Hi,
generating a list of all licenses is a good idea. The last thing you
want for your product is to discover that the most recent version of a
dependency is AGPL'ed, if you plan to publish under another license.
I have done this some time ago for the Cinnamon CMS:
http://cinnamon-cms.com/de/cinnamon-server/lizenz-ubersicht
Note that it is probably not enough to just write "Oh, package Foo is
under BSD license" without reproducing the license text itself, as it
often contains the name of the copyright holder and may not be excluded.
I have started to document the Tika-server licenses for a Grails plugin
which uses the server package with its dependencies*, but that is quite
a lot of work, tracking down all the packages and checking the license
files. (And just because a package can be found on the apache.org site
does not mean it's automatically Apache 2.0 License - just found one
which references an old commons-logging version with v1.1).
A funny thing with the Apache license (as well as the GPL) is that both
require a project to generate a genuine copyright notice (see: "How to
apply the Apache license to your project" at the bottom of the original
license page.) I have seen projects that include this text, with the
placeholders intact ... so they are copyright [yyyy] "name of copyright
owner" :)
Best regards,
Ingo
* https://github.com/dewarim/tikaParser/tree/master/licenses
Am 07/15/2015 um 03:08 AM schrieb Chris Harshman:
I am a lawyer, but this is not legal advice.
As a general rule, if the code is included in your project, you're bound by the
license under which that code is made available. That includes dependencies.
There may be some exceptions depending on the license(s) and how they all plug
together (as a crude example, the MIT license attribution requirement might
already be satisfied by a downstream bundler - upstream from you - including
the necessary language).
Personally, I'd conduct a review of each component if license compliance is
important to you (e.g., if you're going to release a commercial product
incorporating the code).
Sent from my iPad
On Jul 13, 2015, at 1:39 AM, James Baker <[email protected]> wrote:
Hi,
Apache Tika is licensed under the ASL2 license, but a number of it's
dependencies aren't - for example Java UnRar is licensed under the UnRar
license.
Can someone explain to me how this works? If I am looking at releasing my own
software that is dependent on Tika, can I release it under ASL2 or do I also
need to take into account the licenses of the sub-dependencies?
Thanks,
James
