http://nagoya.apache.org/wiki/apachewiki.cgi?JakartaPOIAudits/20030205
Although its not official, I'm more or less the defacto current member
in charge of oversight for Jakarta POI.
Because there seem to be questions on a number of projects as to their
license usage, I thought it would be nice for me to go and audit POI
voluntarily. Although I do not like such issues as licenses and other
things, I realize that staying legitmate affects you my peers and all of
Apache and I do this as a service to protect myself as well as all of
you (you're welcome).
The Jakarta POI project uses the following:
under various subdirs of /lib
1. Commons Logging * (http://jakarta.apache.org/commons/logging.html) ASL
2. log4-j * (http://jakarta.apache.org/log4j) ASL
2. Xalan 2.2 ** (http://xml.apache.org/xalan) ASL
3. Xerces 2.2 ** (http://xml.apache.org/xerces) ASL
Although the following are not required for POI, they are used/provided
by Centipede (http://krysalis.org/centipede) at build time and for
generating our site:
under /tools/cents
1. Primarily these are centipede tools I am not delineating those as
they are just part of centipede
2. checkstyle - LGPL (http://checkstyle.sourceforge.net/) - I was
unaware of this before the audit. Apparently Centipede uses this to
produce this: http://jakarta.apache.org/poi/metrics/checkstyle/ - I do
not personally find checkstyle useful but other developers on the
project (namely Nicola ken) do.
It is my personal understanding that this is acceptable provided that
POI does not directly reference them nor the jar include or require
them. I would like direction from the board whether the use of build
tools which use LGPL is OK (POI itself does not use LGPL). If the board
requests I will disable the use of checkstyle (which will make Nicola
Ken cry). Also I would like guidence on whether just leaving it out of
our CVS repository and letting it be downloaded at build time is fine.
(it is the build and not POI which is using it)
3. javasrc - NO LICENSE (public domain) -
(http://home.austin.rr.com/kjohnston/javasrc.htm)
4. jdepend - BSD - (http://www.clarkware.com/software/JDepend.html)
5. junit - IBM CPL - (http://www.opensource.org/licenses/ibmpl.php)
6. umldoclet - Public Domain -
(http://objectclub.esm.co.jp/uml-doclet/README)
* loaded optionally via some JVM parameters
** used for centipede and XML->Java record (value object of sorts)
generation in the build
In summary, there are no controversial licensing issues for the Jakarta
POI project itself. The only area of question is whether Centipede's
use of LGPL libraries and POI's use of Centipede as a build tool
constitutes a problem. We are eager to resolve this in the event the
board sees this as a problem. It is our preference to continue using
checkstyle unless there is an actual legal issue.
I appreciate your time and consideration in reviewing this audit.
Because I value your time, I will keep this on the wiki and provide
updates. You may find them here:
http://nagoya.apache.org/wiki/apachewiki.cgi?JakartaPOIAudits
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
- ATTN: Maven developers [was: primary distribution loca... Sam Ruby
- Re: ATTN: Maven developers [was: primary distribu... Jason van Zyl
- Re: ATTN: Maven developers [was: primary dist... Jason van Zyl
- Re: ATTN: Maven developers [was: primary dist... Sam Ruby
- Re: ATTN: Maven developers [was: primary ... Jason van Zyl
- Clear the air Re: ATTN: Maven develop... Andrew C. Oliver
- Re: ATTN: Maven developers [was: primary ... Jason van Zyl
- Re: Jakarta POI audit. Andrew C. Oliver
- Re: Jakarta POI audit. Martin van den Bemt
- Re: Jakarta POI audit. Sam Ruby
- Re: Jakarta POI audit. acoliver
- Re: ATTN: Maven developers [was: primary distribu... Dan Diephouse