[GitHub] ivankelly commented on a change in pull request #888: Rework of binary distribution licenses

Wed, 20 Dec 2017 01:57:04 -0800 

ivankelly commented on a change in pull request #888: Rework of binary 
distribution licenses
URL: https://github.com/apache/bookkeeper/pull/888#discussion_r157979629
 
 

 ##########
 File path: bookkeeper-dist/src/assemble/bin-all.xml
 ##########
 @@ -50,6 +50,11 @@
         <include>${basedir}/*.txt</include>
       </includes>
     </fileSet>
+    <fileSet>
+      <directory>../src/main/resources/deps</directory>
 
 Review comment:
   I've moved all the NOTICE stuff into the NOTICE, so that doesn't link 
anywhere.
   
   The ASF licensing recommendations 
(http://www.apache.org/dev/licensing-howto.html#permissive-deps) actually say 
to bundle the license file, instead of putting directly in the LICENSE file 
unless the license is very short. I actually prefer it like this. 
   
https://github.com/ivankelly/bookkeeper/blob/license-rework/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
 is easier to read than 
https://github.com/apache/bookkeeper/blob/master/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt.
 
   
   LICENSE-all.bin.txt would get huge if we flattened them all. I'm 
particularly eager to keep the CDDL out of it, that license is huge.
   
   > The check script should parse pom files or the assemble tarballs to see 
what dependencies are included, and fetch their corresponding notices and 
   
   We should check on the final output (i.e. the assemble tarball) as that is 
what we distribute. 
   
   > verify if the NOTICE file includes all dependencies or not and if their 
licenses are matched and notices are attached.
   
   This verification is very hard to do in an automated fashion. How will a 
machine know that the protobuf license contains stuff that isn't relevant? How 
will it work out which part of the netty NOTICE needs to be pulled in and which 
doesn't?
   
   It's not hard for a human, but the human will need guidelines which we 
should put in the wiki.
   
   I've added a check to the script to check if the bundled license files are 
linked, and ensure all linked files exist.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to