[
https://issues.apache.org/jira/browse/ZEST-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14510970#comment-14510970
]
Paul Merlin commented on ZEST-15:
---------------------------------
>From what I understand in http://www.apache.org/dev/licensing-howto.html the
>`LICENSE` and `NOTICE` files are required in released distributions only, and,
>that `NOTICE` file needs special attention for *bundled* dependencies only.
>From http://incubator.apache.org/guides/release-java.html I learned that
>repository artifacts are concerned too, including sources and javadoc JARs.
Our source and binary release distributions could include the gradle wrapper
jar only. Gradle downloading dependencies as needed. The `NOTICE` would then be
pretty simple. To ease offline usage we can include a way to download all
needed dependencies in the binary distribution (script, pom ...).
Our repository artifacts JARs should include basic `LICENSE` and `NOTICE` files
in the `META-INF` directory.
I see no source bundled in the Qi4j codebase that's from a third-party.
So from what I understand, if we don't bundle dependencies in our
distributions, we don't need complex `NOTICE` files.
Am I right?
Remain the cryptographic related issue that I did not dug into yet.
> Review legal compliance
> -----------------------
>
> Key: ZEST-15
> URL: https://issues.apache.org/jira/browse/ZEST-15
> Project: Zest
> Issue Type: Sub-task
> Reporter: Niclas Hedhman
>
> Review legal compliance on all dependencies, in particular NOTICE file.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
