It may be desirable to include LICENSE and NOTICE files in your delivered jar files themselves, as appropriate.
There was just mention of that in a comment by Kevan Miller on LEGAL-119: < https://issues.apache.org/jira/browse/LEGAL-119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13163863#comment-13163863> I don't know where Kevan does it, but the META-INF/ path seems like a good choice. - Dennis -----Original Message----- From: Rob Weir [mailto:[email protected]] Sent: Tuesday, December 06, 2011 16:08 To: [email protected] Subject: RC2 binary package I looked some more at the binary package. We're currently includeing the base JARs of the Apache code, as well as the "with-dependencies" JARs that Maven generates. I think this interacts with the requirements for NOTICE.txt and LICENSE.txt. The with-dependencies JARs include the classes for all of our dependencies, and all of their dependencies, etc. So it is self-contained, except for system classes. But that makes us a distributor of these modules, and we would need to include all these licenses in our LICENSE.txt file, as well as any required notices in the NOTICE.txt file. So, option 1 is to track down all of that information for the licenses. I think Devin has done it one-level deep. But I think we need to do this recursively and pull these licenses and notices into our own. Is that correct? Option 2 would be to not ship the "with-dependencies" JARs. Just ship our own core JARs and list the third party dependencies in our release notes, perhaps with URL's and version pre-req's. Option 3, a variation of 2, would be to also create a Maven Archetypesor a sample POM that would enable the user to jumpstart their application. All the structure would be setup, so the dependencies would automatically download for them from Maven Central. -Rob
smime.p7s
Description: S/MIME cryptographic signature
