) or if it is enough to just put the main >> >> license text once and list the components to which it applies >> >> >> >> Netty and NOTICE - The Netty NOTICE file is horrific and most of what is >> >> in their NOTICE file actually belongs in LICENSE in my opinion. If a >> >> project is external to the ASF do not assume that they are using the >> >> NOTICE file correctly as the ASF would. >> >> >> >> Note that I would wait to hear the other (possibly conflicting) opinions >> >> from other mentors before you do any substantial further work on this >> >> >> >> Rob >> >> >> >> On 02/04/2015 14:32, "Stephen Mallette" <[email protected]> wrote: >> >> >> >> >I've made pretty good progress with the notice/license file, but not >> >>quite >> >> >done. Could I ask that Matt/others take a look at what I have so far >> >>to >> >> >be >> >> >sure that I'm on the right track: >> >> > >> >> >https://github.com/apache/incubator-tinkerpop/blob/master/NOTICE.txt >> >> >https://github.com/apache/incubator-tinkerpop/blob/master/LICENSE.txt >> >> > >> >> >If so, I will complete with the pattern than I'm following. I will say >> >> >that if it is confirmed that I am doing this right, very few other >> >> >projects >> >> >are doing it right. that would include some very big named projects. >> >> > >> >> > >> >> > >> >> >On Wed, Apr 1, 2015 at 5:11 PM, Matt Franklin >> >><[email protected]> >> >> >wrote: >> >> > >> >> >> On Wed, Apr 1, 2015 at 5:01 PM Stephen Mallette >> >><[email protected]> >> >> >> wrote: >> >> >> >> >> >> > Matt, your advice was a big help in getting me going. Hopefully, I >> >> >>can >> >> >> get >> >> >> > this all pretty close to your expectations by the time I'm done. A >> >> >> couple >> >> >> > of follow up questions: >> >> >> > >> >> >> > 1. What do I do with dual-licensed stuff? Do i just choose the >> >> >>favorable >> >> >> > license and list it under that section? >> >> >> > >> >> >> >> >> >> Choose the appropriate license and include that one. If you want to >> >>be >> >> >> especially thorough, you can note that the lib was dual licensed >> >>next to >> >> >> the name in the license file e.g. >> >> >> >> >> >> com.x.y.z.foo (Dual Licensed, chose ASLv2) >> >> >> >> >> >> >> >> >> > 2. Does the NOTICE just need the copyright information? Like, BSD >> >> >>seems >> >> >> to >> >> >> > indicate that I need to preserve the copyright, but i have the >> >>entire >> >> >>BSD >> >> >> > license with copyright in LICENSE already - do i need just the >> >> >>copyright >> >> >> > in >> >> >> >> >> >> NOTICE? or do i satisfy things by simply including the entirety of >> >>the >> >> >>BSD >> >> >> > license in our LICENSE file? or am i just overthinking at this >> >> >>point? :) >> >> >> > >> >> >> >> >> >> NOTICE just needs the copyright information. LICENSE should have the >> >> >>full >> >> >> text, including the copyright. That is the best way I have seen to >> >>meet >> >> >> the license requirement >> >> >> >> >> >> >> >> >> > >> >> >> > Thanks, >> >> >> > >> >> >> > Stephen >> >> >> > >> >> >> > On Wed, Apr 1, 2015 at 1:48 PM, Matt Franklin >> >> >><[email protected]> >> >> >> > wrote: >> >> >> > >> >> >> > > On Wed, Apr 1, 2015 at 1:23 PM Stephen Mallette >> >> >><[email protected]> >> >> >> > > wrote: >> >> >> > > >> >> >> > > > Mentors, >> >> >> > > > >> >> >> > > > In preparation for release, I wanted to try to get the LICENSE >> >>and >> >> >> > NOTICE >> >> >> > > > files looking good. I read the information i could find on the >> >> >> Apache >> >> >> > > site >> >> >> > > > and studied the files of other Apache projects that have done >> >> >> releases >> >> >> > > and >> >> >> > > > I can only say that after all that I'm still confused. I just >> >> >>don't >> >> >> > see >> >> >> > > a >> >> >> > > > clear pattern for producing these files that I can follow. >> >> >> > > > >> >> >> > > > Could someone please provide some advice on what is expected >> >>here? >> >> >> > > > >> >> >> > > >> >> >> > > Unfortunately, it is more art than science on the NOTICE. Here >> >>are >> >> >>the >> >> >> > > general guidelines I follow (and look for) >> >> >> > > >> >> >> > > 1) Different NOTICE/LICENSE files for source and binary >> >> >>distributions. >> >> >> > The >> >> >> > > source distribution should ONLY contain entries for CODE that has >> >> >>been >> >> >> > > integrated from 3rd parties, IE if you pulled a class in from >> >>some >> >> >> other >> >> >> > > project. The binary files need to have relevant entries for ANY >> >> >> > dependency >> >> >> > > included in the distribution, in addition to the code entries. >> >> >> > > >> >> >> > > 2) NOTICE files should only contain entries for binaries/code >> >>where >> >> >>the >> >> >> > > license specifically asserts that a copyright statement be >> >>included >> >> >> > beyond >> >> >> > > the license. >> >> >> > > >> >> >> > > 3) LICENSE files should be organized such that one copy of >> >>identical >> >> >> > > license text exits and a list of libraries/classes that are >> >>licensed >> >> >> > under >> >> >> > > it are listed IE >> >> >> > > >> >> >> > > x,y,z dependencies are licensed under the following: >> >> >> > > >> >> >> > > <license text> >> >> >> > > >> >> >> > > 4) BSD and MIT style licenses are often modified to include >> >>specific >> >> >> text >> >> >> > > from the licensor. These will need to have individual copies. >> >>#3 >> >> >>is >> >> >> > only >> >> >> > > for IDENTICAL licenses, such as the ASL v2, EPL, CDDL, etc. >> >> >> > > >> >> >> > > >> >> >> > > > >> >> >> > > > Thanks, >> >> >> > > > >> >> >> > > > Stephen >> >> >> > > > >> >> >> > > >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>
