Re: Licensing / Notice / etc
Hi, Thanks Justin and Willem. I have used the maven plugin to check all license once again. I have finished the above modifications, you can have a check: [1] License: https://github.com/apache/incubator-iotdb/blob/2561a3b397fb6fedd99a0afddc4e665f253c5e22/License [2] License-binary: https://github.com/apache/incubator-iotdb/blob/2561a3b397fb6fedd99a0afddc4e665f253c5e22/License-binary [3] Notice: https://github.com/apache/incubator-iotdb/blob/2561a3b397fb6fedd99a0afddc4e665f253c5e22/NOTICE [4] Notice-binary: https://github.com/apache/incubator-iotdb/blob/2561a3b397fb6fedd99a0afddc4e665f253c5e22/NOTICE-binary Best, --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 Willem Jiang 于2019年7月24日周三 下午2:16写道: > If you have the binary release, you need to list all the third party > jars in the License file. > BTW, you can use maven license plugin[1] to list those jars in your > distribution directory. > You can find the plugin setting example here[2]. The only missing part > is you still need to copy the generated file into License file > yourself. > > [1]https://www.mojohaus.org/license-maven-plugin/ > [2]https://github.com/apache/servicecomb-pack/blob/master/pom.xml#L643 > > Willem Jiang > > Twitter: willemjiang > Weibo: 姜宁willem > > On Wed, Jul 24, 2019 at 10:00 AM Xiangdong Huang > wrote: > > > > Hi Justin, > > > > How about the following modifications: > > > > > 1. Why is license information being mentioned in NOTICE? All license > > information should go in LICENSE. > > > > Remove all license information out of NOTICE, and copy all content of > > NOTICEs from all bundled dependencies to our NOTICE? > > > > > 2. Why is the General Public License (GPL) license mentioned? (It’s a > > Category X license) > > > > I check the content and find that we use `javax.annotation`, which uses > > CDDL and GPL double license. > > I think it is ok that we use the dependence according to CDDL. So just > > removing the content about GPL is ok, I think. > > > > > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not > > bundled mentioned? > > > > I think we can remove them out of the NOTICE and LICENSE. > > > > > 4. Why are the binaries mentioned in the source release? Please make > > seperate LICENSE and NOTICE for the source and binary releases. > > > > Do we need to maintain 4 files: LICENSE, NOTICE, LICENSE-binary, and > > NOTICE-binary? > > > > > In LICENSE it also seem you are listing dependancies rather than what > is > > bundled in the source release? > > > > According to [1] (BUNDLED VS. NON-BUNDLED DEPENDENCIES), only the > (binary) > > jars and java (source) files that written by the third part are bundled. > > > > The dependencies that claimed in pom.xml will be downloaded > automatically > > from the Maven Repository when the user compile the source code, so they > > can be considered as non-bundled. Are these dependencies can be removed > > from the LICENSE? > > > > [1] http://www.apache.org/dev/licensing-howto.html#mod-notice > > > > Best, > > --- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > 黄向东 > > 清华大学 软件学院 > > > > > > Justin Mclean 于2019年7月24日周三 上午6:47写道: > > > > > HI, > > > > > > I took a quick look at NOTICE and something is not right: > > > 1. Why is license information being mentioned in NOTICE? All license > > > information should go in LICENSE. > > > 2. Why is the General Public License (GPL) license mentioned? (It’s a > > > Category X license) > > > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not > bundled > > > mentioned? > > > 4. Why are the binaries mentioned in the source release? Please make > > > seperate LICENSE and NOTICE for the source and binary releases. > > > > > > In LICENSE it also seem you are listing dependancies rather than what > is > > > bundled in the source release? > > > > > > Thanks, > > > Justin >
Re: Licensing / Notice / etc
If you have the binary release, you need to list all the third party jars in the License file. BTW, you can use maven license plugin[1] to list those jars in your distribution directory. You can find the plugin setting example here[2]. The only missing part is you still need to copy the generated file into License file yourself. [1]https://www.mojohaus.org/license-maven-plugin/ [2]https://github.com/apache/servicecomb-pack/blob/master/pom.xml#L643 Willem Jiang Twitter: willemjiang Weibo: 姜宁willem On Wed, Jul 24, 2019 at 10:00 AM Xiangdong Huang wrote: > > Hi Justin, > > How about the following modifications: > > > 1. Why is license information being mentioned in NOTICE? All license > information should go in LICENSE. > > Remove all license information out of NOTICE, and copy all content of > NOTICEs from all bundled dependencies to our NOTICE? > > > 2. Why is the General Public License (GPL) license mentioned? (It’s a > Category X license) > > I check the content and find that we use `javax.annotation`, which uses > CDDL and GPL double license. > I think it is ok that we use the dependence according to CDDL. So just > removing the content about GPL is ok, I think. > > > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not > bundled mentioned? > > I think we can remove them out of the NOTICE and LICENSE. > > > 4. Why are the binaries mentioned in the source release? Please make > seperate LICENSE and NOTICE for the source and binary releases. > > Do we need to maintain 4 files: LICENSE, NOTICE, LICENSE-binary, and > NOTICE-binary? > > > In LICENSE it also seem you are listing dependancies rather than what is > bundled in the source release? > > According to [1] (BUNDLED VS. NON-BUNDLED DEPENDENCIES), only the (binary) > jars and java (source) files that written by the third part are bundled. > > The dependencies that claimed in pom.xml will be downloaded automatically > from the Maven Repository when the user compile the source code, so they > can be considered as non-bundled. Are these dependencies can be removed > from the LICENSE? > > [1] http://www.apache.org/dev/licensing-howto.html#mod-notice > > Best, > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > Justin Mclean 于2019年7月24日周三 上午6:47写道: > > > HI, > > > > I took a quick look at NOTICE and something is not right: > > 1. Why is license information being mentioned in NOTICE? All license > > information should go in LICENSE. > > 2. Why is the General Public License (GPL) license mentioned? (It’s a > > Category X license) > > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not bundled > > mentioned? > > 4. Why are the binaries mentioned in the source release? Please make > > seperate LICENSE and NOTICE for the source and binary releases. > > > > In LICENSE it also seem you are listing dependancies rather than what is > > bundled in the source release? > > > > Thanks, > > Justin
Re: Licensing / Notice / etc
HI, > Remove all license information out of NOTICE, and copy all content of > NOTICEs from all bundled dependencies to our NOTICE? That seems like the right thing to do, but I’m still not sure what is actually bundled in the source release. > I think it is ok that we use the dependence according to CDDL. So just > removing the content about GPL is ok, I think. CDDL content can’t be included in a source release (it’s category B) so there should be no mention of it either. In the case where things are dual licensed then yes you take the more compatible license. > Do we need to maintain 4 files: LICENSE, NOTICE, LICENSE-binary, and > NOTICE-binary? Thats a good way of doing it yes. > According to [1] (BUNDLED VS. NON-BUNDLED DEPENDENCIES), only the (binary) > jars and java (source) files that written by the third part are bundled. A source release should not contain compiled code. > The dependencies that claimed in pom.xml will be downloaded automatically > from the Maven Repository when the user compile the source code, so they > can be considered as non-bundled. Are these dependencies can be removed > from the LICENSE? Is general yes, but it depends on what is actually in the source release that is voted on. Thanks, Justin
Re: Licensing / Notice / etc
Hi Justin, How about the following modifications: > 1. Why is license information being mentioned in NOTICE? All license information should go in LICENSE. Remove all license information out of NOTICE, and copy all content of NOTICEs from all bundled dependencies to our NOTICE? > 2. Why is the General Public License (GPL) license mentioned? (It’s a Category X license) I check the content and find that we use `javax.annotation`, which uses CDDL and GPL double license. I think it is ok that we use the dependence according to CDDL. So just removing the content about GPL is ok, I think. > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not bundled mentioned? I think we can remove them out of the NOTICE and LICENSE. > 4. Why are the binaries mentioned in the source release? Please make seperate LICENSE and NOTICE for the source and binary releases. Do we need to maintain 4 files: LICENSE, NOTICE, LICENSE-binary, and NOTICE-binary? > In LICENSE it also seem you are listing dependancies rather than what is bundled in the source release? According to [1] (BUNDLED VS. NON-BUNDLED DEPENDENCIES), only the (binary) jars and java (source) files that written by the third part are bundled. The dependencies that claimed in pom.xml will be downloaded automatically from the Maven Repository when the user compile the source code, so they can be considered as non-bundled. Are these dependencies can be removed from the LICENSE? [1] http://www.apache.org/dev/licensing-howto.html#mod-notice Best, --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 Justin Mclean 于2019年7月24日周三 上午6:47写道: > HI, > > I took a quick look at NOTICE and something is not right: > 1. Why is license information being mentioned in NOTICE? All license > information should go in LICENSE. > 2. Why is the General Public License (GPL) license mentioned? (It’s a > Category X license) > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not bundled > mentioned? > 4. Why are the binaries mentioned in the source release? Please make > seperate LICENSE and NOTICE for the source and binary releases. > > In LICENSE it also seem you are listing dependancies rather than what is > bundled in the source release? > > Thanks, > Justin
Re: Licensing / Notice / etc
HI, I took a quick look at NOTICE and something is not right: 1. Why is license information being mentioned in NOTICE? All license information should go in LICENSE. 2. Why is the General Public License (GPL) license mentioned? (It’s a Category X license) 3. Why are dependancies (JUnit / Hamscrest) which I assume are not bundled mentioned? 4. Why are the binaries mentioned in the source release? Please make seperate LICENSE and NOTICE for the source and binary releases. In LICENSE it also seem you are listing dependancies rather than what is bundled in the source release? Thanks, Justin
Re: Licensing / Notice / etc
Hi, I found one :D https://issues.apache.org/jira/projects/IOTDB/issues/IOTDB-45?filter=allissues Best, -- Jialin Qiao School of Software, Tsinghua University 乔嘉林 清华大学 软件学院 > -原始邮件- > 发件人: "Jialin Qiao" > 发送时间: 2019-07-23 16:35:31 (星期二) > 收件人: dev@iotdb.apache.org > 抄送: > 主题: Re: Licensing / Notice / etc > > Hi Julian, > > We do not have such issues. > > Xinyi and I checked and updated the LICENSE and NOTICE in March. From then > on, we do not bring in additional dependencies. > > Logically, these two files should be ok, but one more check is good. > > Best, > -- > Jialin Qiao > School of Software, Tsinghua University > > 乔嘉林 > 清华大学 软件学院 > > > -原始邮件- > > 发件人: "Julian Feinauer" > > 发送时间: 2019-07-23 15:44:44 (星期二) > > 收件人: "dev@iotdb.apache.org" > > 抄送: > > 主题: Licensing / Notice / etc > > > > Hi all, > > > > just another think which is VERY important fort he release ist he > > correctness of all LICENSE files, NOTICE file and all that. > > So are there any open issues or do we have a good feeling about all that? > > > > @Justin: Could you perhaps assist us a bit with a quick check (to avoid > > that we cast a Vote and cancel it again due to “obvious” things). > > > > Thanks! > > Julian
Re: Licensing / Notice / etc
Hi Julian, We do not have such issues. Xinyi and I checked and updated the LICENSE and NOTICE in March. From then on, we do not bring in additional dependencies. Logically, these two files should be ok, but one more check is good. Best, -- Jialin Qiao School of Software, Tsinghua University 乔嘉林 清华大学 软件学院 > -原始邮件- > 发件人: "Julian Feinauer" > 发送时间: 2019-07-23 15:44:44 (星期二) > 收件人: "dev@iotdb.apache.org" > 抄送: > 主题: Licensing / Notice / etc > > Hi all, > > just another think which is VERY important fort he release ist he correctness > of all LICENSE files, NOTICE file and all that. > So are there any open issues or do we have a good feeling about all that? > > @Justin: Could you perhaps assist us a bit with a quick check (to avoid that > we cast a Vote and cancel it again due to “obvious” things). > > Thanks! > Julian
Licensing / Notice / etc
Hi all, just another think which is VERY important fort he release ist he correctness of all LICENSE files, NOTICE file and all that. So are there any open issues or do we have a good feeling about all that? @Justin: Could you perhaps assist us a bit with a quick check (to avoid that we cast a Vote and cancel it again due to “obvious” things). Thanks! Julian
