On Thu, Feb 14, 2008 at 12:07 AM, Andrew McIntyre <[EMAIL PROTECTED]> wrote: > > > Not sure that's correct, the proposed policy indicates an entry in the > > NOTICE file is required. > > > > </snip> > > > > > http://people.apache.org/~rubys/3party.html > > Both the previous version of the policy and this one fail to address > whether access via Subversion to a library licensed under a > non-authorized license (i.e. anything besides a class A license in the > policy linked above) is distribution and thus requires addition of > notice to the NOTICES file. This is an important question, one worth > getting an definitive answer for, but one which I currently don't have > the time to chase down. Such libraries are already available via > Apache's Subversion server without such notice, demonstrated by the > links in my previous mail.
Well, well. As it so happens, just last month there was a discussion of this on legal-discuss. See [1], [2], [3], [4], [5], and [6]. >From [1]: "It needs to be in subversion when a third-party something that requires such a notice is also within subversion." >From [2]: "Our subversion is published within our own development groups and made accessible to third-parties via svn externals. That publication (even without a formal release) is still under the terms of our license, and because the ASF requires a couple lines in NOTICE for all of our projects, the LICENSE and NOTICE files must be in subversion (typically at the level under trunk). The contents are based on the source code within that tree." >From [3]: "It is sufficient to assume that people understand hierarchies..." >From [4]: "Especially if the project has a link on their developer's "how to obtain the latest sources from subversion" info page. There you have documented how to obtain these *unreleased* sources, and the license and providence (notice) needs to be especially clear about what they've checked out or exported." >From [5]: "But, if someone were to argue that svn was a distribution, we'd like to be able to respond, as a backup, that, even if someone mistakenly thought that svn was intended as a distribution, they still got a LICENSE and NOTICE file and should still respect them." And, well pretty much the whole of [6], but for now: "Contrawise, it's exactly the policy and a good statement of why it exists; and as you point out it's worth adding to a document somewhere." So, while not a part of the official policy on the matter, the not-so-unofficial policy is that if you check it into Subversion, follow the NOTICE requirements as if it were a release, since Subversion is publication (from [2]) while not necessarily distribution. The fact that other projects aren't following this exactly is no excuse for Derby not to be diligent in light of the discussion above. So, if you want to check junit.jar in to the repository, it should be ok. Just be sure to follow the requirements in the policy linked above, as junit.jar is a Class B licensed artifact according to that policy. Once that has been followed, it should also be acceptable for us to include it in an official release, since if the policy has been followed to the letter, all necessary legal requirements should be satisfied. Crossing my fingers I didn't mess up the citations, and also I'm not a lawyer, etc., etc., andrew [1] http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200801.mbox/[EMAIL PROTECTED] [2] http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200801.mbox/[EMAIL PROTECTED] [3] http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200801.mbox/[EMAIL PROTECTED] [4] http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200801.mbox/[EMAIL PROTECTED] [5] http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200801.mbox/[EMAIL PROTECTED] [6] http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200801.mbox/[EMAIL PROTECTED]
